what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-03-26 to 2015-03-27

Berta CMS File Upload Bypass
Posted Mar 26, 2015
Authored by Simon Waters

Berta CMS versions prior to 0.8.10b suffer from an issues where images with a ".php" extension can be uploaded and all that is required is that they pass the PHP getimagesize() function and have suitable dimensions.

tags | exploit, php, file upload
SHA-256 | e48ff1b6047e08c0020b9a706603986a8de01a2d4214892be753857895596f7d
Red Hat Security Advisory 2015-0729-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0729-01 - The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2015-1815
SHA-256 | 886ca51910f7b3e67238a1bcd37edc906783dbebed7f167e1e754b54e5873db6
Red Hat Security Advisory 2015-0726-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0726-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
SHA-256 | 556554dce153edd407f9ed35ad9b2549c021b7f9b903d6312f589dbd7a1fc644
Red Hat Security Advisory 2015-0728-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0728-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. The ipa component provides centrally managed Identity, Policy, and Audit. The slapi-nis component provides NIS Server and Schema Compatibility plug-ins for Directory Server.

tags | advisory, web
systems | linux, redhat, unix
advisories | CVE-2015-0283, CVE-2015-1827
SHA-256 | 6cdcbb2c397b1da67c30029fe3637fa6aee1cffe66a58e6a940c98ef292af739
Red Hat Security Advisory 2015-0727-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0727-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
SHA-256 | 93ffce7a0d7ad072f776414c7cc064b9e424786af1d4ad30ac44a27570ab282a
Samhain File Integrity Checker 3.1.5
Posted Mar 26, 2015
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Fixed IPv6 issue with portcheck. Fixed minor issues with bugs in testing code. Various other updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 2b99cc85368d0e7ec41fc78a638e2478164f14d0c78d0adf6d917da358ade161
WordPress Aspose Cloud eBook Generator File Download
Posted Mar 26, 2015
Authored by Ashiyane Digital Security Team, ACC3SS

WordPress Aspose Cloud eBook Generator plugin suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 946d92ef5d98fe6088b0968e8e32269f8e88de346638aa86691a69187392f267
EMC Isilon OneFS Privilege Escalation
Posted Mar 26, 2015
Site emc.com

EMC OneFS contains a security fix to address a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. EMC Isilon OneFS versions 6.5.x.x, 7.0.1.x, 7.0.2.0 through 7.0.2.12, 7.1.0.0 through 7.1.0.5, 7.1.1.0 through 7.1.1.1, and 7.2.0.0 are affected.

tags | advisory
advisories | CVE-2015-0528
SHA-256 | 8532149045cfe63568349639fe7392f1d2ca3cdac10e41e16fc14dec2a17f047
Cisco Security Advisory 20150325-iosxe
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contain denial of service and remote code execution vulnerabilities. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution
systems | cisco, osx, ios
SHA-256 | e3904c4c544c8a55fe7a08d4189f9cb4bc54ecf9fad8f768b78e40310bf563a3
Cisco Security Advisory 20150325-ani
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, osx, ios
SHA-256 | 9d4b5a2a4174e548dd6478d7db85d0f287c344d501273c6636c09095f01bf7c2
Cisco Security Advisory 20150325-cip
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) feature contains denial of service and memory leak vulnerabilities. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol, memory leak
systems | cisco, ios
SHA-256 | 5c97ab8cde4eaa52ad5bbbb019e5e086be99d10d89039b78051532101aa3893b
Cisco Security Advisory 20150325-ikev2
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can be triggered only by sending malformed IKEv2 packets. There are no workarounds for the vulnerabilities described in this advisory. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
SHA-256 | 0e99f457a00039ffb941af93c3f394d33f295fcda8ea2b1eaf6b2ff6710ee30f
Cisco Security Advisory 20150325-mdns
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, udp
systems | cisco, osx
SHA-256 | b7dd6a8f566bf357465462871ebb14bc469a2c42c8e0e58ef0b8691f1ea33244
Cisco Security Advisory 20150325-wedge
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 (ICMPv4) messages received on a VRF-enabled interface. An attacker could exploit this vulnerability by submitting ICMPv4 messages designed to trigger the vulnerability on an affected device. When the ICMPv4 messages are processed, the packet queue of the affected interface may not be cleared, leading to a queue wedge. When a wedge occurs, the affected device will stop processing any additional packets received on the wedged interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 8bb3e16c91622ced7a506e8173cbfe2134a6dd7fb5f7b20b86fb139f17b61f01
Realms Wiki Insecure Transport
Posted Mar 26, 2015
Authored by Javantea

Realms Wiki uses insecure transport during install and due to this an attacker in a privileged position could achieve remote code execution.

tags | advisory, remote, code execution
SHA-256 | 4f568ca2e277c33afd5ba0f09e55744f8174cc394efff4f5d14d96ff8cdee252
Realms Wiki Cross Site Request Forgery
Posted Mar 26, 2015
Authored by Javantea

Realms Wiki suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 76698182beabf946f364524d2347cb5198c06f12b7a17d4f24120c19c10ee709
Mini-Stream Ripper 2.7.7.100 Buffer Overflow
Posted Mar 26, 2015
Authored by TUNISIAN CYBER

Mini-Stream Ripper version 2.7.7.100 local buffer overflow exploit with message box shellcode.

tags | exploit, overflow, local, shellcode
SHA-256 | e5daae6d4a7fbf7f28c2cb416cb108fc4086f777944a3257d91c5bb1a73e3498
WSO2 Identity Server 4.5.0 / 4.6.0 / 5.0.0 Bypass / Cross Site Scripting
Posted Mar 26, 2015
Authored by Bartlomiej Balcerek

WSO2 Identity Server versions 4.5.0, 4.6.0, and 5.0.0 suffer from authentication bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
SHA-256 | 6680a7e463046ee138266816668db4cf56362edb02b8e6d3cff5088123687903
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close