what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-04-17

D-Link DAP-1320 Directory Traversal / Cross Site Scripting
Posted Apr 17, 2014
Authored by Kyle Lovett

D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 77b810526b2243160b03793dfdb3c3585e5ec7325808307c5d7dc5f0e4ec20bd
F-Secure Messaging Security Gateway 7.5.0.892 Cross Site Scripting
Posted Apr 17, 2014
Authored by William Costa

F-Secure Messaging Security Gateway version 7.5.0.892 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1ebe4673c3131e4294001e8442564433f1c1492f36c6fab08541b4faaba0b2bb
AIEngine 0.6
Posted Apr 17, 2014
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: FreeBSD support, Pcre with JIT, integration with databases, IPSets support, and so on.
tags | tool
systems | unix
SHA-256 | b375bd144b2f81ac70be343ff773bd7359c755f388f319524145505fb617fc64
Nagios Remote Plugin Executor 2.15 Remote Command Execution
Posted Apr 17, 2014
Authored by Dawid Golunski

Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 035764b6de0406994622b53a57f33221624085f4e55263d2f7452b0cfbc8b3ed
HP Security Bulletin HPSBMU02995 3
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02995 3 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 86765e24d5fcb7d4170feb34ec2d8d7db6999d8047673df3d2fb46a973590cdb
HP Security Bulletin HPSBMU02998 2
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | 733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49
HP Security Bulletin HPSBGN03010
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03010 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 172c320e016b03571bbe375dc655cf8d96104b9638eb6a31af4da51d7f8d2058
HP Security Bulletin HPSBMU02935 2
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02935 2 - Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 2 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2013-4837, CVE-2013-4838, CVE-2013-4839, CVE-2013-6213
SHA-256 | c17c49979c868c01c3de4db8eacd6549014a47f13c9b15385389dc06d3eacb41
HP Security Bulletin HPSBMU02987
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02987 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow remote execution of code. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2013-6215
SHA-256 | 146b6c10aaae84fdd8c94f2074128e3d38ec819b17d443dbeec5d4e08d5f449c
HP Security Bulletin HPSBMU02988
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02988 - A potential security vulnerability has been identified with HP Universal Configuration Management Database Integration Service. The vulnerability could be exploited to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-6214
SHA-256 | 5cfdc87ca68bc3d113f239c5c7c951f574a2fc5614984e93389993becc828ef0
HP Security Bulletin HPSBMU02982
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02982 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-6212
SHA-256 | b4e78fd8204d45695af10e5c2e77b2a9175a0c50fd21acb8579dcc925aaa1477
HP Security Bulletin HPSBGN03008
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03008 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | dc12ff4b97cc7f7bde3e57c9bc930be617618f08358ac5d4132d942d76cef2c1
HP Security Bulletin HPSBMU02996
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02996 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be remotely exploited resulting in unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | linux, windows, solaris, hpux
advisories | CVE-2013-6218
SHA-256 | 832c5ff1a9d8afd2aacff0f24630f22290dc29524365a7b0173bb95574e49237
Red Hat Security Advisory 2014-0412-01
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0412-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414
SHA-256 | 14e6e30de1dd8d53d0118bd04bcdd0bae0938c861f8eebcd77cbd8be81d4fe4c
Red Hat Security Advisory 2014-0413-02
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0413-02 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414
SHA-256 | 36273595a316596e5e9c175f2af277f4b20df80c8667ad56d776f9fbe9258c28
Red Hat Security Advisory 2014-0409-02
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0409-02 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. The gluster-swift component, provided by Red Hat Storage, requires the auth_token middleware. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-0105
SHA-256 | debcf705b06b5d1037df044c9082983bed52386575c5808c293ec0369d358fea
Mandriva Linux Security Advisory 2014-079
Posted Apr 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-079 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-6370, CVE-2013-6371
SHA-256 | 283252a26796384c39dbaf9c5eebd109cce41ade7c0422b68ccb6e4ff62aa236
Red Hat Security Advisory 2014-0416-01
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.

tags | advisory, info disclosure
systems | linux, redhat, windows
advisories | CVE-2012-4929, CVE-2013-0169, CVE-2013-4353, CVE-2014-0160
SHA-256 | 0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1
Red Hat Security Advisory 2014-0415-01
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0415-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-6393, CVE-2014-2525
SHA-256 | 5fef5f073818707ceea9b7f87273bfe379b0a83bea50ee402ae2cf18c228dca7
Red Hat Security Advisory 2014-0414-01
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0414-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469
SHA-256 | 5b3fb26a72b3dc5b46c59de7a98419bcfae270b7312d42ac692372308de6f6a1
CMSimple 4.4.2 Remote File Inclusion
Posted Apr 17, 2014
Authored by NoGe

CMSimple versions 4.4.2 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | f91d039649d0d7455138e22a97cb9bbde986f51fffebbd0a62328e6e857ccbea
Jzip 2.0.0.132900 Buffer Overflow
Posted Apr 17, 2014
Authored by motaz reda

Jzip version 2.0.0.132900 structured exception handler (SEH) unicode buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
SHA-256 | a6e85747e12c5a2bb932271a468a9287a562d49c9948a9fb730c4886698b8934
McAfee Security Scanner Plus Rogue Binary Execution
Posted Apr 17, 2014
Authored by Stefan Kanthak

Poor treatment of file paths may lead to rogue binary execution in McAfee Security Scanner Plus.

tags | advisory
SHA-256 | 1f27a310e8ba534f86eb471ef915bc94b1c682806e2c9e1eb7e4cbce7b1f69a1
ASUS RT Password Disclosure
Posted Apr 17, 2014
Authored by David Longenecker

ASUS RT series of routers disclose administrative credentials.

tags | exploit, info disclosure
advisories | CVE-2014-2719
SHA-256 | 8772a0c6d1603fbc6b5d100af4cf6abccf78190e836b3ada0d1b5bdd764b4937
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close