what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 427 RSS Feed

Files Date: 2014-02-01 to 2014-02-28

Apple Security Advisory 2014-02-21-1
Posted Feb 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-21-1 - iOS 6.1.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

tags | advisory
systems | apple, ios
advisories | CVE-2014-1266
SHA-256 | 5ff242039ba1164c5154f5b9eca7a76ae9b70fea05b0d0ef8d9136918a22e3f7
Red Hat Security Advisory 2014-0204-01
Posted Feb 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0204-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
SHA-256 | b67208dcdf210c09e5b4aed78b79095618e66ddc70d9229c3e0746396ac3abdb
Apple Security Advisory 2014-02-21-3
Posted Feb 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-21-3 - Apple TV 6.0.2 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

tags | advisory
systems | apple
advisories | CVE-2014-1266
SHA-256 | dd231ddc63d5bd4e78ec35443cb800485be3539a4ef4d9b0848ea0b76b742225
Savsoft Quiz Cross Site Request Forgery
Posted Feb 24, 2014
Authored by TUNISIAN CYBER

Savsoft Quiz suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2303cca1251931c791c673983e97fde38714e38eee850a8e9e07cfc1e5240d7e
Lynis Auditing Tool 1.4.3
Posted Feb 24, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds support for ClearOS, data uploading for Lynis Enterprise users (--upload), a debug variable (and parameter), and a license_key option in the profile. It also has several fixes, and the report has been extended with some additional hints.
tags | tool, scanner
systems | unix
SHA-256 | 2c23bb33ec405502f1cf2302380570aa95d9dac1c3250e2d5c6f07200862307d
PHP Secure Communications Library 0.3.6
Posted Feb 24, 2014
Authored by Jim Wigginton | Site phpseclib.sourceforge.net

PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.

Changes: Minor bugfixes. Adds preliminary support for custom SSH subsystems. Adds ssh-agent support.
tags | php, library
SHA-256 | f04f1ebc8b999854c18a799dd59b76c84c87c104a095d78d9f1473fdebb25989
Debian Security Advisory 2867-1
Posted Feb 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2867-1 - Several vulnerabilities were discovered in otrs2, the Open Ticket Request System.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1471, CVE-2014-1694
SHA-256 | add38397d641158072ed0535ee9bae0d24e191990da4d7231da74ebcb6e627d6
Ubuntu Security Notice USN-2120-1
Posted Feb 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2120-1 - Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
SHA-256 | 039ef81162af14d534e58d3e4c726daecdff46174ce77ce12a5dd6bd5a3dade4
Github Remote Command Execution
Posted Feb 24, 2014
Authored by joernchen

Github suffered from a remote command execution vulnerability via variable injection.

tags | exploit, remote
SHA-256 | 9f7a407ba51e7296ee3742308b11d9a6e7b6f2bcb28af5feb69321525261aeef
Joomla JoomLeague 2.1.12 XSS / XML Injection
Posted Feb 24, 2014
Authored by MustLive

Joomla JoomLeague plugin version 2.1.12 suffers from cross site scripting and XML injection vulnerabilities.

tags | exploit, vulnerability, xss, xxe
SHA-256 | af5baf2b9503bc98d029f951219f69ea3093ae597aa850367a0c41e1d206e812
CISTI 2014 Call For Papers
Posted Feb 24, 2014
Site aisti.eu

The Call For Papers for CISTI'2014, the 9th Iberian Conference on Information Systems and Technologies, has been announced. It will be held June 18th through the 21st, 2014 in Barcelona, Spain.

tags | paper, conference
SHA-256 | 8577694e14454fa46996f136fc909f2b4de343843acde2aa25d46bb4ecf75696
MyBB 1.6.12 SQL Injection
Posted Feb 24, 2014
Authored by Mr.XpR

MyBB version 1.6.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6b0bf9b1bf870f7fbd330b2583ee19deb7b9bbb829e547b505627bd44daf59cd
Barracuda Networks WebFilter Script Insertion
Posted Feb 24, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

WebFilter Appliance Web-Application version 6.0.1.009 suffers from a script insertion vulnerability.

tags | exploit, web
SHA-256 | adaa2afa748caa2424e3ebe222836d0e1df898d7d7975534838213e4b4dc9f4d
FreePBX 2.x Remote Command Execution
Posted Feb 24, 2014
Authored by i-Hmx

FreePBX versions before 2.3 suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 1b6ab5d6eea2edb5fba249fb2cfe50bfe3208ae7e99bf070ba3cfb23ec2b8e63
Symantec Endpoint Protection Manager Remote Command Execution
Posted Feb 23, 2014
Authored by Chris Graham

Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected.

tags | exploit, remote
advisories | CVE-2013-5014, CVE-2013-5015
SHA-256 | 1230fa397327e1f414c650a845b08b3ed515236c94fa13a2c1c80e976a099209
Mini HTTPd 1.21 Stack Buffer Overflow
Posted Feb 22, 2014
Authored by TheColonial

Mini HTTPd version 1.21 stack buffer overflow POST exploit for Windows XP SP3.

tags | exploit, overflow
systems | windows
SHA-256 | 6b9603bbda9cff25f4c22bcdc841389ee80652a11577c40f599cd58da168b97b
SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write
Posted Feb 22, 2014
Authored by Mohamed Shetta

SolidWorks Workgroup PDM 2014 SP2 suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
SHA-256 | 5031db0895f8f86ccfac8994d8fada3d4c9910fce53ab7ccc8b1fed2ed1b9fb1
Subrion 3.1.1 Cross Site Request Forgery
Posted Feb 22, 2014
Authored by TUNISIAN CYBER

Subrion CMS 3.1.1 cross site request forgery exploit that adds an administrator.

tags | exploit, csrf
SHA-256 | 196ea2067b8fb16e7b8e88f1764e7c86b7d128377d20d4d793de983e73a095dc
Debian Security Advisory 2866-1
Posted Feb 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2866-1 - Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1959
SHA-256 | 267bbb9a2b3339b537b0cb41a2ddf6033c2c06e9019ecfde71c400bd8e04dd45
Telligent Evolution 7.5.0.32466 Cross Site Scripting
Posted Feb 22, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Telligent Evolution version 7.5.0.32466 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1223
SHA-256 | ebf39516b15980bbdcc0d874db8a1a9772574ad44c2a961fd0d64eb09c67ff3e
GoldenEye HTTP Denial Of Service Tool 2.1
Posted Feb 22, 2014
Authored by Jan Seidl | Site wroot.org

GoldenEye is an HTTP/S Layer 7 denial of service testing tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

Changes: Referer strings from search engines now only domain part hardcoded. Referer generation function now generates even more random referers. Evades Juniper Netscreen signature. Various other updates and improvements.
tags | tool, web, denial of service
SHA-256 | 80e0d5a7dde9e0323ed3e02e1089d03713fff0ff8625d27a202e927517f4fac8
44CON 2014 Call For Papers
Posted Feb 22, 2014
Site cfp.44con.com

The 44CON 2014 Call For Papers has been announced. 44CON is the UK's largest combined annual Security Conference and Training event. Taking place on the 11th and 12th of September at the ILEC Conference Centre near Earls Court, London, they will have a fully dedicated conference facility, including catering, private bar and daily Gin O'Clock break.

tags | paper, conference
SHA-256 | 6bc536a50e23a496e3230d06a708b5250cdf7295a20a23091f6f4ba6bae6f2b9
CMSMadeSimple 1.11.10 Cross Site Scripting
Posted Feb 22, 2014
Authored by HauntIT

CMSMadeSimple version 1.11.10 suffers from fourteen cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a5774bb267898276c4969bdf9b9b4b4526766ff535c3954c1cd6596f037ea7fa
IBM BPMS 8.0.0.1 Privilege Escalation / Disclosure
Posted Feb 22, 2014
Authored by 0in

IBM BPMS version 8.0.0.1 suffers from account reconfiguration, privilege escalation, and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 5bc100973e8ede6772241ce111902e09ddd52ed35ab950dc88c83434e0e6ca4f
ILIAS 4.4.1 Cross Site Scripting / Shell Upload
Posted Feb 22, 2014
Authored by HauntIT

ILIAS version 4.4.1 suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | c0661e7076cb96d3a4d5d6f668620a2b19c64b24aebb226ce42ff039d7da7091
Page 4 of 18
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close