what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 379 RSS Feed

Files Date: 2015-06-01 to 2015-06-30

Debian Security Advisory 3294-1
Posted Jun 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3294-1 - Multiple vulnerabilities were discovered in the dissectors for WCCP and GSM DTAP, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-4651, CVE-2015-4652
SHA-256 | 857b5e548eed5c842fd18f766ea7fe50474a166ba44c28ee47bb09e8b7140ce7
Thycotic Secret Server 8.8.000004 Cross Site Scripting
Posted Jun 24, 2015
Authored by Marco Delai

Thycotic Secret Server versions 8.6.000000 through 8.8.000004 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-3443
SHA-256 | 9ea22b103c6aa0c6d6dc2e889a4f8f3ec01f979507a2b6f0d1b698555069d43a
Kguard Digital Video Recorder Bypass Issues
Posted Jun 24, 2015
Authored by Federick Joe P Fajardo

A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models. While password-based authentication is used by the ActiveX component to protect the login page, all the communication to the application server at port 9000 allows data to be communicated directly with insufficient or improper authorization. Proof of concept exploit included.

tags | exploit, activex, proof of concept
advisories | CVE-2015-4464
SHA-256 | f2bc1717a93e9db3908a82aa2086b5693c8ed751e4401e4bc8ea701c009a43ec
iBall 150M Wireless-N ADSL2+ Router Authentication Bypass
Posted Jun 24, 2015
Authored by Gem George

The CGI script used in the iBall 150M Wireless-N ADSL2+ router does not validate credentials. Hence any page in the router can be directly accessed by replacing page extension with .cgi.

tags | exploit, cgi, bypass
SHA-256 | 4f6130f32632281e0a685611d0f071ae4329ca63096fc5c385e01cbcf5abc5fc
ManageEngine Asset Explorer 6.1 Cross Site Scripting
Posted Jun 24, 2015
Authored by Suraj Krishnaswami

ManageEngine Asset Explorer version 6.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2169
SHA-256 | 0e0cbef4faaa90dd611f268ecebd5e06de49fa975ef884e5b752fbdcd43706b1
WordPress Nextend Twitter Connect 1.5.1 Cross Site Scripting
Posted Jun 24, 2015
Authored by Liran Segal

WordPress Nextend Twitter Connect plugin version 1.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-4557
SHA-256 | 2613a7c7a1dcc2e75e1e3e027cc93b73799c9914997cb258302b816d66136f5c
Google Chrome 43.0.2357.124 XSS Filter Bypass
Posted Jun 24, 2015
Authored by Yosi Ovadia

Google Chrome version 43.0.2357.124 suffers from a cross site scripting filter bypass vulnerability.

tags | exploit, xss, bypass
SHA-256 | 76a2fa134b093b8a4f3a4737dc9c2d7dfa87c9cbf70ffc89e1d6d4da91024f1d
Agahi 1.6 Cross Site Scripting / SQL Injection
Posted Jun 24, 2015
Authored by indoushka

Agahi version 1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | da83883858266fb087d8cb7ef2e270fb5581e6362251675cf838c003aa25d2b5
Red Hat Security Advisory 2015-1177-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1177-01 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.0 is a minor product release that updates Red Hat JBoss A-MQ 6.1.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
SHA-256 | c9adeea3a960e9023bf77969db57bb2de16626cb8200390698e69ed2fd214a63
Red Hat Security Advisory 2015-1176-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2013-7397, CVE-2013-7398, CVE-2014-0363, CVE-2014-0364, CVE-2014-3577, CVE-2014-4651, CVE-2014-5075, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
SHA-256 | 5b62a88300e3d3a984e66c33f540e2c9e0a241d1cb41eb116da6198f4b034f4c
EMC Documentum Thumbnail Server Directory Traversal
Posted Jun 23, 2015
Site emc.com

EMC Documentum Thumbnail Server contains a directory traversal vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 6.7SP1, 6.7SP2, 7.0, 7.1, and 7.2 are affected.

tags | advisory
advisories | CVE-2015-0550
SHA-256 | 65f6e0d65c42ddbdcb2a59562211a3441c788baafed82f99fdc4a58870a62e44
EMC Documentum D2 Cross Site Scripting
Posted Jun 23, 2015
Site emc.com

EMC Documentum D2 contains a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versious 4.1, 4.2, and 4.5 are affected.

tags | advisory, xss
advisories | CVE-2015-0549
SHA-256 | d63acf8734b5f631519f1ea06e1d70f948774e546a0b8b1f4c8ad7f39896126a
FreeRADIUS Insufficient CRL Application
Posted Jun 23, 2015
Authored by Andrea Barisani, Open Source CERT

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.

tags | advisory
advisories | CVE-2015-4680
SHA-256 | f44ceb4ece64f245dca32d4e44eaa21e29c75abd2daf06b1fa52ef60f318b7bc
HP Security Bulletin HPSBMU03356 1
Posted Jun 23, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03356 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials (BSAE) running TLS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 0460cfc09f1d91b07bbdaac7eb563a04d8545a18f9bc8815fa251d6e639ca183
Red Hat Security Advisory 2015-1153-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1153-01 - Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance would recognize Sender alignment for Domain Key Identified Mail signatures. Consequently, Mailman list subscribers that belonged to a mail server with a "reject" policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, domains with a "reject" DMARC policy are recognized correctly, and Mailman list administrators are able to configure the way these messages are handled. As a result, after a proper configuration, subscribers now correctly receive Mailman forwarded messages in this scenario.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-2775
SHA-256 | 3d985a75ad520e9d32dc40dc407d5272dec00095877d0f014e8d7835cae3ba1f
Red Hat Security Advisory 2015-1139-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1139-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830
SHA-256 | edf6a2a888e1f12e7dc662266281129cfaba312336e0fc5b027d706bd9acab86
Red Hat Security Advisory 2015-1154-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1154-01 - Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-3204
SHA-256 | efabc6b1f6c23dfaa0f6f4ec4221f9503c2a4cab00e81c247567f72882a190ca
Red Hat Security Advisory 2015-1137-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830
SHA-256 | b0d41a4e75261540327de9609c7f84e2f2c54a7eabc27611a2cfb4708a7cd5fd
Red Hat Security Advisory 2015-1138-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1138-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830
SHA-256 | bc6b92e674b8c59bb4c70d6ba01e90053bbee07767a1b4dc571aa00572108c9e
Debian Security Advisory 3293-1
Posted Jun 23, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3293-1 - Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens.

tags | advisory, remote, web, arbitrary, python
systems | linux, debian
SHA-256 | c91b5da63a86d6e83b97542702b63969ec45eef3dc789546f1daf299a0a515b2
Red Hat Security Advisory 2015-1135-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602
SHA-256 | cd29d265756a82b81294b5b57ef3c66093befd38401aca38c86228d6f38a5a66
Smalisca 0.2
Posted Jun 23, 2015
Authored by Cyneox | Site nullsecurity.net

Smalisca is a static code analysis tool for Smali files.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | c01aa506d6ff25651d6879d25008ed2498b6c01d0127d349319f4332c039cbc7
WordPress Nextend Facebook Connect 1.5.4 Cross Site Scripting
Posted Jun 23, 2015
Authored by Liran Segal

WordPress NextEnd Connect plugin version 1.5.4 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-4413
SHA-256 | 8967112d4e0b087a9c98f874a79f8d302c634061fdc5641c6b3e1c707037d480
WordPress Revslider Arbitrary File Upload / Download / XSS
Posted Jun 23, 2015
Authored by CaFc Versace

WordPress Revslider plugin suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 36a172246b28821efbbddd74fa15559539df7db7fe943afe36e9ba491cdc5324
Apache Storm 0.10.0-beta Code Execution
Posted Jun 22, 2015
Authored by P. Taylor Goetz, Bobby Evans

The UI daemon in Apache Storm version 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.

tags | advisory, remote, web, arbitrary
advisories | CVE-2015-3188
SHA-256 | 313d55800f3841429c6c7e4111fca886753cb1e18bac2ecc4196684e7d19c6a2
Page 3 of 16
Back12345Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close