what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files Date: 2015-07-22

Lynis Auditing Tool 2.1.1
Posted Jul 22, 2015
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds a lot of improvements, with focus on performance, and additional support for common Linux distributions and external utilities.
tags | tool, scanner
systems | unix
SHA-256 | d17b3cbbd305c52b9cd0d5141f41954882f398db44f26c10cb45fdaaa46a99d2
WordPress Paid Memberships Pro 1.8.4.2 Cross Site Scripting
Posted Jul 22, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5532
SHA-256 | 410ccd42ad7f7fd44ee5b3408fbbe29164843761e90521e5e7335512139412ff
WordPress Count Per Day 3.4 SQL Injection
Posted Jul 22, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-5533
SHA-256 | f687e1b0d3ad51322c1b0413cd02097173f02fb47e8b268312c45c39c2901d6d
EMC Avamar Directory Traversal
Posted Jul 22, 2015
Site emc.com

EMC Avamar includes a directory traversal vulnerability that could potentially be exploited by malicious users to access the data on the Avamar Server. Affected products include EMC Avamar Server all versions from 7.0 to 7.1.1-145 (inclusive) and EMC Avamar Virtual Addition (AVE) all versions from 7.0 to 7.1.1-145 (inclusive).

tags | advisory
advisories | CVE-2015-4527
SHA-256 | c6bcceab48f34aae26e4a2a6e821e935301ecdd0843777f09bd60177c5a04537
Xceedium Xsuite Command Injection / XSS / Traversal / Escalation
Posted Jul 22, 2015
Authored by Martin Schobert

Xceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-4664, CVE-2015-4669
SHA-256 | 435b9ea5332e4395e8c3c079290a5fe9be967080695ef116f10918e9ad4d0414
NetCracker Resource Management System 8.0 SQL Injection
Posted Jul 22, 2015
Authored by Chia Junyuan, Benjamin Tan, Foo Jong Meng

NetCracker Resource Management System versions 8.0 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3423
SHA-256 | 93d2f137db25cb48662c6394b587ff5d423fa89e6aff521417512fcc7700707b
NetCracker Resource Management System 8.0 Cross Site Scripting
Posted Jul 22, 2015
Authored by Chia Junyuan, Benjamin Tan, Foo Jong Meng

NetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2207
SHA-256 | 919ec0379fdf91eec0154ace839eb6d6c2a1ed54c9f07a49617f729d6eeb7926
Microsoft Security Bulletin Revision Increment For July, 2015
Posted Jul 22, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for July, 2015.

tags | advisory
SHA-256 | dfbfa2a50e30d66f21c2c9f3183eaa18f1021dc2ce7c5214d084192eabc508e9
Cisco Security Advisory 20150722-tftp
Posted Jul 22, 2015
Site cisco.com

cisco-sa-2015722-tftp.txt - A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The TFTP server feature is not enabled by default. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 658481621117b1e5ad4720664e9f121c4ec0623b5bc76430db620a3e6fc56afc
Red Hat Security Advisory 2015-1485-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1485-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 794c652bb7d208e3f4dd4c9b8fac7a97aaa4c11f4e0da035ca9234948959b6e5
Red Hat Security Advisory 2015-1486-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1486-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 1a69476a2a502577fbfdefd6cda2711b581bb8fc6bba18e7c2c0acd53f683d9f
Open Web Analytics 1.5.7 XSS / Password Disclosure / Crypto Weakness
Posted Jul 22, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | eff923ffcdcd382735364473953777226ac5141d068f398cd44bc9d036ebb5d2
FreeBSD Security Advisory - Resource Exhaustion
Posted Jul 22, 2015
Authored by Jonathan Looney, Lawrence Stewart | Site security.freebsd.org

FreeBSD Security Advisory - TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets.

tags | advisory, tcp, protocol
systems | freebsd
advisories | CVE-2015-5358
SHA-256 | ca370532c669a959a43a27961c0f51adab4f5da48a536d4759a39ad719cbe9a9
Red Hat Security Advisory 2015-1344-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1344-01 - The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. Note: This issue has been fixed by adding the "AUTOFS_" prefix to the affected environment variables so that they are not used to subvert the system. A configuration option to override this prefix and to use the environment variables without the prefix has been added. In addition, warnings have been added to the manual page and to the installed configuration file. Now, by default the standard variables of the program map are provided only with the prefix added to its name.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2014-8169
SHA-256 | 14f6a08aaec36181c76a2200b5055fb5bc3d2ce81fa1e01f5ce899a036fca960
Red Hat Security Advisory 2015-1385-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1385-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.

tags | advisory, denial of service, perl, protocol
systems | linux, redhat
advisories | CVE-2014-3565
SHA-256 | e856697fa0fbaf74af1b4b3706a28577bc53843c99783d86587297c7214ca752
Red Hat Security Advisory 2015-1287-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1287-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. The freeradius packages have been upgraded to upstream version 2.2.6, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2014-2015
SHA-256 | fff0889efd9c4efb715a9ebd610f56cf82b6e6c7c64de811570484fbdb6d13bb
Red Hat Security Advisory 2015-1347-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1347-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting attack against victims using the Certificate System's web interface.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2012-2662
SHA-256 | 1bb6fac126d70d90824254f7e4c907a2edb6ed2e4c8f6d047dc7c0a0b16ee4ba
Red Hat Security Advisory 2015-1320-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1320-01 - The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the reported events. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-4038, CVE-2014-4039
SHA-256 | 63440a3bb657de211eb5615f2e0a1ca271c07da80d15773bf005bd3d8ba62b86
Cisco Security Advisory 20150722-mp
Posted Jul 22, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a password change request. HTTP session functionality does not validate the session ID in the HTTP request for the password change request. An attacker could exploit this vulnerability via a crafted HTTP request and change arbitrary user passwords to gain access to the application. A successful exploit could allow the attacker to use the reset credentials to gain full control of the application. Cisco has released software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.

tags | advisory, remote, web, arbitrary
systems | cisco
SHA-256 | 7cbd83c8b6d07ea171e6c9a9d09ae2d0b179745988e82ee08f8883d41da6a3f2
Cisco Security Advisory 20150722-apic
Posted Jul 22, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC filesystem. An attacker could exploit this vulnerability by accessing the cluster management configuration of the APIC. An exploit could allow the attacker to gain access to the APIC as the root user and perform root-level commands. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, root
systems | cisco
SHA-256 | fafd7eb09a16ca913cb45419d8ba5f8ceb303b8a96173884be5dd66938a190c9
Red Hat Security Advisory 2015-1254-02
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1254-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148
SHA-256 | 0ed5cabcb944358c959adc7aca7eed2a6fdaaf3a1626d9b045adaa54f8d1b50f
Ubuntu Security Notice USN-2676-1
Posted Jul 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2676-1 - It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. Tuomas discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-6410, CVE-2013-7441, CVE-2015-0847
SHA-256 | 0cfef8765233ddb6db3ab0a1c9ceb17aa66f3140b82421a3ebb1288b1ef8d9c9
Gentoo Linux Security Advisory 201507-21
Posted Jul 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-21 - Multiple vulnerabilities have been found in libXfont, the worst of which could result in execution of arbitrary code or Denial of Service. Versions less than 1.5.1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | d6f33139e8c527bc70c4ea761d7fc2d4631efdbe323f07c4c8c6e913720f3040
Ubuntu Security Notice USN-2675-1
Posted Jul 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2675-1 - Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2015-1331, CVE-2015-1334
SHA-256 | 47dbd7d7a0f2824fa938fc929557064d57f6833f03d5e891f292307fdb4e85b7
Red Hat Security Advisory 2015-1471-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1471-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-4620
SHA-256 | 2debc590947a9e9122956a6dc9e4c78dece4a4fc8c76d4716510b0804d68f369
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close