exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-02-25 to 2015-02-26

Lynis Auditing Tool 2.0.0
Posted Feb 25, 2015
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: The first release within the 2.x branch. It includes several new features, to simplify or improve auditing on Unix based systems, including BSD, Linux, Mac OS and more traditional systems like AIX, HPUX and Solaris.
tags | tool, scanner
systems | unix
SHA-256 | 7c6df4b1a1793336b821241ea951d284e00aaeff40b1141e0241b1d09ece8608
Alienware Command Center 2.8.8.0 Local Privilege Escalation
Posted Feb 25, 2015
Authored by Humberto Cabrera | Site zeroscience.mk

Alienware Command Center version 2.8.8.0 suffers from an unquoted search path issue impacting the service 'ioloenergybooster' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

tags | advisory, arbitrary, local
systems | windows
SHA-256 | 63f2538dadd62b01d9a1bdd72381e85972ffeb5361dcf205055e2e2870241cf9
Ubuntu Security Notice USN-2505-1
Posted Feb 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2505-1 - Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836
SHA-256 | 089f252b4c9bbfaaf0c54c751c1f3a5709ec79a25c3cf1f19010136f983ea370
Red Hat Security Advisory 2015-0269-01
Posted Feb 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0269-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.1 release serves as a replacement for JBoss Operations Network 3.3.0, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002
SHA-256 | 22eb0f338cafc9de3a1c510ad57ea0b27f7d4e97b9b7a25e8ca862924e08282a
Cisco Ironport AsyncOS Cross Site Scripting
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2013-6780
SHA-256 | 625b938af5a85150b1a3686a1b0c965a9c909143433e02e16ae80a36174e5eb6
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Posted Feb 25, 2015
Authored by LiquidWorm | Site zeroscience.mk

Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.

tags | exploit
SHA-256 | b8335176b54b66e8cbb9f9a3685e9203b083052ec2400eff910c1f08c844eedb
Cisco Ironport AsyncOS HTTP Header Injection
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.

tags | exploit, web
systems | cisco
advisories | CVE-2015-0624
SHA-256 | c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1fa
Suricata IDPE 2.0.7
Posted Feb 25, 2015
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: DCERPC traffic and http uri parsing issues addressed. Various bug fixes and improvements.
tags | tool, intrusion detection
systems | unix
SHA-256 | c5c3ccebeecbace39df0ff2d50ec4515b541103ffaa5e33cd1dc79d4955c0dfd
SAP Business Objects Unauthorized Audit Information Access
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.

tags | advisory, remote
advisories | CVE-2015-2076
SHA-256 | 92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
SAP Business Objects Unauthorized Audit Information Delete
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.

tags | advisory, remote
advisories | CVE-2015-2075
SHA-256 | 525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
SAP Business Objects Unauthorized File Repository Server Write
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2074
SHA-256 | 6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
SAP Business Objects Unauthorized File Repository Server Read
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2073
SHA-256 | b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
SAP HANA Web-based Development Workbench Cross Site Scripting
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.

tags | advisory, xss
advisories | CVE-2015-2072
SHA-256 | 5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2
Red Hat Security Advisory 2015-0266-01
Posted Feb 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0266-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.

tags | advisory, web, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836
SHA-256 | b6086d5a30a8d920f7c48a29debed81f96970f5500250c3604ddf5e177d50cd7
Gentoo Linux Security Advisory 201502-14
Posted Feb 25, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-14 - A vulnerability in grep could result in Denial of Service. Versions less than 2.21-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-1345
SHA-256 | 17571fc7011e05dc2a208be4e37864cb8316ec4cfbb4c2172adcc07b37a15a8d
SEO Toaster E-Commerce 2.2.0 Cross Site Scripting
Posted Feb 25, 2015
Authored by Ankit Bharathan

SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 24bbaf5076666acb1c082a4015e52f5e8aa9a9c44a370c866f118c741c285a66
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close