what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-03-14 to 2014-03-15

Free Download Manager 3.x Buffer Overflow
Posted Mar 14, 2014
Authored by Julien Ahrens | Site rcesecurity.com

Free Download Manager versions 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and possibly others are affected by a stack-based buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, proof of concept
advisories | CVE-2014-2087
SHA-256 | d757234aa82969bb55c4498cb2fc25d5a4f629a3efd5fc1a69edf4175c7a988a
SeedDMS XSS / Traversal / Shell Upload
Posted Mar 14, 2014
Authored by Craig Arendt

SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, file inclusion
advisories | CVE-2014-2278, CVE-2014-2279, CVE-2014-2280
SHA-256 | 7222df803d22b5fb30d93e08afd977dc6a9b8b835ad9c5ef8d67af0e94f245cb
HP Security Bulletin HPSBMU02975
Posted Mar 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02975 - A potential security vulnerability has been identified in HP Smart Update Manager for Linux version 5.3.5. The vulnerability could be exploited to allow an elevation of privileges on the target system. Revision 1 of this advisory.

tags | advisory
systems | linux
advisories | CVE-2013-6208
SHA-256 | 80b9684119823368861ac1a55ecf2583944cd93bec40ace432f5fbd7eac8f41d
MicroP 0.1.1.1600 Buffer Overflow
Posted Mar 14, 2014
Authored by Necmettin COSKUN

MicroP version 0.1.1.1600 local stack buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | d735cfe03abbf2db0ad8bf6acb6c8b51b1ff05643f2c5d19f0eb3fdc5a3d7f61
WatchGuard XTM 11.8 Cross Site Scripting
Posted Mar 14, 2014
Authored by William Costa

WatchGuard XTM version 11.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ba1a39b06837912987c84d2e2f37b55c4b8fa9bab0cd2a40903637fbd5714e5d
HP Security Bulletin HPSBMU02967
Posted Mar 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02967 - A potential security vulnerability has been identified with HP Unified Functional Testing Running on Windows. This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2013-6210
SHA-256 | cf2d725ac72d50909e306f487cc4ca1305478a75311883f1955aef3d6587f353
Red Hat Security Advisory 2014-0294-01
Posted Mar 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0294-01 - XStream is a simple library to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not contain the vulnerable XStream library and is not vulnerable to CVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who installed an optional S-RAMP distribution as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285
SHA-256 | e94f90ed91b9b18863d01d1278cf19bff6faceda04aad0f5805835514be9048b
Red Hat Security Advisory 2014-0293-01
Posted Mar 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0293-01 - The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon. This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

tags | advisory, overflow, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2014-0004
SHA-256 | 5d90c2ffd8ed8370885c882a091d1e810658d6c9577a1d0b2a5ecd31866b6e27
Red Hat Security Advisory 2014-0292-01
Posted Mar 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0292-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This could allow them to modify configuration values, as well as read and write any data the directory holds.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0132
SHA-256 | d914aecb3f667424883407c104a1690ef4e20fc9f1cdb411a6df0195c4d01e40
Gentoo Linux Security Advisory 201403-04
Posted Mar 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-4 - A vulnerability in QXmlSimpleReader class can be used to cause a Denial of Service condition. Versions less than 4.8.5-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-4549
SHA-256 | 0a046802190aeec6c4120dcc9949be12f5b62bb9939471464f8331f6df156f20
Mandriva Linux Security Advisory 2014-061
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-061 - It was found that comments in /etc/users.oath could prevent one-time-passwords from being invalidated, leaving the OTP vulnerable to replay attacks.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-7322
SHA-256 | c6a62e06caed23c48a6e9b292f932b46cf045fc9e5a20a667fcfec9e225762a0
Mandriva Linux Security Advisory 2014-060
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-060 - Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl. The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login.

tags | advisory, web, perl
systems | linux, mandriva
advisories | CVE-2013-4279, CVE-2014-2014
SHA-256 | d7179931ea113dcaae71ae75cb498eeb6441d0deded88193dfac9bedc9b4b1b6
Mandriva Linux Security Advisory 2014-059
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7327, CVE-2014-1943, CVE-2014-2270
SHA-256 | 95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456
Slackware Security Advisory - samba Updates
Posted Mar 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4496, CVE-2013-6442
SHA-256 | aea64d7045b389cdf46050c3696732076ba95b733bd6138950d20fe7601a557e
Debian Security Advisory 2879-1
Posted Mar 14, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2879-1 - It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the recovery of the private key.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0017
SHA-256 | dd19c9d7bfff0001fbdcba76e13bb535fcc99493ea338655b5c902a52dbaadfc
Mandriva Linux Security Advisory 2014-058
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-058 - SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlm_pap module if the password source uses an unusually long hashed password.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-2015
SHA-256 | 4abd4790fbbfe3df3a6955b9c9a46d812e0b17d035f4299001798f8b1b631ef1
Gentoo Linux Security Advisory 201403-03
Posted Mar 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-3 - A vulnerability in file could result in Denial of Service. Versions less than 5.17 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-1943
SHA-256 | 7238fceca009d282fe24eef40c5d8ba46f30cc8ead687650a72876e6c883ae2d
Ubuntu Security Notice USN-2147-1
Posted Mar 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2147-1 - Beatrice Torracca and Evgeni Golov discovered a buffer overflow in mutt while expanding addresses when parsing email headers. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking mutt.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0467
SHA-256 | c01925d0c822da23c3c5d4616f125e482387423f012d0f69badc2a78a5b733df
Slackware Security Advisory - mutt Updates
Posted Mar 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mutt packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0467
SHA-256 | a31b046a39e2eab47fb09433678d91991377c09a4e251e8e58c25e8d870cf843
Joomla AJAX Shoutbox SQL Injection
Posted Mar 14, 2014
Authored by Ibrahim Raafat

Joomla AJAX Shoutbox suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 64883b00a307f31c0429ba45f2a67e2fa7f19c62dc666e414b874f3d9536979e
Trixbox Pro Remote Command Execution
Posted Mar 14, 2014
Authored by i-Hmx

Trixbox Pro suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 16c4989fd587dda06942b413211a881e0f52e9cf1be3fd56030a2eb7f44eab75
iOS 7 Arbitrary Code Execution
Posted Mar 14, 2014
Authored by Andy Davis | Site nccgroup.com

iOS 7 suffered from an arbitrary code execution vulnerability in kernel mode.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2014-1287
SHA-256 | a80dfd22eb4297c3c38e28620d240742691ea94f1473c9e9c446334c23938dff
OS X / Safari / Firefox REGEX Denial Of Service
Posted Mar 14, 2014
Authored by Maksymilian Arciemowicz | Site cxsecurity.com

Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp().

tags | exploit, denial of service
systems | apple, osx
advisories | CVE-2010-4051, CVE-2010-4052, CVE-2011-3336
SHA-256 | 8d9bccde42a49a51d60d66232f596249d63d2b6443263209bcfa4a6ea5ad5d2f
GNUboard SQL Injection
Posted Mar 14, 2014
Authored by Claepo Wang

GNUboard suffers from a remote SQL injection vulnerability in ajax.autosave.php.

tags | exploit, remote, php, sql injection
SHA-256 | 27ed72e6b9c12234ea050db92eeb684f66dbf2523f670b919e05fa9d75887ded
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close