what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-05-20 to 2014-05-21

HP Security Bulletin HPSBGN03007
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03007 - A potential security vulnerability has been identified with HP IceWall MCRP and HP IceWall SSO. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-2604
SHA-256 | efb991644ef78dc252a79e960261969be05afaad1b9be719585683b5ad015725
HP Security Bulletin HPSBMU03022 3
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 3 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 8f9087315afcbac376a9d94829c09203bb41b0d59eacf16f29ed2914592cfcdf
Perseus' Java Hopper Cross Site Scripting
Posted May 20, 2014
Authored by Renzi

Perseus' Java Hopper suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, java, xss
SHA-256 | 1a952079b2e021364160e3158865b9764b672b7331c8c743654ad542bcd9340b
Lynis Auditing Tool 1.5.3
Posted May 20, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds additional auditing support for SuSE and others. It includes support for the Zypper package manager, including package gathering and checking for vulnerable packages. Several others tests related to AIDE, NTP, and the kernel have been improved.
tags | tool, scanner
systems | unix
SHA-256 | b39b902fe75b208b7996e76eeab3989f6ddf6dd4afc0b14175167b32b897e8b6
Symantec Workspace Streaming Arbitrary File Upload
Posted May 20, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.

tags | exploit, remote, arbitrary, root, code execution
systems | windows
advisories | CVE-2014-1649
SHA-256 | cb1b416c6a81192072db5387c939127cc89639e3ba035c140a68125e64bbc407
AoA MP4 Converter 4.1.2 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | cd63ce9472faafdf4e2e783946b14d6f167f018ab91f2599cfb2ebd6900462a4
SafeNet Sentinel Directory Traversal
Posted May 20, 2014
Authored by Matt Schmidt

SafeNet Sentinel Protection Server versions 7.0 through 7.4 and Keys Server versions 1.0.3 through 1.0.4 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2007-6483, OSVDB-42402
SHA-256 | 44d8d12aafec471f9f40aac23224aaabaa726ad6187322040baee9fe298880fc
Oracle JavaMail SMTP Header Injection
Posted May 20, 2014
Authored by Alexandre Herzog

JavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Versions 1.4.5 and 1.5.1 were found vulnerable.

tags | exploit, arbitrary
SHA-256 | 405fd5ea751ac4705c07542a270ee08ffee8bea6e4c25464024c27431b045351
Apple Security Advisory 2014-05-16-1
Posted May 20, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-05-16-1 - iTunes 11.2.1 is now available and addresses a security issue. Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.

tags | advisory
systems | apple
advisories | CVE-2014-1347
SHA-256 | 1e857140974b6a2cba7cdf4afaf97bcf0ca7211a33d794ddd92936f0ea523187
t2'14 Call For Papers
Posted May 20, 2014
Site t2.fi

The t2'14 Call For Papers has been announced. It will take place October 23rd through the 24th, 2014 in Helsinki, Finland.

tags | paper, conference
SHA-256 | ef6b6c12bbf3711873192edb0d31920ef1741fd86738393d5dd9eabeacd0fb40
Clipperz Password Manager Code Execution
Posted May 20, 2014
Authored by Manish Tanwar

Clipperz Password Manager suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | a389dff208c61b443364f2e6e4129153bf3222246ff2df01244a949c8e244afe
Hook Analyser Malware Tool 3.1
Posted May 20, 2014
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: In this build, significant changes have been made to static malware analysis (option #3) and Cyber threat intelligence (option #6) modules, along with addition of a new module - batch analysis (option #7).
tags | tool
SHA-256 | 2b359846b73883d71d48cf30b1de7ed29f76ffe6378eab910e62d879a5dffbec
AoA Audio Extractor 2.3.7 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | dcf9cf1e13d58871d2e0e4bc3827849243e29adbcd9d4d52281ed0f2d1705f6c
Bypassing SSL Pinning On Android Via Reverse Engineering
Posted May 20, 2014
Authored by Denis Andzakovic | Site security-assessment.com

This whitepaper details the steps taken to unpack an application, locate the pinning handler, patch and repack. The techniques detailed in this whitepaper may also be used to achieve other goals when hacking Android applications.

tags | paper
SHA-256 | b380448797b174e0ef5426b8ceaf08d03d726e7add0c4fa1576aecd5d4c6dc55
CyberLink Power2Go Essential 9.0.1002.0 Overflow
Posted May 20, 2014
Authored by Mike Czumak

CyberLink Power2Go Essential version 9.0.1002.0 suffers from a registry SEH/unicode buffer overflow vulnerability.

tags | exploit, overflow, registry
SHA-256 | c4ad3ea0e0cf296b67878e6a6773f715ce52a1c11772efc0549219c883df125a
AoA DVD Creator 2.6.2 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | 2f31adef0c26503f7dcc55055e82e81b9c030906ddfc9884aac7a7f920f2863e
HP Security Bulletin HPSBHF02946 2
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02946 2 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2013-5987
SHA-256 | 1a1f5a30071511664a0697b6d00c81b1609e84a81d6a433fb1760f8208dd1135
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close