what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2014-03-06

ownCloud 4.0.x / 4.5.x Remote Code Execution
Posted Mar 6, 2014
Authored by Alejo Murillo Moya | Site portcullis-security.com

ownCloud versions 4.0.x and 4.5.x suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-2044
SHA-256 | c65453c7d509deaa48610d2f613f6869f087ed9c465830cd85a1506f6c8ea17c
SonicWall Dashboard Cross Site Scripting
Posted Mar 6, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Vulnerability Laboratory Research Team discovered a client-side cross site scripting web vulnerability in the SonicWall backend servers with which firewalls communicate.

tags | exploit, web, xss
SHA-256 | a3ef7226bb0bd32e609daeaf47556d4710d38214467798953308e80c9e2d8bac
Apache Struts 2 ClassLoader Manipulation / DoS
Posted Mar 6, 2014
Site struts.apache.org

Apache Struts version 2.3.16.1 addresses a ClassLoader manipulation issue and adds some denial of service controls around the Common FileUpload library.

tags | advisory, denial of service
SHA-256 | cd4b96f99ffc4363d6c06f7b2c4792cb3425208eec73ac3a409b208aa00c26cd
Slackware Security Advisory - sudo Updates
Posted Mar 6, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New sudo packages are available for Slackware 13.0, 13.1, and 13.37 to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0106
SHA-256 | 1503d71023968d2d250f1371a8a628a7c3e2b3f8a9504dd5b9ce76acd6042040
Ubuntu Security Notice USN-2131-1
Posted Mar 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2131-1 - Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion. A local attacker could possibly use this issue to obtain or modify sensitive information from other local user sessions.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2013-6493
SHA-256 | dc322c9762452da3111edb39ea5cef37c10927b47550360f7b0020e1214507e0
Ubuntu Security Notice USN-2130-1
Posted Mar 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2130-1 - It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050, CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050
SHA-256 | d34d8ac4150b8f6a4f6baef401d0fa50c2a91dca97782c65ae813069a519bf58
Ubuntu Security Notice USN-2129-1
Posted Mar 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2129-1 - An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0160, CVE-2013-2929, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6382, CVE-2013-7027, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2013-0160, CVE-2013-2929, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6382, CVE-2013-7027, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269
SHA-256 | 26def1da51e3753541184bde4fad779091149899914c8225f8d51c895c375721
Ubuntu Security Notice USN-2132-1
Posted Mar 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2132-1 - Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memory consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that ImageMagick incorrectly handled decoding certain PSD images. If a user or automated system using ImageMagick were tricked into opening a specially crafted PSD image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0260, CVE-2012-0260, CVE-2014-1958, CVE-2014-2030
SHA-256 | 72853b878b1f2e516bfac5d47c34bfb899c700e46990633adf384408fe0988be
Red Hat Security Advisory 2014-0261-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0261-01 - In accordance with the Red Hat Enterprise MRG Life Cycle policy, the Red Hat Enterprise MRG product, which includes MRG-Messaging, MRG-Realtime, and MRG-Grid, Version 1 offering for Red Hat Enterprise Linux 5 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid Version 1 on Red Hat Enterprise Linux 5 after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Enterprise MRG Version 1 on Red Hat Enterprise Linux 5 after March 31, 2014.

tags | advisory
systems | linux, redhat
SHA-256 | c57160cfaa3a36770236e1dbda6c69acda44eda86d0aab1c745981b177cb27d5
Ubuntu Security Notice USN-2128-1
Posted Mar 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2128-1 - An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0160, CVE-2013-2929, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6382, CVE-2013-7027, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2013-0160, CVE-2013-2929, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6382, CVE-2013-7027, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269
SHA-256 | f93775724c74d2ee6adb72b9dce313cb6dc890d079d7d6ebdb872b101263d582
WordPress Premium Gallery Manager Shell Upload
Posted Mar 6, 2014
Authored by eX-Sh1Ne

WordPress Premium Gallery Manager plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | a415b02137a4198220d723341703817c21095885361785018c36dbdaeeb1dd38
SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
Posted Mar 6, 2014
Authored by Brendan Coles, Mohamed Shetta | Site metasploit.com

This Metasploit module exploits a remote arbitrary file write vulnerability in SolidWorks Workgroup PDM 2014 SP2 and prior. For targets running Windows Vista or newer the payload is written to the startup folder for all users and executed upon next user logon. For targets before Windows Vista code execution can be achieved by first uploading the payload as an exe file, and then upload another mof file, which schedules WMI to execute the uploaded payload. This Metasploit module has been tested successfully on SolidWorks Workgroup PDM 2011 SP0 on Windows XP SP3 (EN) and Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, code execution
systems | windows
SHA-256 | 555ceedf2a25fd70fef94c9ae70c8626ff642d286be5b686e2bf20bc82d0820a
HP Data Protector Backup Client Service Remote Code Execution
Posted Mar 6, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This Metasploit module abuses the Backup Client Service (OmniInet.exe) to achieve remote code execution. The vulnerability exists in the EXEC_BAR operation, which allows to execute arbitrary processes. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2013-2347
SHA-256 | 8a6cfcccffe2b708db0732be2f11e898b34ee027cca6bf2e6269d9b4fdfe7ad3
Cisco Security Advisory 20140305-rpd
Posted Mar 6, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device. The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device.

tags | advisory, remote, web
systems | cisco
SHA-256 | 923dbfdda27dbef1b87165f040cae5d5ddaa05eb445f2f6b7c7264c3a1063efc
EMC Documentum TaskSpace 6.7SP1 / 6.7SP2 Privilege Escalation / File Retrieval
Posted Mar 6, 2014
Site emc.com

EMC Documentum TaskSpace (TSP) versions 6.7SP1 and 6.7SP2 suffer from privilege escalation and arbitrary file retrieval vulnerabilities.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2014-0629, CVE-2014-0630
SHA-256 | 5fa4797c60a3ada46ce2d0b0a77097a9c04b093d0067361801d09a139e510ddf
OpenDocMan 1.2.7 SQL Injection / Access Control
Posted Mar 6, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

OpenDocMan versions 1.2.7 and below suffer from improper access control and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-1945, CVE-2014-1946
SHA-256 | 1c89a93e01a9e80efb0cba31d5c5177e9f24bbe6661e3238edf0a32bcdab0af3
Drupal NewsFlash 6.x / 7.x Cross Site Scripting
Posted Mar 6, 2014
Authored by Dennis Walgaard | Site drupal.org

Drupal NewsFlash third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 8c32a759dcbbdaf3e616022506078ffa63f807297679349d9f134d21bf774b08
Cisco Security Advisory 20140305-wlc
Posted Mar 6, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Wireless LAN Controller (WLC) product family is affected by denial of service and unauthorized access vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | 23651d98d4ec2ac2517b5ce787af4b2b5ffa3483e47c73758c6de0991cedb9f5
Cisco RV110W / RV215W / CVR100W Login Bypass
Posted Mar 6, 2014
Authored by Gustavo Speranza

Cisco RV110W, RV215W, and CVR100W suffer from a login bypass vulnerability. Affected includes Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9 and prior, Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and prior, and Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19 and prior.

tags | exploit, bypass
systems | cisco
advisories | CVE-2014-0683
SHA-256 | b7d7d2fe1fe7163f7f5068ab1e31c4a8df75ae9a15a21ce2451dbac629f641ab
Drupal Masquerade 6.x / 7.x Access Bypass
Posted Mar 6, 2014
Authored by Jeff H | Site drupal.org

Drupal Masquerade third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 2e05e179c7b3a88eac09f4671a883fc10fe910f394556b6fe421fff267af6c28
Drupal Mime Mail 6.x / 7.x Access Bypass
Posted Mar 6, 2014
Authored by Heine Deelstra | Site drupal.org

Drupal Mime Mail third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | ddb9f598501a7037e5db2e2b223e928001adf33e9f8b04f1009c86673a4c5039
Capstone 2.1
Posted Mar 6, 2014
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: Various bug fixes and added support.
tags | tool
systems | linux, unix
SHA-256 | 5ebc168212a159218a4454c72d0c060b8a8af78605b93b214b3d6c5e2a124896
Nsdtool Netgear Switch Scanner
Posted Mar 6, 2014
Authored by Stephan Zeisberg | Site curesec.com

Nsdtool is a toolset of scripts used to detect Netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.

tags | tool, local, protocol
systems | unix
SHA-256 | 9078597d3b0639a6911da09299cf72235589bc314c384350d0ff18ee053b37a9
Red Hat Security Advisory 2014-0253-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in the JBoss Web component of JBoss EAP, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. Warning: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2014-0050
SHA-256 | 2ef04417d98221f2b4fa45f31f0506ac5b73deb6735305af15c3399aa5b43a27
Red Hat Security Advisory 2014-0254-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0254-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
SHA-256 | 582404ee5321477d2cb59fc61c8baa71cc260fc0e66a6ea75d31f89c594e8b4a
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close