exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2014-04-09

Sophos Web Protection Appliance Command Execution
Posted Apr 9, 2014
Authored by Brandon Perry | Site metasploit.com

This Metasploit module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password hash, the module updates the password to login as the admin to reach the second vulnerability. No server-side sanitization is done on values passed when configuring a static network interface. This allows an administrator user to run arbitrary commands in the context of the web application, which is root when configuring the network interface. This Metasploit module will inadvertently delete any other users that may have been present as a side effect of changing the admin's password.

tags | exploit, remote, web, arbitrary, root, vulnerability, code execution
SHA-256 | dec69c75e7fc0e768a05e89693c7430eec2119658aa589cd230964ae4332340f
FreeBSD Security Advisory - OpenSSL Issues
Posted Apr 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

tags | advisory, vulnerability
systems | freebsd
advisories | CVE-2014-0076, CVE-2014-0160
SHA-256 | 66de8322e20a842eb886df05af8ec617a08fa29b761f8d1ec57df62b02a3009b
FreeBSD Security Advisory - NFS Server Deadlock
Posted Apr 9, 2014
Authored by Rick Macklem | Site security.freebsd.org

FreeBSD Security Advisory - The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2014-1453
SHA-256 | 06a17d6d6d665cb7448fdfe9475b3cd86f41e2dbd4f78d7d2cd978834c281738
GNUnet P2P Framework 0.10.1
Posted Apr 9, 2014
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This release contains the first release of GNUnet-java for the 0.10.x-series. It improves the documentation, including significant extensions to the Java developer tutorial. Various bugs that resulted in peer-to-peer connections failing and various crashes were fixed.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | f65cbbf9678d5b009b0a9ab2f2a29f8c956a3a23594fb404b10bbfc947fd9d13
XCloner Standalone 3.5 Cross Site Request Forgery
Posted Apr 9, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

XCloner Standalone version 3.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-2579
SHA-256 | 7cff0b0c5062289d1c5503f87678d7e6b556fb49bac270e87ee36c051e96f8a0
CodeCrypt 1.6
Posted Apr 9, 2014
Site github.com

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds lots of new ciphers (made from ChaCha20 and provably-secure XSYND), adds support for symmetric encryption (for large files), removes some obsolete RC4 usage, and adds some convenience features.
tags | tool, encryption
systems | unix
SHA-256 | 3a286297561acfa2c1e993319b1877b862e1a5000ed00727dafee5c81cdb1c45
Heartbleed TLS/DTLS Information Leak
Posted Apr 9, 2014
Authored by prdelka

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.

Changes: Multiple bug fixes have been added since the first release. Please ensure you have the latest copy.
tags | exploit
advisories | CVE-2014-0160
SHA-256 | 68bcedd2a727967e92d3a342ff6f366dc236929be5c2a5f69dba9ed2c35f299a
Cisco Security Advisory 20140409-asa
Posted Apr 9, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by privilege escalation, denial of service, and authentication bypass vulnerabilities. These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities.

tags | advisory, denial of service, vulnerability, bypass
systems | cisco
advisories | CVE-2014-0160
SHA-256 | 5ffa540e1b4add8c5abe5610ec11ee29186c48e865781549c862029d466feeec
Cisco Security Advisory 20140409-heartbleed
Posted Apr 9, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords. Cisco is currently investigating its product line to determine which products may be affected by this vulnerability and the impact on the affected product. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

tags | advisory, remote, vulnerability
systems | cisco
SHA-256 | aa38d0a817596e13f8bd7b8c188c91ddc36ab01e027ee09f40c70a1a9f415b96
Mandriva Linux Security Advisory 2014-067
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-067 - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-0076
SHA-256 | a127887900d2b929726e76323b76e1d45cc581c61d96285182096fdc43b7f4e5
Slackware Security Advisory - openssl Updates
Posted Apr 9, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0076, CVE-2014-0160
SHA-256 | cbd69fa7127b1d2897618471567a32c476868f13b4a86d93ce55cb40cf6bd0f5
Red Hat Security Advisory 2014-0380-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0380-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
SHA-256 | b1c14a6ac4e752c0395f1a5cf3e68d4c9a49a6db0adda89702016afc1fbf3359
Red Hat Security Advisory 2014-0389-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0389-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. XStream is a simple library used by the Red Hat Enterprise Virtualization reports package to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285
SHA-256 | a16c938d12b5e191b973ee7db660a864e245264c8e258440a41f5ef37b3c9858
Red Hat Security Advisory 2014-0383-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0383-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-6150, CVE-2013-4496, CVE-2013-6442
SHA-256 | c19e6cdc1c86ce8d2d9ae6517afe1389434492cef52a2b207665af7e66b3427b
Red Hat Security Advisory 2014-0382-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0382-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-0105
SHA-256 | 297e1003410dcf60a89fdc9e38b34135aa67e5284db0c945d874f56b36d8ebcc
Debian Security Advisory 2898-1
Posted Apr 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2898-1 - Several buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-1947, CVE-2014-1958, CVE-2014-2030
SHA-256 | 99ac6d2c8ab0c93636ebfd52a3e5fc9843527483aa24a4fea1b7dc184a68c9de
Mandriva Linux Security Advisory 2014-073
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-073 - The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-7345
SHA-256 | 3a942a72f3bb0e2d469def4623994ff2661f53ca7af93d0cf0a7bda17e0e2da7
Mandriva Linux Security Advisory 2014-070
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-070 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, mandriva
advisories | CVE-2013-6393, CVE-2014-2525
SHA-256 | e1f25c0d583c8304373cd3d2e2f19521ec8fc4f79262b8cb5e657e1765fdf67f
Mandriva Linux Security Advisory 2014-072
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-072 - XML eXternal Entity flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity attacks. Using the Consumer component of Zend_OpenId, it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework.

tags | advisory, denial of service, arbitrary, xxe
systems | linux, mandriva
advisories | CVE-2014-2681, CVE-2014-2682, CVE-2014-2683, CVE-2014-2684, CVE-2014-2685
SHA-256 | e61ba5c2e78ef37292a817b871cf91b02ffe099c4bc2a6fa1a917b89f1b8b71d
Mandriva Linux Security Advisory 2014-071
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-071 - Updated yaml package fixes security vulnerability. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2525
SHA-256 | b4520413f13f98b58835dfd771527df782dbfb9fac3b41bddf49648c08e96dbc
Mandriva Linux Security Advisory 2014-069
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-069 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The perl-YAML-LibYAML package is being updated as it contains an embedded copy of LibYAML.

tags | advisory, remote, overflow, arbitrary, perl
systems | linux, redhat, mandriva
advisories | CVE-2013-6393, CVE-2014-2525
SHA-256 | 7780c075cd1933fc997c7782f56a049a03ed5df420f176a747880ed4304ee9f9
Mandriva Linux Security Advisory 2014-068
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-068 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-2532, CVE-2014-2653
SHA-256 | 0cf7a48470f92f54508eabbd4f9e1e0ae23f32cf46918fd1489cc6e856cf1a08
Orbit Open Ad Server 1.1.0 SQL Injection
Posted Apr 9, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Orbit Open Ad Server version 1.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-2540
SHA-256 | 14a316274072f518559f502c18206d4ed660b33f9595c21dbee1144b878ea2ed
TLS Heartbeat Proof Of Concept
Posted Apr 9, 2014
Authored by Jared Stafford, Csaba Fitzl

OpenSSL TLS Heartbeat extension memory disclosure proof of concept. Expansion of the original exploit from Jared Stafford - this one supports multiple SSL/TLS versions.

tags | exploit, proof of concept
advisories | CVE-2014-0160
SHA-256 | eacf96cd5f65b639ffd1574293f581a43f690b7ab4f4237f23f7ea69179e7347
Trixbox 2.8.0.4 Cross Site Scripting
Posted Apr 9, 2014
Authored by W1ckerMan

Trixbox version 2.8.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ac5debdefb1713dc35b3a6547af2cb9057024a951ff7e65c23b7c5901c7dc96f
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close