what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-03-26 to 2014-03-27

Firefox For Android Information Leak
Posted Mar 26, 2014
Authored by Roee Hay

A series of vulnerabilities have been discovered in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox.

tags | advisory, vulnerability
advisories | CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516
SHA-256 | 688b048fb5365a45f0a237ef602cef2bde7a27679794b9c23fb305a9ed177a61
Beheer Systeem :: Inloggen 6.1 Command Execution
Posted Mar 26, 2014
Authored by Felipe Andrian Peixoto

Beheer Systeem :: Inloggen version 6.1 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 71ed88b33d6cfd66642d0a7f54632ba605ef5c360563a06883fe978f05d0ce06
DotItYourself 6.11.060830 Command Execution
Posted Mar 26, 2014
Authored by Felipe Andrian Peixoto

DotItYourself version 6.11.060830 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 4253076bdabe92fa1b44b078b7bea0b2a8c511f30f794954f338db88674e1a85
Debian Security Advisory 2886-1
Posted Mar 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2886-1 - Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.

tags | advisory, java, arbitrary, vulnerability, code execution, info disclosure
systems | linux, debian
advisories | CVE-2014-0107
SHA-256 | 365cf71f1731754a036810b5e0e18bedeb52a4ab1cdcd9b2eebfdb05dca50e84
Debian Security Advisory 2885-1
Posted Mar 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2885-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-2525
SHA-256 | b4999786c09114961fe601a3d66c8dd907ab9b138e0d262a4b06dbdd2543a516
Debian Security Advisory 2884-1
Posted Mar 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2884-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-2525
SHA-256 | d2d7928d1100550c07f523aba820802edcc4d3fc9f39e2823644e4c86301dc95
Cisco Security Advisory 20140326-ipv6
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, protocol
systems | cisco, osx
SHA-256 | b099cd45ced8201a847dacf48fc924497fe7165c4d908be59deb34c1e012a531
RSA Authentication Manager Cross Frame Scripting
Posted Mar 26, 2014
Site emc.com

RSA AM version 7.1 SP4 P32 contains a fix for a cross frame scripting vulnerability on the Self-Service Console. This vulnerability may allow an unauthenticated malicious user potentially to misuse frames and steal sensitive information from legitimate users of the application.

tags | advisory
advisories | CVE-2014-0623
SHA-256 | 0df87dd0239f954de0f33c622a957f03cff3e625d25c2efe137b1b777b10aa6f
Mozilla Firefox "BumpChunk" Object Processing Use-After-Free
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.

tags | advisory, web, arbitrary, code execution
SHA-256 | 8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567
Cisco Security Advisory 20140326-ios-sslvpn
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 02cb8b78d8d7e0d3900c22ebce4004b2b99138cae3c3a2a1796be9277d535a9d
Google Chrome Clipboard Format Processing Sandbox Escape
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the "Clipboard::WriteData()" function that does not restrict the value of the "format" parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. Google Chrome versions prior to 33.0.1750.154 are affected.

tags | advisory, code execution
SHA-256 | 1e839c35cc0103dc89491b813b56882dd52230a8917c7b3e18e00a97251c90dd
Google Chrome Blink "locationAttributeSetter" Use-After-Free
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the "DocumentV8Internal::locationAttributeSetter()" function when processing "document.location" objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. Google Chrome versions prior to 33.0.1750.154 are affected.

tags | advisory, web, arbitrary, code execution
SHA-256 | 64ac9a25643ea00fce3210d758ef5db14c5aa566c56da27b8f97f1377430a60f
Cisco Security Advisory 20140326-nat
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, ios
SHA-256 | 0d4a383712ff0282199a25bb4210625c70f16c2c87c4f53b3319173aabba2fbe
Cisco Security Advisory 20140326-ikev2
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet. Only IKEv2 packets can trigger this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
SHA-256 | 3ed033886a5bb2ef55bd66f456b12eca7c89d9d2e52708ccd6de0d850451992d
Allied Telesis AT-RG634A Unauthenticated Webshell
Posted Mar 26, 2014
Authored by Sebastian Muniz

Allied Telesis AT-RG634A ADSL broadband router has hidden administrative unauthenticated webshell that allows for command injection.

tags | exploit
advisories | CVE-2014-1982
SHA-256 | e3656907ce60bc967c703eead969f7f9b2ab164514e55b51d9246f8a9fad51ca
VirusChaser 8.0 Buffer Overflow
Posted Mar 26, 2014
Authored by wh1ant

VirusChaser version 8.0 stack buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 6ecbff68b7197ddb88d7ad80fa57db0def9d0748f4668c04b41b49f4bea3101e
HP Security Bulletin HPSBST02968
Posted Mar 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02968 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2013-6211
SHA-256 | f9916c858b8cddf46f16e2652c95490e1dc6a1a18521a597b445d0ba078efa73
Cisco Security Advisory 20140326-RSP72010GE
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote
systems | cisco
SHA-256 | 3c8d9199071a60dcdd3e347bae1e1bd71ef643ce811a3c7718db399f9ee2c6db
Cisco Security Advisory 20140326-sip
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software and Cisco IOS XE Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.

tags | advisory, remote, protocol
systems | cisco, osx
SHA-256 | f14a7c744e74a61688552f3dca910fa334cbaabb61d41749c186baaed9f98772
Gentoo Linux Security Advisory 201403-06
Posted Mar 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-6 - Multiple buffer overflow flaws in libupnp may allow execution of arbitrary code. Versions less than 1.6.18 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2012-5958, CVE-2012-5959, CVE-2012-5960
SHA-256 | e03eb83d2a7aa7021aa08869a4d96954a3dadcdfda9b744e73250ff73718e8e7
Ubuntu Security Notice USN-2156-1
Posted Mar 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2156-1 - Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-4496
SHA-256 | 5348fba08a330686b2e7b10f988a125fa442b46076c0d25fd74aabe5866964ee
Red Hat Security Advisory 2014-0335-01
Posted Mar 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0335-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.4.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2014-0086
SHA-256 | 6693be76567f1848f315232357e5b073ef0eae20d36558a65313d90bd2e521df
Gentoo Linux Security Advisory 201403-07
Posted Mar 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-7 - A vulnerability in grep could result in execution of arbitrary code or Denial of Service. Versions less than 2.12 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2012-5667
SHA-256 | 3300c2cdba3b6b189e247ca96f92523bfd66af9037dc016c6445c91e715d47bd
CouchDB UUIDS Denial Of Service
Posted Mar 26, 2014
Authored by KrustyHack

CouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close