what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-02-24 to 2015-02-25

Ubuntu Security Notice USN-2510-1
Posted Feb 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2510-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9659, CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663, CVE-2014-9664, CVE-2014-9665, CVE-2014-9666, CVE-2014-9667, CVE-2014-9668, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675
SHA-256 | 004b239ee393759fc7cb311874d2950a7c617c30b47ea5eaf837e1aa8242e9ec
Red Hat Security Advisory 2015-0265-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0265-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.

tags | advisory, web, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836
SHA-256 | 6fb8b5c06984a36c4d611ba9da24a080aee70d51ca3707e453f3588b2581bb25
Red Hat Security Advisory 2015-0264-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0264-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6585, CVE-2014-6587
SHA-256 | fb96a7ad227e19fc4fa2743e05c0242fa499690eb2839e767de61e2ba5dab7c9
Red Hat Security Advisory 2015-0263-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0263-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted, as well as all running instances of IBM Java.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
SHA-256 | 67e87106d47b830b1bc1b249bc64d5e01b365f1e4e3b35563732d2787a1aea88
Webgate Buffer Overflow
Posted Feb 24, 2015
Authored by Praveen Darshanam

Various Webgate technology suffers from multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 6d6a87e39a520ec98120ccff8b68f26b54ef6465769b821e910397fd5a27aa7e
EVO-CMS 2.1.0 Cross Site Request Forgery
Posted Feb 24, 2015
Authored by Provensec

EVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11e
Analysis Of Fake Antivirus Malware Delivery
Posted Feb 24, 2015
Authored by HauntIT

This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.

tags | paper, javascript, virus
SHA-256 | e26853153c11af3c368c496b92cb79cc809c59f6efe56f5c321aefba8a22855c
I2P 0.9.18
Posted Feb 24, 2015
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 6f02f38c933662874c485cb52ca800a9e07c36e74a26fdfeece65e25979beb4b
Maligno 2.0
Posted Feb 24, 2015
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Adversary replication functionality improvements. POST and HEAD method support added, new client profile added, server multithreading support added, perpetual shell mode added, client static HTTP(S) proxy support added, documentation and stability improvements.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 546b134942e14428952c2ca513d63be123eda20b6838f21a030ccbaee216ac44
Red Hat Security Advisory 2015-0260-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0260-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-9130
SHA-256 | 792f9e6798b5e25740435a9e04fbf407a18a4febd6f6f49612ad6f8f36b8e4f4
Red Hat Security Advisory 2015-0257-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0257-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.

tags | advisory, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2015-0240
SHA-256 | 8d76cd4b796bce158991cd0e1051183c70804b81ce9d0272e76292fb6fc1201a
Ubuntu Security Notice USN-2508-1
Posted Feb 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2508-1 - Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2015-0240
SHA-256 | 8f0eb27d03b4e301f5738acc1808a68c1d0bbee2df8f1929bbc908fecacc20be
Ubuntu Security Notice USN-2507-1
Posted Feb 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2507-1 - Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-0247, CVE-2015-1572
SHA-256 | 3de6d17500b7985ce0d6caf535a214a5195595178af020699e992b99fc08fd87
Ubuntu Security Notice USN-2509-1
Posted Feb 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2509-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.

tags | advisory
systems | linux, ubuntu
SHA-256 | 877b0e4f80b3a39fd254bf9a4d9f4547850d7052585e9cc3fe2f506273ad4a76
Debian Security Advisory 3171-1
Posted Feb 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3171-1 - Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.

tags | advisory, remote, root, code execution
systems | linux, unix, debian
advisories | CVE-2015-0240
SHA-256 | 3a3f953fda09a742df9d1191a2a8a008bfb65321af16ac862f950df2fe6b22a1
Debian Security Advisory 3169-1
Posted Feb 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3169-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3406, CVE-2013-7424, CVE-2014-4043, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473
SHA-256 | 3fe931b7ce23c334ac550e9b3f9ce61c02f2b4cad71b1b7018abfe10daf65a20
WordPress Holding Pattern Theme Arbitrary File Upload
Posted Feb 24, 2015
Authored by Alexander Borg | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

tags | exploit, web, php, file upload
advisories | CVE-2015-1172
SHA-256 | ee5df7dbf0ac4eac44f2ff30e728e5eeff13120951dead86a3ad506611178a0b
HP Client Automation Command Injection
Posted Feb 24, 2015
Authored by juan vazquez, Ben Turner | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.

tags | exploit
systems | linux, windows, centos
advisories | CVE-2015-1497
SHA-256 | d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83ab
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close