what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2014-06-11

CodeIgniter 2.1.4 Weak Encryption
Posted Jun 11, 2014
Authored by Robin Bailey

CodeIgniter versions 2.1.4 suffer from a weakly encrypted cookie vulnerability if the Mcrypt PHP library is not installed.

tags | advisory, php
SHA-256 | ecbf837304eedee509b6d4b0af685f95cc4f63942f6dad1dd1b88c9a74a1f9e9
Samsung Cross Site Scripting
Posted Jun 11, 2014
Authored by Robert Garcia

design.samsung.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f6d47c73257707a25b4b14cfb56ae59b58145d7e696aa688cb0b097804f23436
WordPress AdminOnline Local File Disclosure
Posted Jun 11, 2014
Authored by Medrik

WordPress AdminOnline plugin suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 20c692d7751807177e345335572951873758bd2fa6401da41ae11db57ed96e9b
VMware Security Advisory 2014-0006
Posted Jun 11, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0006 - VMware product updates address OpenSSL security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | e32f3b5a005455ef9b833d1324278466b8f0efab24e79651b63fe8563d8dd79c
Openfiler NAS/SAN Appliance 2.99 XSS / Traversal / Command Injection
Posted Jun 11, 2014
Authored by MiDoveteMollare

Openfiler NAS/SAN appliance version 2.99 suffers from cross site scripting, passwords stored in clear text in cookies, remote command injection and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, file inclusion
SHA-256 | 033210cad699df5b692844387b4b7da0a85761ea376428c5907abfe92e8a22f4
Oracle Access Manager Information Disclosure
Posted Jun 11, 2014
Authored by Jing Wang

Oracle Access Manager suffers from information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2014-2404, CVE-2014-2452
SHA-256 | 539e2bd88a74aa0c87100a26eb6bbe230d80c950250b0a640fabaedc752f02c0
HAM3D Shop Engine CMS Cross Site Scripting
Posted Jun 11, 2014
Authored by Medrik

HAM3D Shop Engine CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 1ff525393758bf5f38b347f6082d6a122ba68a023ccbfd162961b7af6c57d4bd
ntop Cross Site Scripting
Posted Jun 11, 2014
Authored by Manish Tanwar

ntop suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 35b20d152d65e04c2c54cd3dc5116e2a46f202ebdc20bb9c7b03b74554c6c04c
ZTE, TP-Link, ZynOS, Huawei rom-0 Configuration Decompressor
Posted Jun 11, 2014
Authored by Osanda Malith

This is a python script that decompresses the rom-0 configuration for ZTE, TP-Link, ZynOS, and Huawei.

tags | tool, python
systems | unix
SHA-256 | edbc541d4fd6a39f2011f02eae1cc09eeb4360235f4ccb2da21bb4abd9720abc
Red Hat Security Advisory 2014-0679-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0679-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | a8d4089140a1c66f2437687b323ab374e31f8637c84458203fd269e677d1bf6b
Red Hat Security Advisory 2014-0675-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0675-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | 1626f71a9dc8a4731bb5dcecc1aba000fab963b345a886ec30b8e48e98992653
Red Hat Security Advisory 2014-0703-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0703-01 - JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C representation of JSON objects. Multiple buffer overflow flaws were found in the way the json-c library handled long strings in JSON documents. An attacker able to make an application using json-c parse excessively large JSON input could cause the application to crash. A denial of service flaw was found in the implementation of hash arrays in json-c. An attacker could use this flaw to make an application using json-c consume an excessive amount of CPU time by providing a specially crafted JSON document that triggers multiple hash function collisions. To mitigate this issue, json-c now uses a different hash function and randomization to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, overflow
systems | linux, redhat
advisories | CVE-2013-6370, CVE-2013-6371
SHA-256 | ec0b06a0535e8df27753e5181c0e7d8cade9fc689caf95d4a775564fb8104dc4
Red Hat Security Advisory 2014-0684-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0684-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3465, CVE-2014-3466
SHA-256 | c3480dbeae965e50ea2596aee4b2db89bd2a3b4760517ee917313be96570a000
Red Hat Security Advisory 2014-0687-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0687-01 - The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | 822c88ae36d5215b0d611a8605c6c91e9253af0d2d6533a8933792993155a472
Red Hat Security Advisory 2014-0686-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0686-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server. It was found that when Tomcat 7 processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, denial of service, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0186
SHA-256 | a961b3a2294976e62d60677e2ff60bb5f94eabb13b8b940d61c0a577251e2b1d
Red Hat Security Advisory 2014-0680-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0680-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | cfc42482941058c500876f4d08b6cb141fb056144a464de45472253004ab6dac
Red Hat Security Advisory 2014-0678-02
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0678-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0196
SHA-256 | 0af5814a25e17e5b72245dadeadbd9fe62d8a7285c1aa869a96c92fbd8095db7
Red Hat Security Advisory 2014-0742-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0742-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1533, CVE-2014-1538, CVE-2014-1541
SHA-256 | e7117f129ba4571f657c249a7c9c071b0c8f8b990140d5bfbb0b889c9ceb9477
Red Hat Security Advisory 2014-0741-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0741-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1533, CVE-2014-1538, CVE-2014-1541
SHA-256 | 8bfae5d2e4aa81430daadf309a33cf84c3f7a96cf44159c351d381ed39ff9ba2
Red Hat Security Advisory 2014-0740-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0740-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2013-7339, CVE-2014-1737, CVE-2014-1738
SHA-256 | 0017b71d1e1f6e86fe87b339357aa9052a35e7430971f29dfb7fb4181ae04320
Red Hat Security Advisory 2014-0744-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0744-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-2894, CVE-2014-3461
SHA-256 | c6ce2409ba4608d4d3d3603918d16469c4e51f716467bdf6ea4a4f531e27cbef
Red Hat Security Advisory 2014-0743-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0743-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-2894, CVE-2014-3461
SHA-256 | 7551cfb9286069e49610c9c4792c8f74264a2a7bd5f8be1ff9710d2ae94ad226
Red Hat Security Advisory 2014-0702-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0702-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. These updated packages upgrade MariaDB to version 5.5.37.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
SHA-256 | e0509cb643b98c8c623fea56b82bffcdadabf9e11a7928bd59f85954775aa0a2
Red Hat Security Advisory 2014-0704-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0704-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a user-space component to run virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-2894
SHA-256 | 9c36baa21f31786b6deedda3f2ace5127c314ca5d81bc564338d508586595046
Red Hat Security Advisory 2014-0685-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0685-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | 1c2adf2b26251abcda01f83436046d7cb56b561c50f32c768fc96c5ff861fdef
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close