what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2015-01-14

WordPress Simple Security 1.1.5 Cross Site Scripting
Posted Jan 14, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9570
SHA-256 | 7903268191af99e0f4af1ae087e4cd87915db78de06194ae76e97b648cdc5af7
AusCERT 2015 Call For Presentations
Posted Jan 14, 2015
Site conference.auscert.org.au

The AusCERT2015 Call For Presentations has been extended by one week. It will be held at the RACV Royal Pines Resort, Gold Coast, Australia June 1st through the 5th, 2015.

tags | paper, conference
SHA-256 | e3d37e2713fcc3855493c2745aad5852c56e4891f486f425ab8e3c17c2715b89
Microsoft MS14-080 Proof Of Concept
Posted Jan 14, 2015
Authored by Dieyu

Proof of concept code that demonstrates a bypass flaw in Microsoft's cross site scripting filter.

tags | exploit, xss, proof of concept
advisories | CVE-2014-6365
SHA-256 | 0875f3451496c71e7cae3de5807a25a36dee4a8152a23f8e1981178604c35d34
WiFi File Browser Pro 2.0.8 Code Execution
Posted Jan 14, 2015
Authored by Hadji Samir, Vulnerability Laboratory

WiFi File Browser Pro version 2.0.8 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 3a17fedccf065dba2df2c8cc06ab986128e6739ee172a59e2c48817e94704d18
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection
Posted Jan 14, 2015
Authored by Luke Walker

Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP response from the device.

tags | exploit, web, local, file inclusion
SHA-256 | ded2a0627c3a429a64de38ac35a2932ed3eba1561ee7e5b46f1a77886f913fdd
TechSmith Camtasia 7 / 8 Cross Site Scripting
Posted Jan 14, 2015
Authored by Soroush Dalili

TechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0da3668d93c5d907fcfe6b8abc0ab9b5251abb5997b3d5d0d8042ce947378c29
Kodi/XBMC 14 Cross Site Request Forgery
Posted Jan 14, 2015
Authored by Wolfgang Ettlinger | Site sec-consult.com

Kodi/XBMC versions 14 and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | cecacfa36504e9b71f724b2954aff24637057840d82bcf91a6137809b422a665
Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload
Posted Jan 14, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Foxit MobilePDF version 4.4.0 suffers from arbitrary file upload and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, file inclusion, file upload
SHA-256 | 5f85f991b9a8dad94c8ffd8d5807d15fd8470726411c60a63efafc1858cefbce
Microsoft Security Bulletin Revision Increment For January, 2015
Posted Jan 14, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for January, 2015.

tags | advisory
SHA-256 | b35e37693f73c2e8b781524b432a3cf64d53b82f7dd69b8c458884d9df656e66
Microsoft Security Bulletin Summary For January, 2015
Posted Jan 14, 2015
Site microsoft.com

This bulletin summary lists eight released Microsoft security bulletins for January, 2015.

tags | advisory
SHA-256 | 2fe73ec475cd8a31081141991b6ee5bce05c41923fbbe4c4dd52789e2e920d24
Blitz CMS SQL Injection
Posted Jan 14, 2015
Authored by P0!s0nC0d3, Vulnerability Laboratory | Site vulnerability-lab.com

Blitz CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c66ceb6f433e98cdcfb6154dfe4e13c116eb212f54de99cc44c88cbcb6870da4
KeySweeper Stealth Logger
Posted Jan 14, 2015
Authored by Samy | Site github.com

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

tags | tool, sniffer
SHA-256 | 7d3cce0ee36f29266235b182ba2142ade64c886109aa061d0884fbcfb4375461
Sitefinity Enterprise 7.2.53 Script Insertion
Posted Jan 14, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Sitefinity Enterprise version 7.2.53 suffers from a persistent script insertion vulnerability.

tags | exploit
SHA-256 | bc702250ffdaf36a6363da46fb048aa11ee62eed45197602c51eac283f6341bb
Ansible Tower 2.0.2 XSS / Privilege Escalation / Authentication Missing
Posted Jan 14, 2015
Authored by Manuel Hofer | Site sec-consult.com

Ansible Tower versions 2.0.2 and below suffer from cross site scripting, privilege escalation, and missing vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6e3115b310156299b33941a1b818a51f6f4f245f77904472bfc207672fab5870
Congstar Internet-Manager SEH Buffer Overflow
Posted Jan 14, 2015
Authored by metacom

Congstar Prepaid Internet-Stick suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | b161408db9940a56935ea3d2849edc91522ac265879fb0edcd77fc15f1807ba5
T-Mobile Internet Manager SEH Buffer Overflow
Posted Jan 14, 2015
Authored by metacom

T-Mobile Internet Manager web'n'walk Stick Fusion version 8.01.2015 suffers from a buffer overflow vulnerability.

tags | exploit, web, overflow
SHA-256 | 6c14082d057cbbddf70192794e7aed3390eae31cd95dbd6f2dabe41eb835f51d
Apache Qpid 0.30 Denial Of Service
Posted Jan 14, 2015
Authored by G. Geshev

Apache Qpid's qpidd up to and including version 0.30 suffers from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2015-0203
SHA-256 | 93e08a917a4400984c0daa916d80f064f905d79916e53644c6f039af207a0100
CMS b2evolution 5.2.0 Cross Site Scripting
Posted Jan 14, 2015
Authored by Steffen Roesemann

CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4b95a602e4064b14c1925613d95f0cd6ab4878e0ce547bf1e2ca309b92c192e4
Ubuntu Security Notice USN-2470-1
Posted Jan 14, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2470-1 - Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9390
SHA-256 | 85b950ee8227de6144153e9f9d7593a621bb882118bc9fc9f52fbfc82a0d2838
Red Hat Security Advisory 2015-0046-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0046-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641
SHA-256 | f4b93c12f58e5c35affaf35be1f54a6e7e80329d12affa6b11389446e5167813
Red Hat Security Advisory 2015-0047-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0047-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
SHA-256 | c4c90cbbcab5333ce920d4813c89f6733d5c1a0c81ef3a8da7a3d197136f93ae
Red Hat Security Advisory 2015-0045-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0045-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5-year life cycle of Production Support for the 4.0 version will end on June 19, 2015. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux OpenStack Platform version 4.0 after June 19, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to upgrade to the latest version of Red Hat Enterprise Linux OpenStack Platform as soon as possible. As of the End of Life date, this is expected to be the 6.0 version, based on the upstream Juno release, and will be supported for 3 years. In addition, the 5.0 version will continue to be in the Production Support phase until its End of Life on June 29, 2017. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux OpenStack Platform version.

tags | advisory
systems | linux, redhat
SHA-256 | 58c4da3d86b9a303571a1d44dbac49ef14eaf8cec631e645d8305d189210b02d
Red Hat Security Advisory 2015-0043-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0043-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688
SHA-256 | 9417d6425fbb2d1b37ec0488e89d2176d4de927c292cf623ef0ff73757c17c62
Red Hat Security Advisory 2015-0042-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0042-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, remote, denial of service, python
systems | linux, redhat
advisories | CVE-2013-2099
SHA-256 | 6706af2caac638d9939aa28f31ae15f6d34e9050051252c075201903cea2c614
Red Hat Security Advisory 2015-0044-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0044-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-7821
SHA-256 | 1dda85bebea21cccfc20796f94883bc7c92a1ae9924506a10d1b3c6408a7d1c8
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close