what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-08-17

EMC Secure Remote Services Virtual Edition Weak Authentication
Posted Aug 17, 2015
Site emc.com

It was discovered that the session tokens in EMC Secure Remote Services Virtual Edition are Base64 encoded XML tokens that lack any cryptographic protection. Due to this it is possible for attackers to create their own session cookies. Attackers with network access (insiders) to the ESRS Web Portal can exploit this issue to gain unauthorized access to the management interface.

tags | advisory, remote, web
advisories | CVE-2015-0544
SHA-256 | 151cc56ac265671c750c63e5338bd4cbdd1d2ba6148271d1080ba9484f3b172a
EMC Documentum Content Server Privilege Escalation / Code Execution
Posted Aug 17, 2015
Site emc.com

EMC Documentum Content Server contains multiple vulnerabilities that could be exploited by malicious users to compromise the Content Server in several ways.

tags | advisory, vulnerability
advisories | CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536
SHA-256 | 95830881705d0d2408b47ceb7001260e614677f1858c088afc5e0922d3a4aee9
RSA Archer GRC Cross Site Request Forgery
Posted Aug 17, 2015
Site emc.com

RSA Archer GRC platform contains fixes for multiple cross site request forgery vulnerabilities that could potentially be exploited by malicious users to perform unauthorized actions on behalf of authenticated users of the application.

tags | advisory, vulnerability, csrf
advisories | CVE-2015-0542
SHA-256 | 959a33a5b9f33dbce4f82531607aa009fbef57c91009bfcaa6085f4d703795d5
Ubuntu Security Notice USN-2711-1
Posted Aug 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2711-1 - It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3565, CVE-2015-5621
SHA-256 | 637f1672470959d86194903a05d03503644b70c98bc272b459ef69a1bfc19637
Security Explorations Math Versus Oracle
Posted Aug 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.

tags | advisory, vulnerability
SHA-256 | 2da1fcf5b8f0090fe5d0ec336bb7d93cd663a84c8ff4ad87b305664d9081d629
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
Posted Aug 17, 2015
Authored by Brandon Perry, Markus Wulftange | Site metasploit.com

This Metasploit module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

tags | exploit, remote, shell, vulnerability, code execution
advisories | CVE-2015-1486, CVE-2015-1487, CVE-2015-1489
SHA-256 | 55479cb3065f838f82cc61df0c4fdee54d41ee44aace24351aecba453e3be8c5
VideoCharge Studio Buffer Overflow (SEH)
Posted Aug 17, 2015
Authored by metacom, Christian Mehlmauer, Andrew Smith aka jakx | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of VideoCharge Studio to open a malicious .VSC file.

tags | exploit, remote, overflow, arbitrary
advisories | OSVDB-69616
SHA-256 | 5afb52ddd9c049208eb1441710497e2625b20e4833296328ac22be987e5b2017
Werkzeug Debug Shell Command Execution
Posted Aug 17, 2015
Authored by h00die | Site metasploit.com

This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian.

tags | exploit, shell, python
systems | linux, debian, centos
SHA-256 | c66135298bdbc3ecf2b75f9d3d628a64cee1d120ca05cf2ddac7c252fa2aba07
RSA BSAFE Crypto Attacks / Denial Of Service
Posted Aug 17, 2015
Site emc.com

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.

tags | advisory, denial of service, cryptography, vulnerability
advisories | CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537
SHA-256 | 249db2924aab5ee66f78a2cea495509bc66d1e874798148d85df7a38d50f16a4
Gentoo Linux Security Advisory 201508-03
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-3 - A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition. Versions less than 2.4.2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-3026
SHA-256 | 7d860a37ca2e6eb7705507bfb6605db340741515e8d65938618a23309044f202
Gentoo Linux Security Advisory 201508-02
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-2 - Multiple vulnerabilities have been found in libgadu, the worst of which may result in execution of arbitrary code. Versions less than 1.12.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-4488, CVE-2013-6487, CVE-2014-3775
SHA-256 | ac6323304dec7a73e7b87d81f49e9a488514b085986f013e99182e85aa74812f
Gentoo Linux Security Advisory 201508-01
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-1 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.508 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3107, CVE-2015-5122, CVE-2015-5123, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556
SHA-256 | 0847bbaee6df81c0c128448e66176965e633dd961c717381e4b388a8b8ad5416
Red Hat Security Advisory 2015-1635-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1635-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | a0efdeb75f1c30ee358397a36729d3fe23e95d4dc3424a9aa6ec32de06cdaf97
Red Hat Security Advisory 2015-1634-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1634-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3416
SHA-256 | e2762eea5beb5fd075760c1b0b8af959cd5f3c3de8d5ef879e22ec6715b97e02
Red Hat Security Advisory 2015-1633-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1633-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-0248, CVE-2015-0251, CVE-2015-3187
SHA-256 | d091320b57163b4490f94feff3ef41c63366f20353500a6e770c256ec6180c43
Red Hat Security Advisory 2015-1631-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1631-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. ceph has been upgraded from v0.80.8.1 to v0.80.8.2.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3010, CVE-2015-4053
SHA-256 | fe73ad4a770c72f8100654d86047b20f029b23f77a092e0e02e9755c7903b274
Slackware Security Advisory - mozilla-firefox Updates
Posted Aug 17, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | ddd1377dc71f5d5573e3e5e113250659fa5106c15a9db1996d2a264f41de8a60
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Aug 17, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | c5563a7464d928ff21dd335904c774ff47e54780fa40f3c9603723d7ca88c81c
Red Hat Security Advisory 2015-1630-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1630-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772
SHA-256 | 31d5def2c42016aa18d489eedd4022a3fdb32f470a20bed0708b9c3529e62a47
Red Hat Security Advisory 2015-1629-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1629-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757
SHA-256 | 193f2f3152d15e39225d22426ed2be7c4dea32eaf1a7cf33d2bced97b5f15dc4
Red Hat Security Advisory 2015-1628-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1628-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757
SHA-256 | a51eb1ee58883d7b18206e0a8a5b2389573c95a87c5662f85dd577031dafa293
Red Hat Security Advisory 2015-1627-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1627-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

tags | advisory, remote, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-7424
SHA-256 | 09824f32e3805a9e1048366162b64a1f26104e46bb0ac50ac2b3cfa92168bbeb
Sagemcom F@ST 3864 V2 Admin Password Disclosure
Posted Aug 17, 2015
Authored by Cade Bull

Sagemcom F@ST 3864 V2 suffers from a remote administrative password disclosure vulnerability.

tags | exploit, remote
SHA-256 | 4785f978ec11eae3cb7d66c426a2da4745f92845b090dd7546527e3baa917392
Microsoft Windows HTA Remote Code Execution
Posted Aug 17, 2015
Authored by Mohammad Reza Espargham

Microsoft Windows HTA (HTML Application) remote code execution exploit that leverages MS14-064.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2014-6332
SHA-256 | b64cfa67cfacfa43395c6d7db885dc72105cb1baf59dcf8b104e0c9985ebcbe7
Comtrend Cross Site Request Forgery
Posted Aug 17, 2015
Authored by Javier Vicente Vallejo

Various Comtrend routers suffer from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | e075f47c52d3263edf9bcad894a9d0275e22ef6410176b35861b5f4f4b21a56c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close