exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-04-24

Lynis Auditing Tool 1.5.1
Posted Apr 24, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: An extended report file, Oracle status test, better detection of grsecurity, redirect of errors from rpcinfo command, and an adjusted color scheme.
tags | tool, scanner
systems | unix
SHA-256 | f4122ff853724483925246903a048d425313ffe1b980ca0134251f74d9fa5616
cFos Personal Net 3.09 Heap Corruption Denial Of Service
Posted Apr 24, 2014
Authored by LiquidWorm | Site zeroscience.mk

cFos Personal Net web server is vulnerable to a remote denial of service issue when processing multiple malformed POST requests in less than 3000ms. The issue occurs when the application fails to handle the data sent in the POST requests in a single socket connection causing heap memory corruption which results in a crash of the HTTP service. Version 3.09 is affected.

tags | exploit, remote, web, denial of service
SHA-256 | b6144b448a13b88a3946ba756a045ec300c090551bfe17fdc51afede9dfda1f8
JRuby Sandbox 0.2.2 Bypass
Posted Apr 24, 2014
Authored by joernchen

jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.

tags | exploit, java, arbitrary, ruby
SHA-256 | 95989cd8d69be3950435d2b8b421d281337ab209a2bdeb9f0d15a7d1b1f1dd76
Struts 2.3.16.1 ClassLoader Manipulation
Posted Apr 24, 2014
Authored by Rene Gielen | Site struts.apache.org

In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible.

tags | advisory
SHA-256 | 1b02e3ee3cd52232d9bdeb795f9c25b15c8bffd44b3b7df846a5d3306f54c9ea
Sitecom WLR-4000 / WLR-4001 Weak Encryption / Predictable WPA Key
Posted Apr 24, 2014
Authored by Roberto Paleari, Alessandro Di Pinto

Sitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.

tags | advisory
SHA-256 | 1859ad139fce73986b747a807e4df86ff957af3afdcef4c65e307925c5dee454
Heartbleed OpenSSL Information Leak Proof Of Concept
Posted Apr 24, 2014
Authored by Ayman Sagy

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | c130ea864e8a5752cbeeeb43cf5a566cbd9daeaef96e1462511173ae8e398614
Acunetix 8 Scanner Buffer Overflow
Posted Apr 24, 2014
Authored by Osanda Malith

Acunetix version 8 20120704 web vulnerability scanner buffer overflow exploit that bind a shell to port 4444.

tags | exploit, web, overflow, shell
advisories | CVE-2014-2994
SHA-256 | 879f64cf6211aef893d37bed01a4ca4cdf5f56e17b9792d44d59c20764edadb8
Acunetix 8 Stack Buffer Overflow
Posted Apr 24, 2014
Authored by Danor Cohen

Acunetix version 8 20120704 remote stack buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | 3c0f639db36d7bd8b9065927184e89a3674b276c02ba315541774202d0d39f77
HP Security Bulletin HPSBMU03020
Posted Apr 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03020 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
SHA-256 | 459c9a6e9429ca0b8870610411c7acc83310004b610563f7e202a3d0fa9e5219
HP Security Bulletin HPSBPI03014
Posted Apr 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03014 - A potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as "Heartbleed" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 049c19730dd5ae96d1817952229350dabe5a8e9991c63f15a5da28ea8fa0cee6
HP Security Bulletin HPSBHF03021
Posted Apr 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03021 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletins objective is to notify HP customers about certain HP Thin Client class of products affected by the Heartbleed vulnerability. HP will continue to release additional bulletins advising customers about other HP products NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | d28a09d3c4eb226153bc5cf89a3008f9b22de526a2a0783ae2650ccab578a8a8
HP Security Bulletin HPSBHF03006
Posted Apr 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03006 - A potential security vulnerability has been identified in HP Integrated Lights-Out 2 (iLO 2) servers that allows for a Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability). iLO 2 servers are not vulnerable to CVE-2014-0160. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-2601
SHA-256 | 2c31ae5d759fd83d28179ffff290a04922dadb56f15f88d62b7713369f7e3b64
HP Security Bulletin HPSBST03015 2
Posted Apr 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03015 2 - A potential security vulnerability has been identified with HP 3PAR OS running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 0454ffb49cf0855b47c50c883a3c1120140696297d179ae6dae2e21fc0fe6774
HP Security Bulletin HPSBGN03011
Posted Apr 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03011 - A potential security vulnerability has been identified with HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0160, CVE-2014-1060
SHA-256 | 5729e6f9d0b9af5336f4c41a88b4916c0cc567d11d4242057f238032355c68c6
Red Hat Security Advisory 2014-0436-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0436-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.0 offering will be retired as of June 26, 2014, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date. In addition, after June 26, 2014, technical support through Red Hat's Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat Storage 2.0 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.

tags | advisory
systems | linux, redhat
SHA-256 | 69f93eddbf14e5f65ed985b39105c646ee6490e4cb2d317fe9f64f99c0a403e5
Red Hat Security Advisory 2014-0435-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0435-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | 65bcbea57d78d85c5b05751039889feb143cb53910b8e45ef7a82fd0655c3cad
Red Hat Security Advisory 2014-0433-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0433-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. A flaw was found in the way the Linux kernel handled HID reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, redhat
advisories | CVE-2012-6638, CVE-2013-2888
SHA-256 | b57a17a2f5d3d72c9a217154739a3cbb03bbf2f12bdfef1de9f85b6b017b6f9f
Red Hat Security Advisory 2014-0434-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0434-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | fb7001b7ad03be3d30a012695c3087eed9911c97c37beafb408f143bab5c00dd
Red Hat Security Advisory 2014-0432-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0432-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2014-0101
SHA-256 | 075fd0fdd907ed60e6ba8a3cbb2880072d49081da20fd0c0bcf9f6a99a4101b4
Ubuntu Security Notice USN-2172-1
Posted Apr 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2172-1 - Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2014-2856
SHA-256 | 491356bd0784085e834b1ec5a4760e5bcb05c8453ae4e2c654c921d91138d2e1
Bonefire 0.7.1 Reinstall Admin Account
Posted Apr 24, 2014
Authored by Mehmet Ince

Bonefire version 0.7.1 suffers from a flaw where it allows the reinstall of the default administrative account.

tags | exploit
SHA-256 | b26e50b64d2e9b10b2cf8fc4979479c002a557cc7955df1050997f5a49c13900
Wifi Packet Capturing / Session Hijacking Using Wireshark
Posted Apr 24, 2014
Authored by Er. Deepanshu Kapoor

This whitepaper details how to perform wifi man in the middle attacks and then sniff the traffic for analysis afterwards using Wireshark.

tags | paper
SHA-256 | ba682f01ac66297c006d03d6d6a391811b8546679c41f35d715ecb25f387a262
Misli.com Android App SSL Validation Failure
Posted Apr 24, 2014
Authored by Harun Esur

The Android application provided by Misli.com fails to validate SSL certificates, allowing for a man in the middle attack.

tags | advisory
SHA-256 | afb37fe1b489ec647c4343ae53ef337a2e9fc7269b286c109f804ad0ffa3db3e
Birebin.com Android App SSL Validation Failure
Posted Apr 24, 2014
Authored by Harun Esur

The Android application provided by Birebin.com fails to validate SSL certificates, allowing for a man in the middle attack.

tags | advisory
SHA-256 | 81e80c5e05043304d6c894a1d4b7e354fd2d65ecc2596fb719e6c2d589f3019a
mRemote Offline Password Decrypt
Posted Apr 24, 2014
Authored by Adriano Marcio Monteiro

mRemote offline password decryption tool that is based off of the enum_mremote_pwds.rb Metasploit module.

tags | exploit
SHA-256 | d4e0ead2bc4f639955a80e0da85fb7c321c2941332565051371936575e38f42e
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close