exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2014-09-24

5pmweb.com Cross Site Scripting
Posted Sep 24, 2014
Authored by Provensec

5pmweb.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 44c1d53849693014d71a3e5d067e1538fe075a9353af17787fab810787c01387
insight.ly Cross Site Scripting
Posted Sep 24, 2014
Authored by Provensec

insight.ly suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7ccce86db3bea6965352f61c8695bcf45a7677abaa9756f4f9de035bd34465c9
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
Posted Sep 24, 2014
Authored by Aniway, juan vazquez, Mohsan Farid, Brent Morris, Preston Thornburg | Site metasploit.com

This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-0928
SHA-256 | 3e993a7e854efa86fb910cf5ae6005aed96bf8fef7a6b5ff28fe00ff12003031
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
Posted Sep 24, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2014-2364
SHA-256 | 2c87a396ae651d2548218234d6c075460d07bc9f8c985df84efe8276828e073e
Suricata 2.0.3 Out Of Bounds Access
Posted Sep 24, 2014
Authored by Steffen Bauch

It was found out that the application parser for SSH integrated in Suricata version 2.0.3 contains a flaw that might lead to an out-of-bounds access. For this reason a denial of service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.

tags | advisory, denial of service
advisories | CVE-2014-6603
SHA-256 | d9284970b7ebf84d7392e3f60e31b6673917978d712e1c5c6bc2048f65607f49
X2Engine CRM 4.2.1 Cross Site Scripting
Posted Sep 24, 2014
Authored by Vadodil Joel Varghese

X2Engine CRM version 4.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1553980341872faee49549bbfd60e4d56207ceb47517d124f9a6b20c48de9053
HttpFileServer 2.3c Cross Site Scripting
Posted Sep 24, 2014
Authored by Mahendra

HttpFileServer version 2.3c suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 2feb5ccca4ab293462a18355f56ef10135b82ba084f052bcbb31f14e195f9380
IPTables Bash Completion 1.3
Posted Sep 24, 2014
Authored by AllKind | Site sourceforge.net

iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.

Changes: This release contains two fixes and the --map-set options were added to the SET target.
tags | tool, firewall
systems | linux, unix
SHA-256 | bc5e551ec5cf45782409f2f12f6dece5a828b5d3c81d2edc5ed907caa35aacc7
IPSet List 3.2.1
Posted Sep 24, 2014
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.

Changes: The option -Oi has been extended to allow a generic way of arithmetic comparison on elements options like skbmark, skbprio and skbqueue. Some minor fixes and changes also have been done.
tags | tool, firewall
systems | linux, unix
SHA-256 | 64c062a17bef439d8105af12feae275a0e62d5b5549cb02f23b64c861a3692cb
Red Hat Security Advisory 2014-1287-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1287-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-3558
SHA-256 | 8df62525698bc6668060cc1b9b749fa9c3199a924d832bd499f7418d34dec723
Red Hat Security Advisory 2014-1290-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
SHA-256 | 4f80131519fa532b2d939ededaed4995c7db19a53b730aec5e8cbebbbe84d586
Red Hat Security Advisory 2014-1291-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
SHA-256 | ba67e16970bb0a46123e301e1f81f50c25821c0c92da96b2a81c3531ecce7e24
Red Hat Security Advisory 2014-1286-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1286-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-3558
SHA-256 | b9b89d3bdf0d6dc5f868e4f4c0ca0b9c9b012be09000bcdd1cd915e646e3dbbe
Red Hat Security Advisory 2014-1284-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1284-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0170
SHA-256 | 7d9fe8f6f9c1f706a40f9442301f7e2f501859c472fa8d32b017decb12eaea2f
Red Hat Security Advisory 2014-1285-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1285-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.

tags | advisory, java, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-3558
SHA-256 | 10498041de84d4229d7b188aa858004477c478740f6176bd1e10893834c1c32b
Red Hat Security Advisory 2014-1294-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1294-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-6271
SHA-256 | 367558e0af4bea38e2153ee9ee9c6ce9ff57eb72553269ce1c96319107027e35
Red Hat Security Advisory 2014-1295-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1295-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-6271
SHA-256 | 0ab1587f987ce692a6ed8a870be5c168ea32c5c83293ed22e852410b266a93f8
Red Hat Security Advisory 2014-1293-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1293-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-6271
SHA-256 | 11602d72b531b9a3376befaf2f40d6b9bc9bb40b1d354a5986c1541d7c56f5cd
Debian Security Advisory 3031-1
Posted Sep 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3031-1 - The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution.

tags | advisory, web, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-6273
SHA-256 | 1868df8a88a13239945f034440fe682b0e121f18704c5b892e1bc8e05326064e
Red Hat Security Advisory 2014-1292-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1292-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy. All haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote, web, overflow, tcp
systems | linux, redhat
advisories | CVE-2014-6269
SHA-256 | ea9afa70ec341e7cbc76477bb85a10d68d3e96ac7cd0d0fd2f67a7cf2af9b196
Ubuntu Security Notice USN-2359-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2359-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472
SHA-256 | cf16b83f0cf1bc592f97d89975e48b9fc09cdb89e7cbea49009a9915a86c8c9b
Ubuntu Security Notice USN-2358-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2358-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0d19c0cfd635887d874af2d1b5bf9dfce4d6a57b5a3961bb65c05caa2a2a30c8
Ubuntu Security Notice USN-2355-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2355-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | 6bb051a04b06b8f356fa6ace8abe900b0e5f36a2d10b0d99e687194d614f39f8
Ubuntu Security Notice USN-2357-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2357-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0ebb86614e3898d4a547dc9127eb1ace7ab6fa1c8b81e79dc053df7fce2da65e
Ubuntu Security Notice USN-2354-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2354-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | cc00d48b3eea531226e9d223ac3a99209cf8c6e5080f17972bfb51e37ce4567e
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close