exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-03-11

Oracle VirtualBox 3D Acceleration Memory Corruption
Posted Mar 11, 2014
Authored by Core Security Technologies, Andres Blanco, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2014-0981, CVE-2014-0982, CVE-2014-0983
SHA-256 | 21ec84e64e681dcbf21f5213bd3356433798b0d9e50c61ad3431bb54276c747d
Apple Facetime Information Disclosure
Posted Mar 11, 2014
Authored by Guillaume Ross

Facetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. The URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the user browsing the site. This was fixed in iOS 7.1.

tags | exploit, info disclosure
systems | apple, ios
advisories | CVE-2013-6835
SHA-256 | bebab63f72c50288bcebc313e5246e1fd3c7b31efbc03002eade638bcbfe9eae
Microsoft Security Bulletin Summary For March, 2014
Posted Mar 11, 2014
Site microsoft.com

This bulletin summary lists five released Microsoft security bulletins for March, 2014.

tags | advisory
SHA-256 | b063e1c4ba9eeff5ac6e5eb539661c25c3f1a73083bc869d190e85eec0e74ec5
Apple TV Touch Password Disclosure
Posted Mar 11, 2014
Authored by David Shuetz

Apple TV had an issue where it was logging a user's Apple ID and password via debug output in logs.

tags | exploit, info disclosure
systems | apple
advisories | CVE-2014-1279
SHA-256 | 0a1c6fac11fcc476161bb57b10b35d423406bce4a7f23ea17ef1d502385ce6f1
HP Security Bulletin HPSBUX02976 SSRT101236
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02976 SSRT101236 - A potential security vulnerability has been identified with HP-UX running NFS rpc.lockd. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2013-6209
SHA-256 | 778081596e26ad97d27b315e4005402b71f124ffee65d5fda8035cf965163ed5
HP Security Bulletin HPSBMU02948
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02948 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4167, CVE-2012-4168, CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555
SHA-256 | 6afd6558c70104a9e0d9d7d513fd3d286f804508b7ea13c5d542eda51f7e2a3c
HP Security Bulletin HPSBMU02947
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02947 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in disclosure of information or cross-site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, vulnerability, csrf
systems | linux, windows
advisories | CVE-2013-4846, CVE-2013-6188
SHA-256 | 1eb292c652cf6c4e5ca36c521c35194dfe5e91e45ab38e38173e43f8b2999650
Slackware Security Advisory - udisks, udisks2 Updates
Posted Mar 11, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New udisks and udisks2 packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0004
SHA-256 | 06d665d1474edcbae86420d67bd52d22f4d130c855f4494f80057f726438ac5a
Red Hat Security Advisory 2014-0284-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0284-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2851, CVE-2013-4387, CVE-2013-4470, CVE-2013-4591, CVE-2013-6367, CVE-2013-6368, CVE-2013-6381
SHA-256 | 8cfc7fc325fe40888918ba9e8f2de222f45256f4ab9832b9a6acc34dd00ab357
Red Hat Security Advisory 2014-0215-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0215-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164, CVE-2014-0057, CVE-2014-0081, CVE-2014-0082
SHA-256 | 126c0f0b7adb1631347c3dc73179ccc193ee1d9d10210467dd040b5b8fe37780
The Art Of Stealth Scanning
Posted Mar 11, 2014
Authored by Fardin Allahverdinazhand

This is a whitepaper called the Art of Stealth Scanning. It is written in Persian.

tags | paper
SHA-256 | bc4a0ec403dff01e2ba4a5b455bfb43b48b9c57a6ae42ade92c9474ff2c27968
Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow
Posted Mar 11, 2014
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
SHA-256 | cd3073a5bc682f3580166015609a9200934b628f5a03ccece0e8cc2a07545eb8
Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow
Posted Mar 11, 2014
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKBCopyD.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3.

tags | exploit, overflow
systems | windows
SHA-256 | 390d6553999edd7d8bde91c93b21a22d072083f24cfd61503649be67eeab7ede
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140309
Posted Mar 11, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release bumps tor to version 0.2.4.21 and the kernel to 3.13.5 plus Gentoo's hardened-patches. All other components are kept at the same versions as the previous release. It also adds haveged, a daemon to help generate entropy on diskless systems, for a more cryptographically sound system. Testing shows that previous versions of tor-ramdisk were operating at near zero entropy, while haveged easily keeps the available entropy close to 9000 bits. Upgrading is strongly encouraged.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | f316e8db76e02ef1a14131cf5c1b7660c673cdeeae06cde47fcd381edd5c1b1c
Apple Security Advisory 2014-03-10-2
Posted Mar 11, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-03-10-2 - Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.

tags | advisory, overflow, vulnerability, info disclosure
systems | apple
advisories | CVE-2012-2088, CVE-2013-2909, CVE-2013-2926, CVE-2013-2928, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6629, CVE-2013-6635, CVE-2014-1267, CVE-2014-1269, CVE-2014-1270, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1275, CVE-2014-1278, CVE-2014-1279, CVE-2014-1280, CVE-2014-1282, CVE-2014-1287, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291
SHA-256 | 49c40a29a380c50803951ca030c4505c5a3bee971409553f3f4a97d6fc09fea0
Apple Security Advisory 2014-03-10-1
Posted Mar 11, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-03-10-1 - iOS 7.1 is now available and addresses multiple security vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2012-2088, CVE-2013-2909, CVE-2013-2926, CVE-2013-2928, CVE-2013-5133, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228, CVE-2013-6625, CVE-2013-6629, CVE-2013-6635, CVE-2013-6835, CVE-2014-1252, CVE-2014-1267, CVE-2014-1269, CVE-2014-1270, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1274, CVE-2014-1275, CVE-2014-1276, CVE-2014-1277, CVE-2014-1278
SHA-256 | 6c19d4e53e5fb1272b5bc0bf7fa4cc0fda92443e3c83f9bab736bb9f31bcb45d
Lynis Auditing Tool 1.4.5
Posted Mar 11, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds additional support for Chakra Linux, the pacman package manager, and checks for installed packages. It has some improvements regarding the color scheme, logging, PAM modules, and enhanced support for Solaris.
tags | tool, scanner
systems | unix
SHA-256 | a81288bba1ce2a5f79504fe655d2e1dcf3a02b72b55acd2b273b9c1a71f32da1
CodeCrypt 1.5
Posted Mar 11, 2014

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds hashfiles and several speed and user interface improvements.
tags | tool, encryption
systems | unix
SHA-256 | 7cf28c306205dac321f792b40c1ace736ae4f0b55acbb56f588a3e2d8d7d57c2
Asterisk Project Security Advisory - AST-2014-004
Posted Mar 11, 2014
Authored by Mark Michelson, Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's handling of SUBSCRIBE requests. If a SUBSCRIBE request is received for the presence Event, and that request has no Accept headers, Asterisk will attempt to access an invalid pointer to the header location. Note that this issue was fixed during a re-architecture of the res_pjsip_pubsub module in Asterisk 12.1.0. As such, this issue has already been resolved in a released version of Asterisk. This notification is being released for users of Asterisk 12.0.0.

tags | advisory
advisories | CVE-2014-2289
SHA-256 | 6e56eb72b35ebd81d6277efa644e9243116635a3b307f8a61ee9f768038f90ec
Asterisk Project Security Advisory - AST-2014-003
Posted Mar 11, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the "qualify_frequency" configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.

tags | advisory, remote
advisories | CVE-2014-2288
SHA-256 | 3fc37984a9d5b7488a013c0d4d7869919c15b588b2dfa950081c2998a81fc658
Asterisk Project Security Advisory - AST-2014-002
Posted Mar 11, 2014
Authored by Kinsey Moore, Colin Farrell | Site asterisk.org

Asterisk Project Security Advisory - An attacker can use all available file descriptors using SIP INVITE requests, which can result in a denial of service.

tags | advisory, denial of service
advisories | CVE-2014-2287
SHA-256 | 786ba76251ce62da4df7d6eb92f164fe200a08d34d8310287e6d97b9f289d40c
Asterisk Project Security Advisory - AST-2014-001
Posted Mar 11, 2014
Authored by Richard Mudgett, Lucas Molas, Dr. Manuel Sadosky | Site asterisk.org

Asterisk Project Security Advisory - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

tags | advisory, web, overflow
advisories | CVE-2014-2286
SHA-256 | 7930613352d2f6681e74a1dd7d8766aee3838790ca9d640367d15b7cb5e507c4
Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalation
Posted Mar 11, 2014
Authored by LiquidWorm | Site zeroscience.mk

Huawei Technologies eSpace Meeting Service version 1.0.0.23 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | e4d11f7a656487b39ca9c42b1326265ed1b31d52868853768b3fabb5554742bb
WordPress LayerSlider 4.6.1 CSRF / Traversal
Posted Mar 11, 2014
Authored by Akastep

WordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
SHA-256 | ee946745fef274d92410d3a5ad6ce3b5a599ed334d2b42371eea610f180683d6
HP Security Bulletin HPSBGN02970
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02970 - Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2010-4008, CVE-2010-4494, CVE-2011-2182, CVE-2011-2213, CVE-2011-2492, CVE-2011-2518, CVE-2011-2689, CVE-2011-2723, CVE-2011-3188, CVE-2011-4077, CVE-2011-4110, CVE-2012-0058, CVE-2012-0879, CVE-2012-1088, CVE-2012-1179, CVE-2012-2137, CVE-2012-2313, CVE-2012-2372, CVE-2012-2373, CVE-2012-2375, CVE-2012-2383, CVE-2012-2384, CVE-2013-6205, CVE-2013-6206
SHA-256 | e25777250b7eb57ebcfad065c189fe97acfb1a87cb7e94b581d8e42eebdd57b0
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close