exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 38 of 38 RSS Feed

Files Date: 2014-05-01 to 2014-05-02

Red Hat Security Advisory 2014-0455-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0455-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was found that Sheepdog, a distributed object storage system, did not properly validate Sheepdog image URIs. A remote attacker able to insert or modify glance image metadata could use this flaw to execute arbitrary commands with the privileges of the user running the glance service. Note that only OpenStack Image setups using the Sheepdog back end were affected.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-0162
SHA-256 | 6742d22cce7e241d904d9742eb322679dc44953bfd72c6ad4fbddf48cf2f2b9a
Red Hat Security Advisory 2014-0457-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0457-01 - The Django web framework is used by horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A flaw was found in the way Django's reverse() URL resolver function constructed certain URLs. A remote attacker able to request a specially crafted view from a Django application could use this flaw to import and execute arbitrary Python modules on the system under the privileges of the user running the application. It was found that Django's caching framework reused Cross-Site Request Forgery nonces for all requests from unauthenticated clients. A remote attacker could use this flaw to acquire the CSRF token of a different user and bypass intended CSRF protections in a Django application.

tags | advisory, remote, web, arbitrary, python, csrf
systems | linux, redhat
advisories | CVE-2014-0472, CVE-2014-0473, CVE-2014-0474
SHA-256 | 1c5de234299b01654c159b4821380dc69ec031a26258631ae3e1ed304d8096fb
Red Hat Security Advisory 2014-0453-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0453-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0107
SHA-256 | 036537d0f9248f68b6e3782482fd307b11cef6966a7555daf7398a4b8cca7a72
Red Hat Security Advisory 2014-0452-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0452-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6440, CVE-2013-7285, CVE-2014-0002, CVE-2014-0003, CVE-2014-0050
SHA-256 | 03f37430604f6239ba0ee36444a97249c1e5a6d314e1df68fde5bc819458ad41
Red Hat Security Advisory 2014-0454-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0454-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0107
SHA-256 | 7c528ed85f956853bf119fca7e12fdba6f8f061727674dfa38275cfb39a81896
Ubuntu Security Notice USN-2184-2
Posted May 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2184-2 - USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. Frederic Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
SHA-256 | 7a770e77e81034bf7b5eb51d39b907d6fdad57e4348a7a863b6447c50ae764d3
Ubuntu Security Notice USN-2186-1
Posted May 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2186-1 - It was discovered that the Date and Time Indicator incorrectly allowed Evolution to be opened at the greeter screen. An attacker could use this issue to possibly gain unexpected access to applications such as a web browser with privileges of the greeter user.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2013-7374
SHA-256 | 102e40cc50e56da338396da621ff3d584ad9b5c277ec68a741327d108cbd866f
Slackware Security Advisory - mozilla-thunderbird Updates
Posted May 1, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 4b18d47f72ea43e85632ddc6ecb93e665c1228dea4441e2705ddfcbcf2706a7e
Debian Security Advisory 2918-1
Posted May 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2918-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.

tags | advisory, denial of service, overflow, arbitrary, xss
systems | linux, debian
advisories | CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
SHA-256 | 1f3b8414c42d1cd48ad738b19809a10a98093c643d3bcd3b281fa29856a7204e
Red Hat Security Advisory 2014-0449-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0449-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
SHA-256 | a52dde267c22507702855c506a072f4c51fecee367079af216d30e48dfe59a39
CGILua 5.x Predictable Session Identifier
Posted May 1, 2014
Authored by Felipe Daragon | Site syhunt.com

A vulnerability in the session library that ships with CGILua since version 5.0 beta may allow remote attackers to easily and quickly guess valid session IDs generated by a Lua web application and perform session hijacking.

tags | advisory, remote, web
advisories | CVE-2014-2875
SHA-256 | d47d6ee8b23d4dfc00517ad05df39563c3ec959859f6a90ece46d4098f19ee5c
WordPress WP-Affiliate Platform Cross Site Scripting
Posted May 1, 2014
Authored by Felipe Andrian Peixoto

WordPress WP-Affiliate-Platform plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 48dadc2ec1035f7421b730c1f4e0f9a7910669552dc9b64220fbe2f4a42df896
ChromeFreak Forensic Tool
Posted May 1, 2014
Authored by Osanda Malith

ChromeFreak is a python script that lets you look at history, downloads, bookmarks, and cookies for a given Chrome client.

tags | tool, python, forensics
SHA-256 | 04ef8fca4c69d704bdadc41914416652c14a94a72450dca294bcd9fe0180976d
Page 2 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close