what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-07-29

TOR Virtual Network Tunneling Tool 0.2.4.23
Posted Jul 29, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.4.23 brings us a big step closer to slowing down the risk from guard rotation, and also backports several important fixes from the Tor 0.2.5 alpha release series.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 05a3793cfb66b694cb5b1c8d81226d0f7655031b0d5e6a8f5d9c4c2850331429
SAP Netweaver Business Warehouse Missing Authorization
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.

tags | advisory, remote
SHA-256 | 51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80a
SAP HANA XS Administration Tool Cross Site Scripting
Posted Jul 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
SHA-256 | c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfd
SAP FI Manager Self-Service Hardcoded Username
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.

tags | advisory
SHA-256 | 6af964bfb323ace71af49db49e9c09318bd3bd26ffd097eee87a3bcf28af33bb
SAP_JTECHS HTTP Verb Tampering
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.

tags | advisory, remote, web
SHA-256 | 6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75
SAP HANA IU5 SDK Authentication Bypass
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.

tags | advisory
SHA-256 | 012319929550f40aff45210c9e107a59b2e67cadbe0eba2ea67d08b03dc14274
SAP HANA XS Missing Encryption
Posted Jul 29, 2014
Authored by Manuel Muradas, Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.

tags | advisory
SHA-256 | 3c59882224f4e683e1189c962e0c8f1e472ad02e008d6bd4c6be59028fba9d6b
Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri, Ebrahim Hegazy, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Networks Web Application Firewall version 6.1.5 and LoadBalancer version 4.2.2 suffer from filter bypass and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | f9aabc1b0f4bff1070f734b4a100285651be2b51f5a95b036752aec6fe50a330
WiFi HD 7.3.0 LFI / Traversal / Command Injection / CSRF
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

WiFi HD version 7.3.0 suffers from local file inclusion, directory traversal, command injection, and cross site request forgery vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
SHA-256 | 385a35c17ef6e5d6fe31cad54fc9c513afe14f1ef33ed25c6b35b80ff42a5f85
DEScrypt Ztex Bruteforcer
Posted Jul 29, 2014
Authored by GiftsUngiven

Proof of concept project that demonstrates how old FPGA boards can be reused for hash cracking purposes.

tags | tool, cracker, proof of concept
SHA-256 | a5d7dd772b6f73f7bfd7ffca2d5849a002cf66e9c9f01f669a988bda7fac8011
Siemens SIMATIC WinCC Privilege Escalation
Posted Jul 29, 2014
Authored by Siemens ProductCERT | Site siemens.com

Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2014-4682, CVE-2014-4683, CVE-2014-4684, CVE-2014-4685, CVE-2014-4686
SHA-256 | 7b2386094198c589bb175e6f6352b3527830abc474c16d1dbe09639309362020
Lyris ListManagerWeb 8.95a Cross Site Scripting
Posted Jul 29, 2014
Authored by 1N3

Lyris ListManagerWeb version 8.95a suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e824ac215ca489b54cbb8e68ab45e456ebda1efbabb8167f8f80f7e30fe06d18
Red Hat Security Advisory 2014-0981-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0981-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145
SHA-256 | de80732b0357d6b9f6be6f8c9e7da59e5a32c6ff3a767b3625c79cfd20dbec82
Red Hat Security Advisory 2014-0979-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0979-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange parameters. This could possibly lead to weak encryption being used in communication between the client and the server.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-1491
SHA-256 | 7e472af39243b2111c21f2041f546e46ac85697a4ad1633bc4b0836a92c7ee63
Red Hat Security Advisory 2014-0982-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0982-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429
SHA-256 | b4ddf444c5203044fecdf2fbe1d797919572413a3765151f718ef34faded1004
LinkedIn User Account Handling
Posted Jul 29, 2014
Authored by Kishor Sonawane

LinkedIn suffered from a user account handling vulnerability.

tags | exploit, csrf
SHA-256 | dd6ed709186c8feeaebc535e20b97700385afcfc7f3bff6f93e8a57396aa2011
SQLMap ile CSRF Bypass
Posted Jul 29, 2014
Authored by Ibrahim Balic

This whitepaper discusses hacking with sqlmap and leveraging cross site request forgery vulnerabilities. Written in Turkish.

tags | paper, vulnerability, csrf
SHA-256 | 7130a96bfe8e601c63c6db831c76a47578959bc3aa160183ca7c39ba4c380efd
WordPress WhyDoWork AdSense 1.2 XSS / CSRF
Posted Jul 29, 2014
Authored by Dylan Irzi

WordPress WhyDoWork AdSense plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | af9bca3fe65b0a9bbf0292a7c524d2bc3961c3d5ba4dc081c13b25eb55493d3d
J&W Communications SQL Injection
Posted Jul 29, 2014
Authored by Hekt0r

Sites created by J&W Communications appear to suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 65f4085262255284edb648a36920c83ccae9bf601ad67291db7f5c7ac9a711b3
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close