what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-07-23 to 2014-07-24

E2 2844 SQL Injection
Posted Jul 23, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

E2 version 2844 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-4736
MD5 | f613ffbfa8435ec9bdfa9d3b507f91c4
LPAR2RRD 3.5 / 4.53 Command Injection
Posted Jul 23, 2014
Authored by Open Source CERT, Juergen Bilberger

Insufficient input sanitization on the parameters passed to the application web gui leads to arbitrary command injection on the LPAR2RRD application server. Versions 4.53 and below and 3.5 and below are affected.

tags | advisory, web, arbitrary
advisories | CVE-2014-4981, CVE-2014-4982
MD5 | e3919dedeede8255532d7778ccce579a
HP Security Bulletin HPSBMU03073
Posted Jul 23, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03073 - A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-2625, CVE-2014-2626
MD5 | 2de08b248da026c5a0b395c35b2f8462
Debian Security Advisory 2984-1
Posted Jul 23, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2984-1 - CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.

tags | advisory, arbitrary, root
systems | linux, debian
advisories | CVE-2014-1419
MD5 | 63c29217f96e009041aba524c0ae94cd
Red Hat Security Advisory 2014-0921-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0921-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-4352, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | 82c9b83d58b0bd5c6b46d39d22b9d2eb
Red Hat Security Advisory 2014-0920-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0920-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | 5a3b1f1cd0878aa6a0acce3f6f8e2d7a
Red Hat Security Advisory 2014-0922-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0922-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-4352, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | 35ac311b9980e6704f2956989c57fd21
Ubuntu Security Notice USN-2299-1
Posted Jul 23, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2299-1 - Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | cb77c1be5ac62847ba4422f952b59172
Ubuntu Security Notice USN-2298-1
Posted Jul 23, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2298-1 - A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1730, CVE-2014-1731, CVE-2014-1735, CVE-2014-1740, CVE-2014-1741, CVE-2014-1742, CVE-2014-1743, CVE-2014-1744, CVE-2014-1746, CVE-2014-1748, CVE-2014-3152, CVE-2014-3154, CVE-2014-3155, CVE-2014-3157, CVE-2014-3160, CVE-2014-3162, CVE-2014-3803
MD5 | ddbcb911bbb718ab33bee6c76c26c7f8
Red Hat Security Advisory 2014-0926-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0926-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-2678, CVE-2014-4021
MD5 | 5a64114739ec904e88099feb09d10b07
Red Hat Security Advisory 2014-0925-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | affcadcb71639db09261302b3cc2f5e0
Red Hat Security Advisory 2014-0927-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0927-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461
MD5 | 213837b8b933c1de8d33ca68d9850f10
Red Hat Security Advisory 2014-0923-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | f1029fa1c22cdb11ea204241476643e1
Red Hat Security Advisory 2014-0924-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | 9009eded5d0519623f7aea43f95bd7b1
Debian Security Advisory 2985-1
Posted Jul 23, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2985-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260
MD5 | 382bd2a5c931758b8047a0ffccf25c53
Red Hat Security Advisory 2014-0919-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0919-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
MD5 | 704dc1856c98863c3e9b0369de065f05
SILC (Secure Internet Live Conferencing) Client 1.1.11
Posted Jul 23, 2014
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all client related files.

Changes: This version adds plugin changes, performs better public key verification, and addresses various issues.
tags | tool, protocol
systems | unix
MD5 | 9c025a158e8a92740ca3abcc2c648d4b
CMS VIA-X SQL Injection
Posted Jul 23, 2014
Authored by Felipe Andrian Peixoto

CMS VIA-X suffers from a remote blind SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 961a167f0de7f8d64cef5f876fe0321a
Ukora CMS Shell Upload
Posted Jul 23, 2014
Authored by Jagriti Sahu

Ukora CMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 004d40348ff2ceef8ded301a2cae933d
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close