what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-02-14

WordPress Acunetix WP Security Make Backup 4.0.3 CSRF
Posted Feb 14, 2014
Authored by Yashar shahinzadeh

Acunetix WordPress WP Security Make Backup plugin version 4.0.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b252718580ee023413cc606be9290cfbd4802abfc7c7fe6ae15564dab7317941
Nagios NRPE Weak Cryptography Implementation
Posted Feb 14, 2014
Authored by Aaron Zauner

This advisory discusses a weak cryptography implementation in NRPE, the remote monitoring agent distributed with Nagios.

tags | advisory, remote
SHA-256 | 9513ca804b2266816b1f59df17644a5e411eb0d568e52e7f93c445b9e778b63c
Framework For Improving Critical Infrastructure Cybersecurity
Posted Feb 14, 2014
Site nist.gov

This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.

tags | paper
SHA-256 | 696de85131e12c5aeceb80b81967cf7b6a763bedd16495ecd096c382eb8c7d35
Apple Security Advisory 2014-02-11-1
Posted Feb 14, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-11-1 - Boot Camp 5.1 addresses a security issue. A bounds checking issue existed in the AppleMNT.sys driver's parsing of Portable Executable files. If a Portable Executable file with a malformed header is loaded, this could cause a Boot Camp driver to corrupt kernel memory. The issue was addressed through improved bounds checking.

tags | advisory, kernel
systems | apple
advisories | CVE-2014-1253
SHA-256 | 07103b0ee92ecf96051445fef55f03bcbb9e89f921846def3180a8c6dfc9ef7b
Dexter CasinoLoader SQL Injection
Posted Feb 14, 2014
Authored by bwall

Proof of concept SQL injection exploit for the panel in Dexter CasinoLoader. It exploits the gateway for bots to connect in, which sanitizes none of its input. This version of the exploit just dumps database data, and can create a GEXF file to make a graph in Gephi.

tags | exploit, sql injection, proof of concept
SHA-256 | e23bf1f6bf9d448ec21c0e08084f86886e247080217d33e730242930b073b444
Ubuntu Security Notice USN-2105-1
Posted Feb 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2105-1 - James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. Chris Glass discovered that the MAAS API was vulnerable to cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.

tags | advisory, remote, local, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1070, CVE-2013-1069, CVE-2013-1069, CVE-2013-1070
SHA-256 | b3b580b276826bc153e8f810e4aa0d9ddaf93bffecd797cccea9a87b941157b3
Mandriva Linux Security Advisory 2014-029
Posted Feb 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-029 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0001
SHA-256 | e39dc76f04b0608ecb515d1d059eb80ee86e71bc3c84c20004709b689f94b1ed
Mandriva Linux Security Advisory 2014-028
Posted Feb 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-028 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Various other issues have been addressed. The updated packages have been upgraded to the 5.5.35 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, CVE-2014-0402
SHA-256 | ebd9a0fcd180370e549e49c07622f3c2d751b23325b5393eb13159ca0e3864c5
Red Hat Security Advisory 2014-0173-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0173-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-3839, CVE-2013-5807, CVE-2013-5891, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
SHA-256 | 31ea251646a83ad0404f232d723f28503dc57e7493d6173e5c3a773c84e8b119
Red Hat Security Advisory 2014-0174-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0174-01 - Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server, as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials.

tags | advisory, remote, web, kernel
systems | linux, redhat
advisories | CVE-2013-6492
SHA-256 | e410c801cfdfe205745559af19dd5bcffe1667abd62176ecb18cc48ad3077382
Red Hat Security Advisory 2014-0175-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0175-01 - Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server, as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials.

tags | advisory, remote, web, kernel
systems | linux, redhat
advisories | CVE-2013-6492
SHA-256 | 813f6fa729bf2246f3eb91d2e426a58d294a78411b80351765b0c1ecf65bc8a8
Red Hat Security Advisory 2014-0172-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0172-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
SHA-256 | 541f07157180c8db909f86a437b2213620a20031cbdccf831162fc96fb9d554f
ASUS RT Router Anonymous FTP Access
Posted Feb 14, 2014
Authored by Kyle Lovett

Five ASUS RT series routers suffer from a vendor vulnerability that default FTP service to anonymous access with full read/write permissions.

tags | advisory
SHA-256 | df94c3881f58c3d90e3c87a3f4f3cb75a7ea84051aaa9d0bf12a4e0118b66733
WordPress Buddypress 1.9.1 Privilege Escalation
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-1889
SHA-256 | fa0ee4897fffef374ba31d9600f656b4b67d282b9dee8e74e5f06db89ccd0ac0
WordPress Buddypress 1.9.1 Cross Site Scripting
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1888
SHA-256 | cb6e6a7f1e53ac871ca5f03ab6a3fb79940b35b8a9e403602f1639a1c1c52a7b
FreePBX 2.9 Remote Code Execution
Posted Feb 14, 2014
Authored by Rob Thomas

FreePBX version 2.9 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2014-1903
SHA-256 | d2b9cce20ce59a9ea58ad61bcebc7faee7331c69e786ddbe3786953df0a89e60
Boxcryptor Cross Site Scripting
Posted Feb 14, 2014
Authored by Vicente Aguilera Diaz

Boxcryptor.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aab48458247a4d57f3545b2250a6b9478315321df0e69c78e7b61de5f2d118d3
DAVOSET 1.1.7
Posted Feb 14, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added new services into full list of zombies, added support of hours in timer and improved support of plugin Google Maps.
tags | tool, denial of service
SHA-256 | 951463c2fd426ae4206e9f64ae95f805fa0d2e269cf0d1b92b1f4e1cbbd54d02
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close