what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 390 RSS Feed

Files Date: 2014-07-01 to 2014-07-31

Fwknop Port Knocking Utility 2.6.3
Posted Jul 30, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: External IP resolution now over SSL by default. Integrated a python fuzzer. Various other updates and additions.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 4558b06eb91d9a0b43993abfaea01eb2270bb13da50cb6379a6d96e1aeae2b47
SkaDate Lite 2.0 Remote Code Execution
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from an authenticated arbitrary PHP code execution vulnerability. This is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.

tags | exploit, arbitrary, php, code execution
SHA-256 | 2f06fa68d2220b816e7d3b3b873ab1d8786c653f2c88bfd5a622ef6802184c6e
SkaDate Lite 2.0 CSRF / Cross Site Scripting
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | a342e8bef5f90b7cfd0703664b106bee5879eec947174e7edebd140cfb15231e
Elastic Search 1.1.1 Arbitrary File Read
Posted Jul 30, 2014
Authored by Larry W. Cashdollar, Bouke van der Bijl

Remote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.

tags | exploit, remote
advisories | CVE-2014-3120
SHA-256 | 9f77dafb99af40f2c2d5742a9434d5f9d672d2a7b83bbada56a2713e609f8b41
HP Security Bulletin HPSBMU03078
Posted Jul 30, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03078 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 5d6e7f71334eb28a670d0f277f242ae20b0a2096b54f07c19dcf6c90772314f2
Facebook For Android Information Disclosure / Open Proxy
Posted Jul 30, 2014
Authored by Joaquin Manuel Rinaudo

Both Facebook for Android and Facebook Messenger for Android suffered from issues such as being an open proxy, disclosure of private video content, disclosure of audio recordings in chat messages, and use of various vulnerable packages.

tags | exploit
SHA-256 | 3a82aa89d021954d0b9932d6fe28234686a74433ba2533d02c1595c597cab340
D-Link DWR-113 Cross Site Request Forgery
Posted Jul 30, 2014
Authored by Blessen Thomas

D-Link DWR-113 revision Ax suffers from cross site request forgery vulnerability that can cause a denial of service.

tags | exploit, denial of service, csrf
advisories | CVE-2014-3136
SHA-256 | 5a469f3913e9c7a0597584d253af79e6f10917e7f751ff2af618fbc68ad4b266
D-Link AP 3200 Missing Authentication / Cleartext Secret Storage
Posted Jul 30, 2014
Authored by pws

D-Link AP 3200 fails to authenticate requests to wireless settings, stores credentials in plaintext, and uses a weak cookie value.

tags | exploit, bypass, info disclosure
SHA-256 | 1adee944461c867636ad8a7e90a9b0c101706ca73b2f762045ec1d3ca7ba4e09
Joomla Kunena Forum 3.0.5 Cross Site Scripting
Posted Jul 30, 2014
Authored by Dionach

Joomla Kunena Forum extension version 3.0.5 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7ea555b3d3d052fddd2d76f219568124d96dad6756f324d82fa40f59e64f35e2
Joomla Kunena Forum 3.0.5 SQL Injection
Posted Jul 30, 2014
Authored by Dionach

Joomla Kunena Forum extension version 3.0.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | ef0bae7bedab0078d46bc0efb4a3b230e6b1baac8e8e4858ac87eecb25224dfe
Debian Security Advisory 2992-1
Posted Jul 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3534, CVE-2014-4667, CVE-2014-4943
SHA-256 | b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557
Ubuntu Security Notice USN-2302-1
Posted Jul 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2302-1 - David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099
SHA-256 | 189666d0fdd5b8688f20b755f3d2d041a8e8b55574843f3c4d5cef703fe3b976
Mandriva Linux Security Advisory 2014-140
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-140 - Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs.

tags | advisory
systems | linux, mandriva
SHA-256 | 367ab066b22696b50ca46161ca38e28db8f30f3ee2f7ccdcce8b90c7d3e63a18
Mandriva Linux Security Advisory 2014-141
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-141 - It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions ,. Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. The Diffie-Hellman key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. This update is based on IcedTea version 2.5.1, which fixes these issues, as well as several others.

tags | advisory, java, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
SHA-256 | 410a89a0f8916dd51868002b877ca25334db121005a195e78ff78eaf6e2697fd
Mandriva Linux Security Advisory 2014-139
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1544
SHA-256 | 3d98eba8862e8bda7926d387ee30decd2d5596f62890e780121cd4d4a07565da
I2P 0.9.14
Posted Jul 30, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: 0.9.14 includes critical fixes for XSS and remote execution vulnerabilities.
tags | tool
systems | unix
SHA-256 | 30bb7bbfd1ff829dab048bbb6264d6cf20b2a01511e7cddd4fc13771feb6a780
OpenDNSSEC 1.4.6
Posted Jul 30, 2014
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 53f9c454f331822925d76c9d9e5e7cb3fe2dfb03e3c467f67f9412f10d0fd5ec
TOR Virtual Network Tunneling Tool 0.2.4.23
Posted Jul 29, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.4.23 brings us a big step closer to slowing down the risk from guard rotation, and also backports several important fixes from the Tor 0.2.5 alpha release series.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 05a3793cfb66b694cb5b1c8d81226d0f7655031b0d5e6a8f5d9c4c2850331429
SAP Netweaver Business Warehouse Missing Authorization
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.

tags | advisory, remote
SHA-256 | 51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80a
SAP HANA XS Administration Tool Cross Site Scripting
Posted Jul 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
SHA-256 | c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfd
SAP FI Manager Self-Service Hardcoded Username
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.

tags | advisory
SHA-256 | 6af964bfb323ace71af49db49e9c09318bd3bd26ffd097eee87a3bcf28af33bb
SAP_JTECHS HTTP Verb Tampering
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.

tags | advisory, remote, web
SHA-256 | 6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75
SAP HANA IU5 SDK Authentication Bypass
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.

tags | advisory
SHA-256 | 012319929550f40aff45210c9e107a59b2e67cadbe0eba2ea67d08b03dc14274
SAP HANA XS Missing Encryption
Posted Jul 29, 2014
Authored by Manuel Muradas, Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.

tags | advisory
SHA-256 | 3c59882224f4e683e1189c962e0c8f1e472ad02e008d6bd4c6be59028fba9d6b
Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri, Ebrahim Hegazy, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Networks Web Application Firewall version 6.1.5 and LoadBalancer version 4.2.2 suffer from filter bypass and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | f9aabc1b0f4bff1070f734b4a100285651be2b51f5a95b036752aec6fe50a330
Page 1 of 16
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close