what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2015-08-26

WordPress YouTube Embed 3.3.2 Cross Site Scripting
Posted Aug 26, 2015

WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6535
SHA-256 | bd08d635da81f1250b0bd7b2decd8288c09061ca8182cdeb83b88b0b64cd4586
HP Security Bulletin HPSBGN03411 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03411 1 - A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 639bf8507e1b5ad87717788379b46c94b04598136a31007b96374bcb323d0885
HP Security Bulletin HPSBGN03405 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 0e6fc4e54f6c6314c75c0105e2ac65fd4c07dd8d8fb3eb8e90df6aa1a1f6a636
HP Security Bulletin HPSBGN03399 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 84f3b874b3b98be0bf0823568c0e8846a56946be08587462ea7859e44fa6c5df
FreeBSD Security Advisory - IRET Handler Privilege Escalation
Posted Aug 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2015-5675
SHA-256 | c96f042a2e1f79016cee3228dd1a6dccfd18fcba578117e9a03af878aee5caf1
FreeBSD Security Advisory - OpenSSH Issues
Posted Aug 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.

tags | advisory
systems | freebsd
SHA-256 | 3a8b1bfd85b5a339a84d61427764656f8de8bc6b1e993e98a5732638aac6f504
nullcon se7en Call For Papers
Posted Aug 26, 2015
Site nullcon.net

nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 4th through the 5th, 2016.

tags | paper, conference
SHA-256 | 4f1454e9bc2d8289b349a3fdce42d430af7f08c0ece80b991b18ed318038403e
Debian Security Advisory 3343-1
Posted Aug 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3343-1 - James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.

tags | advisory, remote, php, code execution
systems | linux, debian
SHA-256 | 805404034e4c9a24f3324b6ba48b3771bb4d719aa491044f98bc20c9f2e2ade3
Ubuntu Security Notice USN-2722-1
Posted Aug 26, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2722-1 - Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4491
SHA-256 | 53ace9ef917aebbafcf19dc56fa2c9f36bb86ae8fb4479b09de38565703eb1f6
HP Security Bulletin HPSBGN03415 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03415 1 - Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808
SHA-256 | fe697ef6edf021eeaaa0c510a00b8027459e63c615ee0257cc4e7099c03d9fe1
HP Security Bulletin HPSBGN03414 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03414 1 - Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808
SHA-256 | bf90a44cb60c6e9039856d3da552a22356d63ab04ce1ca47af70fce3e6b2b9e1
ZSNES 1.51 Stack-Based Buffer Overflow
Posted Aug 26, 2015
Authored by Juan Sacco

ZSNES version 1.51 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | ac0bbeac824268291f65934827d6406fd927814abaffee462140a86382be50ec
Fwknop Port Knocking Utility 2.6.7
Posted Aug 26, 2015
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: When command execution is enabled with ENABLE_CMD_EXEC for an access.conf stanza, added support for running commands via sudo. Added --key-gen to fwknopd. Added a script from Jonathan Bennett at extras/console-qr/console-qr.sh to generate QR codes from fwknopd access.conf keys. Various other updates.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | ed6f8cfbda6dc76a56a994465188b49419267492ebc6d5328e0947479bd2714b
HP Security Bulletin HPSBMU03409 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2013-0248, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286
SHA-256 | ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5
HP Security Bulletin HPSBGN03404 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 81df34bec39d89b1c0a6979bd60403319676351b9237601064e3bfd18d74561f
Ubuntu Security Notice USN-2712-1
Posted Aug 26, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2712-1 - Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491
SHA-256 | 674b2e26a251f35dbda3345884ca92e8bd282ae9ac9699767bce9224e7a9d691
Red Hat Security Advisory 2015-1682-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1682-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird .

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491
SHA-256 | 4c069329c01d5dd2b23d438ea15fb2cf2ddb55af9e97c1998eb05ee9cd900538
Red Hat Security Advisory 2015-1685-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1685-01 - Python-keystoneclient is a client library and a command-line utility for interacting with the OpenStack Identity API. It was discovered that some items in the S3Token configuration as used by python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option was set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: The "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2015-1852
SHA-256 | f7c56d4b381ea910926af2ea30028853daff29cd7f8167099a0f0009a6fa3119
Red Hat Security Advisory 2015-1683-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1683-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5165
SHA-256 | 05e8000a6206bbfbe20a766ed07087904157b0283a55bcc3b13dd5695debb6d1
Red Hat Security Advisory 2015-1684-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1684-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-1856
SHA-256 | ee39183a3ea994aeff17098083ebe2a8492a6ee3bf022511868c02167de39768
HP Security Bulletin HPSBMU03397 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
SHA-256 | 4b42962930ba66e223d79373611361d9e3b5d02e2010fe34205524553f22c3d5
HP Security Bulletin HPSBMU03413 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03413 1 - Potential security vulnerabilities have been identified with HP Virtual Connect Enterprise Manager SDK. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-5432, CVE-2015-5433
SHA-256 | 6b5a85f0a3835e211788a83e13c0d0712017e6346f21143164be00789078748c
HP Security Bulletin HPSBMU03396 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03396 1 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information, cross-site request forgery (CSRF), or elevation of privilege. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-5409, CVE-2015-5410, CVE-2015-5411, CVE-2015-5412, CVE-2015-5413
SHA-256 | 619deaf4049b64ca228d248eccdea1ecdfa933166df8d4b18aafd081c1b4ca8f
Red Hat Security Advisory 2015-1686-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1686-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store.

tags | advisory, web, denial of service, python
systems | linux, redhat
advisories | CVE-2015-5143
SHA-256 | acf60870374e52838ceb79bf380b03c1f8262786630a6240d6a305c27b59d945
WordPress Car Rental System SQL Injection
Posted Aug 26, 2015
Authored by Manish Tanwar

WordPress Car Rental System plugin versions prior to 3.1 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a2cdab0c11366b52adaafd94afcce39eacb22aff6f7f1ff06b4f931c4a631ffa
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close