exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 413 RSS Feed

Files Date: 2014-06-01 to 2014-06-30

Red Hat Security Advisory 2014-0790-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0790-01 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made.

tags | advisory, remote, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2014-3430
SHA-256 | 0e13ed0ca0865bb4148cdab7442ec2e3cbc2d65acb04cd37108d09f3f118e88c
Red Hat Security Advisory 2014-0789-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0789-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.

tags | advisory, web, local, python
systems | linux, redhat
advisories | CVE-2014-0240
SHA-256 | df6960d3491b83351ea2981cdccc88228741b708fd75b9ad397502a3952d4d4e
Red Hat Security Advisory 2014-0788-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0788-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.

tags | advisory, web, local, python
systems | linux, redhat
advisories | CVE-2014-0240, CVE-2014-0242
SHA-256 | 57c0800b7f3ba48e76c145bcd7098f16e17916222f694350196c4fe97a356438
Red Hat Security Advisory 2014-0792-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0792-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.

tags | advisory, java, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0248
SHA-256 | d264fc26b9e87effa16c94b201823aee95d04b749b963f509a2b404fdd55bd4a
Red Hat Security Advisory 2014-0794-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0794-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.

tags | advisory, java, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0248
SHA-256 | 439b96c02a30c4328b81453d07a7086ec8c6af7f89b4275e8c8731cefb9e9772
Red Hat Security Advisory 2014-0791-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0791-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.

tags | advisory, java, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0248
SHA-256 | 560b97d2370ca4284212130499acba95663b8d20758d8acd8e448914811060d8
Red Hat Security Advisory 2014-0793-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0793-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.

tags | advisory, java, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0248
SHA-256 | 71f11326c586f5c3601f41424af7061f1e6c23e84b907f4f5fc03198bc4abc09
Slackware Security Advisory - seamonkey Updates
Posted Jun 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | b2008713dccbaff442909f9725fde99b723311ed09d5cb961a6fa237a372a196
Drupal 5 / 6 / 7 Cross Site Scripting
Posted Jun 25, 2014
Authored by Richard Clifford

Drupal versions 5, 6, and 7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0a41801d96ef56fb221a470344be2e6815c1304687e4a5802e95ca5896451f33
Cogent DataHub Command Injection
Posted Jun 25, 2014
Authored by John Leitch, juan vazquez | Site metasploit.com

This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.

tags | exploit, arbitrary, asp
systems | windows
advisories | CVE-2014-3789
SHA-256 | ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3
ZeusCart 4.x Remote SQL Injection
Posted Jun 25, 2014
Authored by Kenny Mathis

ZeusCart version 4.x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3868
SHA-256 | 14392edcd2386fc3bfa622c4621025b3d4cac45565be688d86e2d5c417ae827b
Red Hat Security Advisory 2014-0786-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0786-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0206, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
SHA-256 | a129a6ab0073091556499735a5f8f8e80ead78b268c608d9656be19c8bbccf5f
Microsoft Dynamics CMS 2013 CSRF / File Upload / Replay
Posted Jun 24, 2014
Authored by Vadodil Joel Varghese

Microsoft Dynamics CRM 2013 is susceptible to multiple security vulnerabilities such as cross site request forgery, cross browser, replay, and file upload attacks.

tags | exploit, vulnerability, file upload, csrf
SHA-256 | 6b2cfd8531debcc4385762b23654dceb2f5f418d1dd4aad882be46f1e63e17e0
r2dr2 UDP DrDoS Amplification Tool
Posted Jun 24, 2014
Authored by Pablo Alobera | Site securitybydefault.com

r2dr2 is a UDP amplification attack tool for committing DRDoS denial of service attacks.

tags | tool, denial of service, udp
SHA-256 | 90aad7c803a9edd43b0a8e6475f9e30fc2f194c5f679e6328122032f306cfc15
TimThumb 2.8.13 Remote Code Execution
Posted Jun 24, 2014
Authored by Pichaya Morimoto

TimThumb version 2.8.13 with WebShot enabled suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 6c1a5f9fe02b211531e8610b366ae5ef5647ad9b838030ad32e7a11481a4ccac
HP Security Bulletin HPSBHF03052
Posted Jun 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03052 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | b47b3c7f4ac3559bddf86c59b1503433af2a0bfc437cd35375d3a4fc1b150437
D-Link authentication.cgi Buffer Overflow
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.

tags | exploit, remote, web, overflow, cgi
advisories | OSVDB-95951
SHA-256 | 450e0c17e9ed8a5889f1222fd8943a072ac89cff24fdb5117836d675f119995d
D-Link hedwig.cgi Buffer Overflow in Cookie Header
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.

tags | exploit, remote, web, cgi, code execution
advisories | OSVDB-95950
SHA-256 | 34fd8be52c6556ed2de772a2ee3aff9ac71be9f460f14eb17c88ae1909383dd4
SpamTitan 6.01 Cross Site Scripting
Posted Jun 24, 2014
Authored by William Costa

SpamTitan version 6.01 suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f3ac07a043a85c59a96327ff59d22880505e159ff1b3503616bcd8dbd5fce37c
Supermicro IPMI/BMC Cleartext Password Scanner
Posted Jun 24, 2014
Authored by 1N3 | Site treadstonesecurity.blogspot.ca

This script automates scanning for the Supermicro IPMI/BMC cleartext password vulnerability. It can check full subnets or individual hosts and includes an option to scan via proxy and to view vulnerable hosts listed in ShodanHQ.

tags | exploit
SHA-256 | e368bb65b92ec2b0491d4f9bcbea58351c46f62c857e2b132316a9843b04816d
Maligno 1.1
Posted Jun 24, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload execution (sandbox evasion), automatic metasploit resource file generation.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 25d4bc4e590478b83b26d629bca17049d507bdcc5b7e005af9a4b7b761b33434
Gentoo Linux Security Advisory 201406-21
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-21 - Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. Versions less than 7.36.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0138, CVE-2014-0139
SHA-256 | 090b15096d43be2a5496a00652c5582533b2fa4c98c5f69f159e282331632787
Gentoo Linux Security Advisory 201406-20
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-20 - A vulnerability has been found in nginx which may allow execution of arbitrary code. Versions less than 1.4.7 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0133
SHA-256 | 3e519a84a2acdaf4c4485c9b31a5fdcefeaa8e4c356e434dd87d582ec8ce444e
Gentoo Linux Security Advisory 201406-19
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1620, CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
SHA-256 | 74e12d781dc2269c43a0d713ed2d5e4560d44b59280cef7ff26ff92e33913982
Red Hat Security Advisory 2014-0784-01
Posted Jun 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0784-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
SHA-256 | 2fe962a0ac26681f3b48cc7f43712a45010ac30946e2d8611c69b22787862bf3
Page 4 of 17
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close