what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-01-20 to 2014-01-21

Hackito Ergo Sum 2014 Call For Papers
Posted Jan 20, 2014
Authored by HES CFP | Site 2014.hackitoergosum.org

The Hackito Ergo Sum 2014 Call For Papers has been announced. It will be held from April 24th through the 26th, 2014 in Paris France.

tags | paper, conference
SHA-256 | e4a89cb78692d049fedd19d09c3d84b94ed218080e192eece339ea68a1390f44
Gentoo Linux Security Advisory 201401-11
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2728, CVE-2011-2939, CVE-2012-5195, CVE-2013-1667
SHA-256 | 92d8d5759a27b001185c6521fec4e8b39a433512603eecfa0564f8a319809a00
Gentoo Linux Security Advisory 201401-10
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-10 - Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. Versions less than 0.6.21 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841, CVE-2012-2845
SHA-256 | 8e049747b64ce62958b8188f01ce787852d0b8fe60a51cc5691962b2625a6ff0
Gentoo Linux Security Advisory 201401-09
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-9 - A vulnerability in Openswan could result in execution of arbitrary code or Denial of Service. Versions less than 2.6.39 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2013-2053
SHA-256 | d4e96cbeeefc87ca2407e521e745e88d0d04544a5e816c3a7aa0cb2c4f406904
Red Hat Security Advisory 2014-0045-01
Posted Jan 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0045-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method of remotely accessing Seam components from a web page, using AJAX. It was found that the ExecutionHandler, PollHandler, and SubscriptionHandler classes in JBoss Seam Remoting unmarshalled user-supplied XML and resolved external entities in this XML. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML External Entity attacks.

tags | advisory, java, remote, web, xxe
systems | linux, redhat
advisories | CVE-2013-6447, CVE-2013-6448
SHA-256 | 5182752535401efe3bedbcfe692f9abf8cfcd81266bb6f49bb17b538b10c8704
Red Hat Security Advisory 2014-0044-01
Posted Jan 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0044-01 - Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-6412
SHA-256 | bcc04e71dd127335ad1d05c553fa9c6e4d71e2879bd3aaf659b42e8e40dbf8a0
Red Hat Security Advisory 2014-0043-01
Posted Jan 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0043-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-0591
SHA-256 | 234078fe16c6ddf238e34a309eb50b41a8acaa76c37365c6d163ec0c9934835e
Mandriva Linux Security Advisory 2014-012
Posted Jan 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-012 - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2013-1740
SHA-256 | b89f1b4a4e243ae1667aaeb1c78d43bed14afd1547721ce92ea804fd904255b6
Mandriva Linux Security Advisory 2014-011
Posted Jan 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-011 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys. The updated packages provides a solution for these security issues.

tags | advisory, java, vulnerability, xxe
systems | linux, mandriva
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428
SHA-256 | b0d7eb9b9f33d4066272ecfbbec9f2e56cb4eb2af0a63f451f9dbfe4e7a36e50
Gentoo Linux Security Advisory 201401-14
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422
SHA-256 | db468e099ee0183090e4d1c7e60955a697fc5a4848c7ebb9fdb2c66ab4bb731a
Gentoo Linux Security Advisory 201401-13
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-13 - Multiple vulnerabilities have been found in VirtualBox, allowing local attackers to escalate their privileges or cause a Denial of Service condition. Versions less than 4.2.22 are affected.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3221, CVE-2013-5892, CVE-2014-0404, CVE-2014-0405, CVE-2014-0406, CVE-2014-0407
SHA-256 | 6d2ece62ea5369425ee50f1c0be7833961be531fb3bbd68835b9e7eece595cd3
Gentoo Linux Security Advisory 201401-12
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-12 - Multiple vulnerabilities have been found in GNUstep Base library, the worst of which allow execution of arbitrary code. Versions less than 1.20.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1457, CVE-2010-1620
SHA-256 | 4b51e771e759f04f2f89772e3d70ac0566ae216c477a4fdcf124150996355f97
BlueCom 5360/52018 Password Reset
Posted Jan 20, 2014
Authored by Kai

BlueCom router model 5360/52018 remote password reset exploit.

tags | exploit, remote
SHA-256 | 1df37516e18bbd05eb9e2493cc89692b26c7b3fde30f10df5fca3d6f671c146f
Doodle4Gift Cross Site Scripting
Posted Jan 20, 2014
Authored by Dr.NaNo

Doodgle4Gift suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | ac6ed020a4de6c84c32ac4a848e07ddc0e3714af223ce17889e8945c33933635
Cookies
Posted Jan 20, 2014
Authored by F4RY4R_RED

This is a whitepaper discussing the use of cookies. Written in Persian.

tags | paper
SHA-256 | 876b721cfce59078081bee0f96df5067acad3fcdadc2c66fc1e1dee1cb2e1735
Autoresponder PRO Cross Site Scripting
Posted Jan 20, 2014
Authored by TUNISIAN CYBER

Autoresponder PRO suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6a72d5a41181acd1f73aa228461069b1ffc5eb74580dddd878aed9a261d39726
Teracom Modem T2-B-Gawv1.4U10Y-BI Cross Site Scripting
Posted Jan 20, 2014
Authored by Rakesh S

Teracom Modem version T2-B-Gawv1.4U10Y-BI suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8b0e8f3c15cb36092bab48e7be96a0d9a24619bc1cf953f44183dde5a9dc286a
WordPress Social Ring 1.1.9 Cross Site Scripting
Posted Jan 20, 2014
Authored by Ashiyane Digital Security Team

WordPress Social Ring plugin versions 1.0 through 1.1.9 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f2bc5ff0e51408bc5046a10752b236f95ce7898e362f2b13bd030293f6144837
WordPress Global Flash Galleries File Upload
Posted Jan 20, 2014
Authored by Ashiyane Digital Security Team

WordPress Global Flash Galleries plugin suffers from an arbitrary file upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, arbitrary, file upload
SHA-256 | 2dd83399faca3e5d1e36f0966e5019a64279821bcb41fc8ebfee2cd41cd4b56f
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close