what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-05-08 to 2014-05-09

AVG Remote Administration Bypass / Code Execution / Static Keys
Posted May 8, 2014
Authored by S. Viehbock | Site sec-consult.com

AVG Remote Administration version 13.0.0.2892 suffers from authentication bypass, remote code execution, missing entity authentication, and use of static encryption key vulnerabilities.

tags | exploit, remote, vulnerability, code execution
SHA-256 | ceb5d04708b6157050ac25449b0b9e11964628e323bd6dc10d4cab4e2224dd97
OrbiTeam BSCW 5.0.7 Metadata Information Disclosure
Posted May 8, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Versions 5.0.7 and below are affected.

tags | exploit, info disclosure
advisories | CVE-2014-2301
SHA-256 | e0f660572f84c74eb890b10b761c3a1cf4c4bc6d50e313b9c433d650c7357df1
VM Turbo Operations Manager 4.5.x Directory Traversal
Posted May 8, 2014
Authored by Jamal Pecou

VM Turbo Operations Manager version 4.5.x suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 6867fe8f56ce9106aae72c2e15cb5ae941497b017368ba4f683eb31f8d8d2f21
HP Security Bulletin HPSBMU02935 3
Posted May 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02935 3 - Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 3 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2013-4837, CVE-2013-4838, CVE-2013-4839, CVE-2013-6213
SHA-256 | bfba7ce6c6917e40b8047472aad88c43a8e3fe407f35822281f3d1cebd4d38e5
Red Hat Security Advisory 2014-0477-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0477-01 - Oracle Java SE development and runtime software packages will be removed from the Red Hat Enterprise Linux Supplementary media and RHN channels. These packages will be relocated to a new set of channels that are dedicated to delivering Oracle Java software. Customers are advised to reconfigure their systems to use the new channels to ensure that they are receiving the latest updates to Oracle Java software. Oracle Java software packages will be removed from Red Hat Enterprise Linux Supplementary media and RHN channels on May 8, 2014. Oracle Java will be available for online download via the new RHN channels.

tags | advisory, java
systems | linux, redhat
SHA-256 | 0f2f3f93ba7fa2bfd4319dbc98bd646a3fcff6305cefe74ab52835e9683c200a
Red Hat Security Advisory 2014-0476-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0476-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-6381, CVE-2013-6383
SHA-256 | 9f8cfd3ecd56c7f75c28a03d7928d9e6b483e023a407fb82e78912301cbd97c3
Red Hat Security Advisory 2014-0475-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0475-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-6383, CVE-2014-0077, CVE-2014-2523
SHA-256 | d11f1789310cad87908144e149842aaeeb43c7ec9cbc6c39580ed4aa67644a5c
Ubuntu Security Notice USN-2209-1
Posted May 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2209-1 - It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6456, CVE-2013-7336
SHA-256 | 8939815c2944317f51d9cd1820cc2d58ddf2132fb2a7e08c06d91e8d4d7d1a0a
Debian Security Advisory 2925-1
Posted May 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2925-1 - Phillip Hallam-Baker discovered that window property values could be queried in rxvt-unicode, resulting in the potential execution of arbitrary commands.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2014-3121
SHA-256 | e147a9a3c73f73ff8f86e3fb55e725719b80cc3ccde7c5d170dfe92148972078
Ubuntu Security Notice USN-2210-1
Posted May 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2210-1 - Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause it to accept browse packets from all hosts, contrary to intended configuration.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-2707
SHA-256 | 0b16105b8b33ff36b1db4a057326e8023261374b25d506af1b6b9ac1eb4aa6c5
Mandriva Linux Security Advisory 2014-083
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-083 - Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity. XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action. MediaWiki has been updated to version 1.22.6, fixing this and other issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-2665
SHA-256 | 5a6c7bc4a4b122fb358c0ade3b8277baa7f5e4453ec69320728a2f11b9ceabbf
Mandriva Linux Security Advisory 2014-082
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-082 - Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library. Jakub Wilk discovered that temporary files created in the JpegImagePlugin.py and EpsImagePlugin.py files of the Python Imaging Library were passed to an external process. These could be viewed on the command line, allowing an attacker to obtain the name and possibly perform symbolic link attacks, allowing them to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library.

tags | advisory, arbitrary, local, python
systems | linux, mandriva
advisories | CVE-2014-1932, CVE-2014-1933
SHA-256 | 20074e33fc3fe22b282a72195ec6dbdd6404e404e77e25da3bade5c67a1b51ae
Mandriva Linux Security Advisory 2014-080
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-080 - A null pointer dereference bug in OpenSSL 1.0.1g and earlier in so_ssl3_write() could possibly allow an attacker to cause generate an SSL alert which would cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-0198
SHA-256 | b9ee5e54aed8abf274affc4d1458419a6b1b09e7eb5a2ed031d7dbe6a4799a14
Mandriva Linux Security Advisory 2014-081
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-081 - Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-5705
SHA-256 | 33a877d1162e50e7aa29807e7ffd1e6c026c203d59f9ccd296a439d912e03154
Openfiler 2.99.1 Cross Site Scripting
Posted May 8, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c690ccedae1c74a42f999bf09b3b8e0b27e3f56ff4ca39f4cc4ee3d3b9e2d937
Openfiler 2.99.1 Arbitrary Code Execution
Posted May 8, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a remote arbitrary code execution vulnerability.

tags | exploit, remote, arbitrary, code execution
SHA-256 | f39eaef0643faa98d3ea0b5cbd3b47b64d2654876e82be326b67d25a90209d9f
Collabtive 1.12 SQL Injection
Posted May 8, 2014
Authored by Deepak Rathore

Collabtive version 1.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3246
SHA-256 | 23b430229e0bd82a0650c317d93f8650db871e9c49ef9fbd09dfe4dc15d19e99
GOM Player 2.2.57.5189 Memory Corruption
Posted May 8, 2014
Authored by Aryan Bayaninejad

GOM Player version 2.2.57.5189 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3216
SHA-256 | dfa5ffc08ce3ba5b6107594f21b73725d321cebcef7699a6b77983be79668e48
Cobbler Local File Inclusion
Posted May 8, 2014
Authored by Dolev Farhi

Cobbler versions 2.4.x through 2.6.x suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 2e95e8c1d7b784a8a867b18e9c0497e669454dba4841fb5be6e965abdc4b7b32
CMS Touch 2.01 Cross Site Scripting / SQL Injection
Posted May 8, 2014
Authored by indoushka

CMS Touch version 2.01 suffers from remote SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | c655b6f45eb784269e8b7fa2be84b760ebc6980d5e6c56eeba90e163b5294d09
Enquete yS 1.0 SQL Injection
Posted May 8, 2014
Authored by Hugo Santiago dos Santos

Enquete yS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c8d2e2d5d89b0d778cdf2b3e7843e7fbcf459acd5e151d5c728af63f22dce0a6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close