exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Infrastructure Resources LLC SQL Injection
Posted Jun 22, 2012
Authored by the_cyber_nuxbie

Infrastructure Resources LLC suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c928da50ab3e623522c79ecd99073e5b

Related Files

Cisco Security Advisory 20160406-privauth
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the application programming interface (API) web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper role-based access control (RBAC) when an unexpected HTTP URL request is received that does not match an expected pattern filter. An attacker could exploit this vulnerability by sending a crafted HTTP request with a modified URL to bypass RBAC settings. An exploit could allow the attacker to gain elevated privileges on the application to view and edit unauthorized data. Cisco has released software updates that address this vulnerability. Workarounds are not available.

tags | advisory, remote, web
systems | cisco
MD5 | b11fd4bd01ee4f534eadd86bd8ac4109
Red Hat Security Advisory 2016-0442-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0442-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-5295
MD5 | eb97c5a8f52f38140827870084aa1447
Red Hat Security Advisory 2016-0441-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0441-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-5295
MD5 | aabe44ac1a6619a2b14feaad75a2bd40
Red Hat Security Advisory 2016-0440-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0440-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-5295
MD5 | e32e41e7597b2f992f76a7ef569a56ce
Cisco Security Advisory 20160203-n9knci
Posted Feb 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of an ICMP packet with the IPv4 Type 7 option for record route. An attacker could exploit this vulnerability by sending an ICMP packet with the record route option to an interface on the affected switch. An exploit could allow the attacker to cause a DoS condition because the switch will reload each time the ICMP packet is received. Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is available.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 41eacb8510c035e5f4fda40feeb6ad6b
Cisco Security Advisory 20160203-apic
Posted Feb 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC processing code. An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role. Cisco has released software updates that address this vulnerability.

tags | advisory, remote
systems | cisco
MD5 | 7b62d6d3bb18ceeaa00afc317da43bb8
Red Hat Security Advisory 2015-1347-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1347-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting attack against victims using the Certificate System's web interface.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2012-2662
MD5 | c74b2289e29a00b3db8be282f1fbb713
Cisco Security Advisory 20150722-apic
Posted Jul 22, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC filesystem. An attacker could exploit this vulnerability by accessing the cluster management configuration of the APIC. An exploit could allow the attacker to gain access to the APIC as the root user and perform root-level commands. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, root
systems | cisco
MD5 | 2fd91bd76bac5b773771fa2c75516b48
Cisco Security Advisory 20150325-ani
Posted Mar 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, osx, ios
MD5 | 3bed32a77a1c6267ffca82757ce7f79b
Red Hat Security Advisory 2015-0662-01
Posted Mar 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0662-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
MD5 | b2da050a290e0a944ef54f60edf1dfbf
Red Hat Security Advisory 2015-0660-01
Posted Mar 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0660-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
MD5 | eecea3eb6c8fd693fd5972480ebd50a8
Red Hat Security Advisory 2015-0661-01
Posted Mar 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0661-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
MD5 | 1fde4fc3dfa9463afaa561bf7637f567
Red Hat Security Advisory 2014-1687-02
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1687-02 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. It was discovered that a user could temporarily be able to see the URL of a provider template used in another tenant. If the template itself could be accessed, then additional information could be leaked that would otherwise not be visible.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3801
MD5 | f9edef2b28d3a03e0501cc5f6a2f7503
Red Hat Security Advisory 2014-1318-01
Posted Sep 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1318-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410
MD5 | 172b0859b0bc6d9c41c9317450a5a9cc
Green Lights Forever: Analyzing The Security Of Traffic Infrastructure
Posted Aug 21, 2014
Authored by J. Alex Halderman, Branden Ghena, William Beyer, Jonathan Pevarnek, Allen Hillaker

The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. The authors investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. They leverage these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment in coordination with authorities. Their attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage. They make recommendations on how to improve existing systems and discuss the lessons learned for embedded systems security in general.

tags | paper
MD5 | bdd49ac25bcc2eb92f882e284a5245b7
Red Hat Security Advisory 2014-1002-01
Posted Aug 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1002-01 - Red Hat Enterprise Virtualization is a feature-rich server virtualization management system that provides advanced capabilities for managing Red Hat virtualization infrastructure for Servers and Desktops. It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3559
MD5 | b6c65f8d876e7cc55bd0bc359dc18160
Red Hat Security Advisory 2014-0859-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0859-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database, requests to load said data would terminate and the requested page would not be displayed until an administrator cleans the database.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2682, CVE-2014-0174
MD5 | 386ed98284a72c73bf35eea63aa270ee
Red Hat Security Advisory 2014-0858-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0858-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database, requests to load said data would terminate and the requested page would not be displayed until an administrator cleans the database.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2682, CVE-2014-0174
MD5 | 6c93cbb363bb945089e870ca03009ce5
Red Hat Security Advisory 2014-0579-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0579-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The openstack-heat-templates package provides heat example templates and image building elements for the openstack-heat package. It was discovered that certain heat templates used HTTP to insecurely download packages and signing keys via Yum. An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-0040, CVE-2014-0041, CVE-2014-0042
MD5 | a990c535046c4233cc344171274998ef
Red Hat Security Advisory 2014-0441-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0441-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2013-6445
MD5 | f9c88a8e01cd464a825a0138713ca5a1
Red Hat Security Advisory 2014-0440-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0440-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6619, CVE-2013-6445
MD5 | ba089f2b100c2e36b9f79a50d0fcbf3f
Red Hat Security Advisory 2014-0254-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0254-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
MD5 | b54bdea8db7c12e21553162fa4440a09
Red Hat Security Advisory 2014-0245-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
MD5 | c53b528c76b33df7b0f9dfaf0f241e4c
Cisco Security Advisory 20140226-pi
Posted Feb 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released free software updates that address this vulnerability. A software patch that addresses this vulnerability in all affected versions is also available. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary, root
systems | cisco
MD5 | 8545c7bca922cadd947b408ba2f4cd28
Red Hat Security Advisory 2013-1852-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1852-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287, CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, CVE-2013-4461
MD5 | 3be25d0169168dcfe03910b595d8aa09
Page 1 of 4
Back1234Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close