what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2014-09-02 to 2014-09-03

Packet Storm New Exploits For August, 2014
Posted Sep 2, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 107 exploits added to Packet Storm in August, 2014.

tags | exploit
systems | linux
SHA-256 | c0bd4ec0e7c6e58f66fd9639d9076a94d00be1b0b74a6f2be8d565a05411bf76
Ubuntu Security Notice USN-2326-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2326-1 - A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3168, CVE-2014-3169, CVE-2014-3171, CVE-2014-3173, CVE-2014-3174, CVE-2014-3175
SHA-256 | c087630bfc5c5aa44fb205e902b3cbf2c3bff0c84b3e295fb5a78649f2413175
LogAnalyzer 3.6.5 Cross Site Scripting
Posted Sep 2, 2014
Authored by Dolev Farhi

LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-6070
SHA-256 | f98069f7596bd8fbfa00152848840528932d6b666d0df8a98d6f10bd92a35b5a
Advantech WebAccess 7.2 Buffer Overflow
Posted Sep 2, 2014
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - Advantech WebAccess version 7.2 suffers from multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2014-0985, CVE-2014-0986, CVE-2014-0987, CVE-2014-0988, CVE-2014-0989, CVE-2014-0990, CVE-2014-0991, CVE-2014-0992
SHA-256 | 909690e95e7b916c1fbab64b4af5b09fb3ba04112c7ca47c95bbd232e68cb553
WWW File Share Pro 7.0 Denial Of Service
Posted Sep 2, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

WWW File Share Pro version 7.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 7906f2aef912292473f86a0578ea86239c0f55b56e587c612027048f6fa0d8df
WordPress Huge IT Image Gallery 1.0.0 SQL Injection
Posted Sep 2, 2014
Authored by Claudio Viviani

WordPress Huge IT Image Gallery version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 075f677fcde869f4908548df7534813f4628cf4536ab7bce5fffdb634058cae1
Facebook Messenger / App MIME Sniffing Cross Site Scripting
Posted Sep 2, 2014
Authored by William Costa

Facebook Messenger and Facebook App suffers from a cross site scripting vulnerability due to a lack of file content validation.

tags | exploit, xss
SHA-256 | 984facfb08f08d6659766f7d97fe50566a9cb53325e50fee998518109f250154
Red Hat Security Advisory 2014-1123-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1123-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All devtoolset-2-axis users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5784
SHA-256 | fc012b67d580e6a5d54fae42870f3b6522d860d01b90618b5a96102cc6098b22
Red Hat Security Advisory 2014-1122-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1122-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-5251, CVE-2014-5252, CVE-2014-5253
SHA-256 | 71b6f0ad7ddb66e33912a20d961626d48d2e9236eca25ead95ebf368c0a626c4
Red Hat Security Advisory 2014-1119-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1119-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
SHA-256 | e45e8a7407272e99e406cd674a173ea013d37365242b61f7070157988c150857
Red Hat Security Advisory 2014-1121-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1121-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-5251, CVE-2014-5252, CVE-2014-5253
SHA-256 | 0683cdbc0a1a356cd2e6d084fb9d174032025d4ff4a6f905d4b1ddde9da842d6
Red Hat Security Advisory 2014-1118-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1118-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-5119
SHA-256 | 7fca1af74122ae5f8f810bdf1a8f77314889651cb17c53f6c538685a4e6f6ab2
Ubuntu Security Notice USN-2329-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2329-1 - Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1553, CVE-2014-1554, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
SHA-256 | 0c551f46a6d816a4b21607bbb9b40caf55b0faf11cbe2cb3fa7d0bdd49a0f838
Red Hat Security Advisory 2014-1120-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1120-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
SHA-256 | 8de0d30b6ea642ca8fc6967171ced5c81286dc7ba44aa5e3eba3418211435541
Ubuntu Security Notice USN-2337-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2337-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
SHA-256 | 5ea5d0d4314836f6fa6b24d0a0cb4c1a706d5ad137e84b32d12c47f0bb15b899
Ubuntu Security Notice USN-2336-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2336-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
SHA-256 | dc7e46f4955a3c32910dc04c40a47f9d4510df5db2814339aa3608859251c2df
Ubuntu Security Notice USN-2335-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2335-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 1f6469115ae1e9bf66756c1ba511a70b860e32a6a371a0d0f97c5240fda89fc0
Ubuntu Security Notice USN-2334-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2334-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 320de95f33b6f9a2559cca5cb221b03f3c70a08b3d9447fe4ab94e546233d565
Ubuntu Security Notice USN-2333-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2333-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 937ac3be9b799434ac81bf071aed2f115c6f145b2044ee77c51f45a088575c99
Ubuntu Security Notice USN-2332-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2332-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | d9919ad7ce17798e27ac5fdcd220af2dd382306a3e0b6db94d1b04fc95bac660
Debian Security Advisory 3017-1
Posted Sep 2, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3017-1 - Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting.

tags | advisory, php, protocol, xss
systems | linux, debian
advisories | CVE-2014-4172
SHA-256 | bc5a63f1ac06cd36d7a8fab0eda47982012e60a2fd52372d7bc36def64dd38b3
Ubuntu Security Notice USN-2331-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2331-1 - Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed for command injection when opening spreadsheets. If a user were tricked into opening a crafted Calc spreadsheet, an attacker could exploit this to run programs as your login.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-3524
SHA-256 | e975a73a0a442074aa9887bddf891c938e8f8401b536a2d8d8041170fede7576
Mandriva Linux Security Advisory 2014-171
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-171 - In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service.

tags | advisory, denial of service
systems | linux, mandriva
SHA-256 | a1babf00b9cb9418b52edff55fb21fc85d9d43da50ff59fd19b491084b4c700f
Mandriva Linux Security Advisory 2014-170
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-170 - Updated jakarta-commons-httpclient and httpcomponents-client packages The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-6153
SHA-256 | 116796f502a4a28c6bc079a5cec811f6f2804bb347547540e5d4aaf676368443
Mandriva Linux Security Advisory 2014-169
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-169 - Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

tags | advisory, remote, csrf
systems | linux, mandriva
advisories | CVE-2014-1546
SHA-256 | f5bd598a395b6c05ed00bff7322ba053ea6bda85e2b6ae397f5bc9946a6a1af1
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close