exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-01-31 to 2014-01-31

OpenSSH 6.5p1
Posted Jan 31, 2014
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is a feature-focused release. New features include new ciphers and key types, a new private key format, and rejection of connection requests from old insecure clients. There are also a number of bug fixes.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | a1195ed55db945252d5a1730d4a2a2a5c1c9a6aa01ef2e5af750a962623d9027
Ubuntu Security Notice USN-2096-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2096-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
SHA-256 | 3642a965005a189450ebb9a7da63b4405f4feb956e8633f63544fba0c47da057
Debian Security Advisory 2849-1
Posted Jan 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2849-1 - Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-0015
SHA-256 | e4374fce83aed240b963cb7cda80af3bb13e0f47110d7536c46a7b643757f807
Ubuntu Security Notice USN-2095-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2095-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
SHA-256 | ca8a6e458cf823bb6dbd65dc2b895cf52f5e38bd8da50a892074bcbfa99a76b9
Joomla JomSocial 2.6 Code Execution
Posted Jan 31, 2014
Authored by Matias Fontanini, Carlos Gaston Traberg

Joomla JomSocial component version 2.6 remote PHP code execution exploit.

tags | exploit, remote, php, code execution
SHA-256 | ea1422d55f32ea2f21fe3bfa98a8a970fd3b75fcef135c089e38f1464c28a72b
TopicsViewer 3.0 Beta 1 SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

TopicsViewer version 3.0 Beta 1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 48dee20e05e6227d7032a46cb6020f6d577fcadffa33738daaabfd47613727f5
Ubuntu Security Notice USN-2094-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2094-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
SHA-256 | faa4dd51c8b2fc6a08a0eacbf4b60dad67d7f8c44bca960b5e7b6ee945035133
Linux 3.4+ recvmmsg Proof Of Concept
Posted Jan 31, 2014
Authored by Kees Cook

Linux 3.4+ recvmmsg x32 compat proof of concept exploit.

tags | exploit, proof of concept
systems | linux
SHA-256 | 5662db3459ebcd5e6569adefd8e89c500d6c4b915e1d0af5b4ab442214e7b017
Jobsite Logo Cross Site Scripting / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | f5b281fa23163ff33cd4204b0ebdddfa490fec4c9fcb6e65a4b8ada7918abb2c
Booking Calendar PHP CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Booking Calendar PHP suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection, csrf
SHA-256 | 960acaa17357d30d3a772a036e2375e6767ea24edc21a4bd4950e8b6f6323648
Eventy Online Scheduler 1.8 CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | adc6db576bd5a7faa15c3609f25e879996a7872f76654e872bb6c611a44d8a5b
WordPress Contact Form 7 3.5.3 Shell Upload
Posted Jan 31, 2014
Authored by MustLive

WordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.

tags | advisory, remote, shell
SHA-256 | a9b2be4594160bcca7766b6d73934f9f3c1a86a30c2cc6b9f5ee48d581468d96
Newtontree IT Services SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | d1207b580f63cb7e7eabc1d92f90e1a63599ba5e12d2adb4191941c87e6ceac5
Ubuntu Security Notice USN-2092-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2092-1 - Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2013-4344, CVE-2013-4375, CVE-2013-4377, CVE-2013-4344, CVE-2013-4375, CVE-2013-4377
SHA-256 | a805b7c2b775979752f92df1d19d0c1c355c2e1f45538b4ccadf8116e6353ce4
Ubuntu Security Notice USN-2093-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2093-1 - Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028, CVE-2014-1447, CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028, CVE-2014-1447
SHA-256 | 032ca50e203209008802c8c3ca9a824cd426e58b63c9f66f362b20a90858c799
Red Hat Security Advisory 2014-0124-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
SHA-256 | 6b5de573b4efbf33e08e0dd89c9ba0e4332d534ab60be7b5382c9263c949b033
Red Hat Security Advisory 2014-0113-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0113-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was discovered in the way the LDAP backend in keystone handled the removal of a role. A user could unintentionally be granted a role if the role being removed had not been previously granted to that user. Note that only OpenStack Identity setups using an LDAP backend were affected. All openstack-keystone users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-4477
SHA-256 | 4ed18adab99d93bc8ef3094e04168b8b3fbc0330b8728fb4595ecc73eb7dca15
Red Hat Security Advisory 2014-0112-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4463, CVE-2013-6491
SHA-256 | a9c329772cd7af8395cafb1ec06bc13482d54fac734c4e696e1724b928aaabec
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close