what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 459 RSS Feed

Files Date: 2014-03-01 to 2014-03-31

rexx Recruitment Cross Site Scripting
Posted Mar 27, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the rexx Recruitment installation's domain.

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2014-1224
SHA-256 | 2b99dd93bd3ef7fa35d56eedd30ce42a17be27a43d0080a86eaa47f243c72d0b
Ubuntu Security Notice USN-2157-1
Posted Mar 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2157-1 - This updates ClamAV to a new major version in order to gain new detection technologies and maintain proper compatibility with the virus signature database.

tags | advisory, virus
systems | linux, ubuntu
SHA-256 | e939e10d723485fa7d87d05fd414e3c150f24977ecd1d8c5f7f892a15c5d3e57
ePhone Disk 1.0.2 LFI / Command Injection / DoS
Posted Mar 27, 2014
Authored by LariX4, Vulnerability Laboratory | Site vulnerability-lab.com

ePhone Disk version 1.0.2 for iOS suffers from denial of service, command injection, and local file inclusion vulnerabilities.

tags | exploit, denial of service, local, vulnerability, file inclusion
systems | apple, ios
SHA-256 | 876448f07c5c05553462fd3177290aada26c9cd5919baeae2680fd062cfff2f7
Gentoo Linux Security Advisory 201403-08
Posted Mar 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-8 - PlRPC uses Storable which allows for code execution prior to Authentication. Versions less than 0.202.0-r2 are affected.

tags | advisory, code execution
systems | linux, gentoo
advisories | CVE-2013-7284
SHA-256 | 543d28c7468a493b70182a4dead709907d9e78d7845ca1422846ad3dfd04face
Easy FileManager 1.1 Local File Inclusion / Shell Upload
Posted Mar 27, 2014
Authored by Katharina S.L., Vulnerability Laboratory | Site vulnerability-lab.com

Easy FileManager version 1.1 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | apple, ios
SHA-256 | 4b5d69b0cae3c7cd9e89f17f629e2e25283338e269c0c4155401deba8739d35b
Joomla Kunena 3.0.4 Cross Site Scripting
Posted Mar 27, 2014
Authored by Qoppa

Joomla Kunena component version 3.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5824c2fb1d088d434657130d4759d89055357306437bfbb01644799d4d520267
My Photo Wifi Share & PS 1.1 Command Injection
Posted Mar 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

My Photo Wifi Share & PS 1.1 for iOS suffers from a local command injection vulnerability.

tags | exploit, local
systems | apple, ios
SHA-256 | e53e7d5c9f0ee9f794d19da2f54e4d471361b0256775259c8d71dc2f551e08df
USB Attacks Need Physical Access Right? Not Any More...
Posted Mar 27, 2014
Authored by Andy Davis | Site nccgroup.com

NCC Group Research Director Andy Davis presented 'USB Attacks Need Physical Access Right? Not Any More...' at this year's BlackHat Asia in Singapore. Due to recent advances in a number of remoting technologies, USB attacks can now be launched over a network. The talk went into detail about how these technologies work, the resulting impact on the world of USB bugs and included a live demo remotely triggering a USB kernel bug in Windows 2012 server.

tags | paper, kernel
systems | windows
SHA-256 | 6b69c9ca16bc7b4b25c8eaf51bdad117771585a02daec7c27db6c045043dfa9c
Lazybone Studios WiFi Music 1.0 LFI / Upload
Posted Mar 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Lazybone Studios WiFi Music 1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | apple, ios
SHA-256 | 11ad45715114d7c206751facff6d0a7e57d0ce6d720031cf785b958467b939ed
Dell SonicWall EMail Security Appliance 7.4.5 XSS
Posted Mar 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Dell SonicWall EMail Security Appliance version 7.4.5 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0cfbd724c69d47de7c17ff8278ec80b9408046b5efab05889637c9e367bece9d
FTP Drive + HTTP 1.0.4 Code Execution
Posted Mar 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Gummy Bear Studios FTP Drive + HTTP Server version 1.0.4 for iOS suffers from a code execution vulnerability.

tags | exploit, web, code execution
systems | apple, ios
SHA-256 | b239f066427e1022589e0ecbdd1ac1858155184f9aae8a056e457651de06e2eb
Monoprice.com Cart Enumeration
Posted Mar 27, 2014
Authored by Jason Khanlar

Monoprice.com suffers from a shopping cart enumeration and arbitrary modification vulnerability.

tags | exploit, arbitrary
SHA-256 | 7b9f5cdc8364d0860d1cf8260917384a3a43ecb7c6e7ba1fc99e01b8224f6e12
LinEx Password Reset
Posted Mar 27, 2014
Authored by N B Sri Harsha

LinEx suffers from a remote password reset vulnerability.

tags | exploit, remote
SHA-256 | 569bcb618840b33281332aff7f027c187d8587d4ff30e0e14d3c71181a5ecbc3
Firefox For Android Information Leak
Posted Mar 26, 2014
Authored by Roee Hay

A series of vulnerabilities have been discovered in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox.

tags | advisory, vulnerability
advisories | CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516
SHA-256 | 688b048fb5365a45f0a237ef602cef2bde7a27679794b9c23fb305a9ed177a61
Beheer Systeem :: Inloggen 6.1 Command Execution
Posted Mar 26, 2014
Authored by Felipe Andrian Peixoto

Beheer Systeem :: Inloggen version 6.1 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 71ed88b33d6cfd66642d0a7f54632ba605ef5c360563a06883fe978f05d0ce06
DotItYourself 6.11.060830 Command Execution
Posted Mar 26, 2014
Authored by Felipe Andrian Peixoto

DotItYourself version 6.11.060830 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 4253076bdabe92fa1b44b078b7bea0b2a8c511f30f794954f338db88674e1a85
Debian Security Advisory 2886-1
Posted Mar 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2886-1 - Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.

tags | advisory, java, arbitrary, vulnerability, code execution, info disclosure
systems | linux, debian
advisories | CVE-2014-0107
SHA-256 | 365cf71f1731754a036810b5e0e18bedeb52a4ab1cdcd9b2eebfdb05dca50e84
Debian Security Advisory 2885-1
Posted Mar 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2885-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-2525
SHA-256 | b4999786c09114961fe601a3d66c8dd907ab9b138e0d262a4b06dbdd2543a516
Debian Security Advisory 2884-1
Posted Mar 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2884-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-2525
SHA-256 | d2d7928d1100550c07f523aba820802edcc4d3fc9f39e2823644e4c86301dc95
Cisco Security Advisory 20140326-ipv6
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, protocol
systems | cisco, osx
SHA-256 | b099cd45ced8201a847dacf48fc924497fe7165c4d908be59deb34c1e012a531
RSA Authentication Manager Cross Frame Scripting
Posted Mar 26, 2014
Site emc.com

RSA AM version 7.1 SP4 P32 contains a fix for a cross frame scripting vulnerability on the Self-Service Console. This vulnerability may allow an unauthenticated malicious user potentially to misuse frames and steal sensitive information from legitimate users of the application.

tags | advisory
advisories | CVE-2014-0623
SHA-256 | 0df87dd0239f954de0f33c622a957f03cff3e625d25c2efe137b1b777b10aa6f
Mozilla Firefox "BumpChunk" Object Processing Use-After-Free
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.

tags | advisory, web, arbitrary, code execution
SHA-256 | 8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567
Cisco Security Advisory 20140326-ios-sslvpn
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 02cb8b78d8d7e0d3900c22ebce4004b2b99138cae3c3a2a1796be9277d535a9d
Google Chrome Clipboard Format Processing Sandbox Escape
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the "Clipboard::WriteData()" function that does not restrict the value of the "format" parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. Google Chrome versions prior to 33.0.1750.154 are affected.

tags | advisory, code execution
SHA-256 | 1e839c35cc0103dc89491b813b56882dd52230a8917c7b3e18e00a97251c90dd
Google Chrome Blink "locationAttributeSetter" Use-After-Free
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the "DocumentV8Internal::locationAttributeSetter()" function when processing "document.location" objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. Google Chrome versions prior to 33.0.1750.154 are affected.

tags | advisory, web, arbitrary, code execution
SHA-256 | 64ac9a25643ea00fce3210d758ef5db14c5aa566c56da27b8f97f1377430a60f
Page 2 of 19
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close