what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-06-13 to 2014-06-14

Yealink VoIP Phone SIP-T38G Remote Command Execution
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2013-5758
SHA-256 | fb2d80104f51da4001d9597a2f431e1b861c30293aeaced550b6f80f066ce184
Yealink VoIP Phone SIP-T38G Local File Inclusion
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2013-5756
SHA-256 | cdc9dbf82ea7c6a98f1f7d9faad5ded1b55062cea0fa71540e7fd8b59aaaa707
Yealink VoIP Phone SIP-T38G Default Credentials
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from having default credentials that are also easily guessable.

tags | exploit
advisories | CVE-2013-5755
SHA-256 | c72f40bbfb9a4b85330815612963afc4e28e8964dcbb6b15b66483af237fa725
Yealink VoIP Phone SIP-T38G Privilege Escalation
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from a remote privilege escalation vulnerability that gains a root shell.

tags | exploit, remote, shell, root
SHA-256 | 7c44a1a9f61f69ae042bf1629987bc2859ef4cae78be693127d1d81214dfd2ce
Apache Hive 0.13.0 Authorization Failure
Posted Jun 13, 2014
Authored by Thejas Nair

Apache Hive version 0.13.0 suffers from an authorization failure issue. In SQL standards based authorization mode, the URIs used in Hive queries are expected to be authorized on the file system permissions. However, the directory used in import/export statements is not being authorized.

tags | advisory
advisories | CVE-2014-0228
SHA-256 | 61ed4103a143c74a694ee44973c4370db7fea80bb79bfce00f4a89e58f49ccb0
Asterisk Project Security Advisory - AST-2014-008
Posted Jun 13, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.

tags | advisory
advisories | CVE-2014-4048
SHA-256 | e21cdaf3769c98aa4d94fbad230c4dee902998f19cff528885690e12ebe7363a
Asterisk Project Security Advisory - AST-2014-007
Posted Jun 13, 2014
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked.

tags | advisory, web, tcp
advisories | CVE-2014-4047
SHA-256 | e6779aabe2219ce71ab967736150fa4798031e2d5a8f66d132a104297bd2b824
Asterisk Project Security Advisory - AST-2014-006
Posted Jun 13, 2014
Authored by Jonathan Rose, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process.

tags | advisory, arbitrary, shell
advisories | CVE-2014-4046
SHA-256 | 930cf84fa176bf5c4db20b34cce8c5d33a35ed70742265a86ef2b9f3ab699974
Asterisk Project Security Advisory - AST-2014-005
Posted Jun 13, 2014
Authored by John Bigelow, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.

tags | advisory
advisories | CVE-2014-4045
SHA-256 | 6b85765fc735a00c686484dac76731431461bf16a925d2e52ab0d28b8d4331fe
HP Security Bulletin HPSBUX03046 SSRT101590
Posted Jun 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03046 SSRT101590 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | d75f304dc6572576f762b5741032d4dc9efdd2bc7c88b604e7c4c29467b6abe9
HP Security Bulletin HPSBST03016 4
Posted Jun 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03016 4 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | c824c58a9d51692dcb8aa9df7c86fb0c1822c96d29fe3b750299904ddbb92a55
Debian Security Advisory 2958-1
Posted Jun 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2958-1 - Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0478
SHA-256 | 19296d16249771950faaee28768d0a874401c3af83973d3af7aa27529ec405ce
Debian Security Advisory 2957-1
Posted Jun 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2957-1 - Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack.

tags | advisory, javascript, xss
systems | linux, debian
advisories | CVE-2014-3966
SHA-256 | 19b4e0e8cff7a78116f8653d8bbc33fdb71622b5dead1492c49e96bcb9629e9f
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jun 13, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 917831245636b0494aead175e3a3bcce86546142c7f17d17b69b3c2a8be81145
PostgreSQL 8.4.1 Denial Of Service Integer Overflow
Posted Jun 13, 2014
Authored by Bernt Marius Johnsen

PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability.

tags | exploit, denial of service, overflow
advisories | CVE-2010-0733, OSVDB-63208
SHA-256 | 9db855da789a69d025877c1caa3bc529eab23d8f2f93cbb52a56e90ac26c8bba
Yealink VoIP Phones XSS / CRLF Injection
Posted Jun 13, 2014
Authored by Jesus Oquendo

Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and hardware version 28.2.0.128.0.0.0.

tags | exploit, vulnerability, xss
advisories | CVE-2014-3427, CVE-2014-3428
SHA-256 | 5877e5e599e1ec8f3252efb057e48af4340a62c662c79b06e1baef4de7a15174
Ubuntu Security Notice USN-2232-2
Posted Jun 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-2 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | d49b4026ed9759b0d6b4bb639439c57eca0db6792111a2adef6eb775ea9133f0
Ubuntu Security Notice USN-2245-1
Posted Jun 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2245-1 - Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-6370, CVE-2013-6371
SHA-256 | a57ea49884c6cf0f8ea45672c161cc7b8c6f2ed0c6eee532aa167162dcba60d9
Lynis Auditing Tool 1.5.6
Posted Jun 13, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds PHP related tests (e.g. register_global), several improvements of existing functions, and new report values (plugins_enabled, session_timeout_enabled and session_timeout_method). Some smaller improvements have been applied.
tags | tool, scanner
systems | unix
SHA-256 | e74e97acc0d02ba2701034c10231edd9ae527398c25e6f1c669109f614c933ca
ZTE / TP-Link RomPager Denial Of Service
Posted Jun 13, 2014
Authored by Osanda Malith

ZTE and TP-Link RomPager denial of service exploit. Written in Python.

tags | exploit, denial of service, python
SHA-256 | b847f56fc5a8eaa3c354049c5a4f08bba8048b56a1c096a063b2c0489b2dacdc
Core FTP LE 2.2 Heap Overflow
Posted Jun 13, 2014
Authored by Gabor Seljan

Core FTP LE version 2.2 suffers from a heap overflow vulnerability.

tags | exploit, overflow
SHA-256 | ead49735f50318542245f54c6d25ec0dd04028d80682db796236c4da0d1082ff
Plesk 10.4.4 / 11.0.9 XXE Injection
Posted Jun 13, 2014
Authored by z00

Plesk versions 10.4.4 and 11.0.9 XXE injection exploit.

tags | exploit, xxe
SHA-256 | a888af2afa6a4a2e8c49d9d0384d86c3420acad12ed0440f2a3ebf119774860e
SHOUTcast DNAS 2.2.1 Cross Site Scripting
Posted Jun 13, 2014
Authored by robercik101

SHOUTCAST DNAS version 2.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3080f8605c59820781061cf338116d804dc3126e08515ae5237e279c5e6ded98
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close