exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-09-04 to 2014-09-05

ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse
Posted Sep 4, 2014
Authored by CAaNES

ProjectDox version 8.1 suffers from cross site scripting, insecure direct object reference, ciphertext reuse, and user enumeration vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-5129, CVE-2014-5130, CVE-2014-5131, CVE-2014-5132
SHA-256 | 4ade242907fc62a13e4b8aaba0a4f7f7fca6f6b8b57d47b777e66318edf373cb
HP Security Bulletin HPSBMU03083 2
Posted Sep 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 2 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | ce35fcb9e956bce111332525cf71333def719138641d6da623d6b849c7e7c7b0
Gentoo Linux Security Advisory 201409-04
Posted Sep 4, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-4 - Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges. Versions less than 5.5.39 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1861, CVE-2013-2134, CVE-2013-3839, CVE-2013-5767, CVE-2013-5770, CVE-2013-5786, CVE-2013-5793, CVE-2013-5807, CVE-2013-5860, CVE-2013-5881, CVE-2013-5882, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0001, CVE-2014-0384, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437, CVE-2014-2419
SHA-256 | e41d06c2c432439d773fa63fdf7762487fd6cf0cb75e8b0100ef3d33be750cc6
Red Hat Security Advisory 2014-1147-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1147-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2014-3609
SHA-256 | 250909c1e9c114e640035794e8801256d3ff095d6456107301a6399c233f70ec
Red Hat Security Advisory 2014-1145-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1145-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1562, CVE-2014-1567
SHA-256 | 691f7b71079acc6869bdc0eeff14a950e57cbb38968093c3b83afa37188689ec
Red Hat Security Advisory 2014-1146-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1146-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2014-3577
SHA-256 | b7867964a0a320426a7d1f8a9bfd3437d615fa6349a8e17e24bda87e263a66f3
Red Hat Security Advisory 2014-1148-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1148-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.

tags | advisory, remote, web, overflow
systems | linux, redhat
advisories | CVE-2013-4115, CVE-2014-3609
SHA-256 | 00566e1dd4883a27e81e93827ef180964178270616fea21292642adcff3f8d59
Red Hat Security Advisory 2014-1144-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1144-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1562, CVE-2014-1567
SHA-256 | 8661a22623c489036117bc568cc0fc1778b23ea93a5b6d57d4f51d085d9e72de
Red Hat Security Advisory 2014-1149-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1149-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.3 release serves as a replacement for JBoss Operations Network 3.2.2, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0099
SHA-256 | 24f49bde364d7fdc4054ed807286a1f06856bd84ec4be11874a9ca4a4db78241
Red Hat Security Advisory 2014-1163-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1163-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | 173c01394ad2d26ec93b537c3d1d167a81624a45dd721129f0a9198503bc6a35
Ubuntu Security Notice USN-2340-1
Posted Sep 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2340-1 - Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3618
SHA-256 | a77f4e132da5132b8d640bf5997b4a27b456ec3ccaec2f5be3655b7df230c941
Red Hat Security Advisory 2014-1162-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1162-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | 9e860d7b7fbb3a0daaae325f717bd699f8f9b87320105a7dae1a021e295faa6c
Mandriva Linux Security Advisory 2014-174
Posted Sep 4, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-174 - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such. The updated packages have been upgraded to the latest 2.2.29 version which is not vulnerable to this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2013-5704
SHA-256 | fcee1df5464ebe1c1e6cd586ef4fa054f4e6a4553cd41003cf8e0cff62185e2c
Red Hat Security Advisory 2014-1161-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1161-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2014-3573
SHA-256 | 12da2b1fb272537bd7efd4e4cfc208117e74098ddb780097f6954ec18adffb97
Red Hat Security Advisory 2014-1143-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1143-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-3917
SHA-256 | 6e6a907c5108fb347f64fa02afd63a2328c285c745eaf9682503dbd5a5a30e9d
Xshopsaz CMS Cross Site Scripting / SQL Injection
Posted Sep 4, 2014
Authored by IeDb

Xshopsaz CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b1d0a631f98a59bef6bb6d6c18d53677c0347b0a1d0b9bf6b712881e6640291f
Impress CMS 1.3.7 Open Redirect
Posted Sep 4, 2014
Authored by Vadodil Joel Varghese

Impress CMS version 1.3.7 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 3dad6200960f37651aa5d9d1feb60b462e9e5960d8e2352c110a91a4de811490
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close