what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-03-31 to 2014-03-31

PhonerLite 2.14 Digest Information Leak
Posted Mar 31, 2014
Authored by Jason Ostrom

PhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party. After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials.

tags | exploit, spoof, info disclosure
advisories | CVE-2014-2560
SHA-256 | 7a34b13b986e3c819eec422d90f73dfa5a7fe4225fdb3fbe73a15891c3c278e5
EMC Cloud Tiering Appliance 10.0 XXE Injection
Posted Mar 31, 2014
Authored by Brandon Perry

EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included.

tags | exploit, proof of concept, xxe
SHA-256 | 8191ae1d7b8520f1907f9a4102488831c9cce91d284f870d73ce4c7105f6ce7c
Vanctech File Commander 1.1 LFI / File Upload
Posted Mar 31, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Vanctech File Commander version 1.1 for iOS suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
systems | apple, ios
SHA-256 | 4cdbd24ff9f1d7ae738fbdc61b7fbef14fde6a8dd945fdee07e390600c8d5657
AlienVault 4.5.0 SQL Injection
Posted Mar 31, 2014
Authored by Brandon Perry

AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included.

tags | exploit, remote, sql injection, proof of concept
SHA-256 | 40ee4d126c36742998c3f763beb792fa2eaff2e289df522b3fa9296d803a35a6
PhotoWIFI Lite 1.0 Command Injection / LFI / File Upload
Posted Mar 31, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PhotoWIFI Lite version 1.0 for iOS suffers from command injection, local file inclusion, and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
systems | apple, ios
SHA-256 | 9359a3d21802973d03730bfc312fb55fed478a1b39122f4166292c87c4f0dd57
Debian Security Advisory 2891-1
Posted Mar 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2891-1 - Several vulnerabilities were discovered in MediaWiki, a wiki engine.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2031, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610
SHA-256 | cd5776f1a1d81c9161dcf857098c8b2d1dd8f0ecc0834c564f76e6445537d711
Debian Security Advisory 2890-1
Posted Mar 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2890-1 - Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2014-0054, CVE-2014-1904
SHA-256 | 27f9ee57599c732f28379d5fd74abab6f97c737a3bcf24f10c2f7392d21aa918
Red Hat Security Advisory 2014-0344-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0344-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0093
SHA-256 | 3f3acd558c38d4a1ccfb6f2b8bec52c3ae93d8bb93ba8db626244df22e8c8a38
Red Hat Security Advisory 2014-0342-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0342-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2013-7112, CVE-2013-7114, CVE-2014-2281, CVE-2014-2283, CVE-2014-2299
SHA-256 | fb4636b121cc06c3f8f983ea3435be6d5e3e08969f2723469ce849ffee9c90ce
Red Hat Security Advisory 2014-0345-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0345-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0093
SHA-256 | d60440c19355c7c09e42866458a7ac9981825da1b0b456b641cb370c61340940
Red Hat Security Advisory 2014-0343-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0343-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0093
SHA-256 | 2c3501de41dad7648e0b0ec1fc7cf09a1c34b786bb2e3f7402306edcde85d3e2
Red Hat Security Advisory 2014-0341-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0341-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3559, CVE-2013-4081, CVE-2013-4083, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112, CVE-2014-2281, CVE-2014-2299
SHA-256 | b531a7447c88b6daa2a1487c069a72622b42551b72216051e073e1ca4e49bc98
Red Hat Security Advisory 2014-0340-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0340-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.

tags | advisory
systems | linux, redhat
SHA-256 | fad6fd6b2752093091cbe4719dd22ca5b0fd8130476fe260d36fe381ec81137d
Red Hat Security Advisory 2014-0339-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0339-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-1860, CVE-2014-0055, CVE-2014-0092
SHA-256 | 27433747bde26addd9b3464670fd4f3098c0354c6a1ecdaa823c9aff3f2c26ee
Debian Security Advisory 2891-2
Posted Mar 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2891-2 - In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2031, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610
SHA-256 | 9f5bf02fc06867cb3e9bab406d4c6f55a8099580c8d026245672cf4672def2a2
Immunity Hooking Script
Posted Mar 31, 2014
Authored by nrz | Site nullsecurity.net

This is an Immunity template plugin for function hooking while reverse engineering.

tags | tool
systems | unix
SHA-256 | 4f540c9274c23c9ad1693cb060f324330b4f61ac079c288de7734e407dfd7a77
w3af Web Application Attack and Audit Framework 1.6
Posted Mar 31, 2014
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Improved performance for scans. Better documentation. Improved quality.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 006731b74f58960a1f3580194979bb988fa52df2bc92f6f36b1ce36ffcdd6003
Primo CMS 6.2 Remote Command Execution
Posted Mar 31, 2014
Authored by Felipe Andrian Peixoto

Primo CMS version 6.2 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | f990681225f7a22b115820d8c6849ce605618fbcd204bdfafd97a632de467801
Apache ModSecurity Chunked Request Bypass
Posted Mar 31, 2014
Authored by Martin Holst Swende

Apache ModSecurity versions prior to 2.7.6 appears to suffer from a filter evasion vulnerability via chunked requests.

tags | advisory, bypass
SHA-256 | b4577633493ef0b6de597cd73adb4abb6e8f136bc25547ae839a067e7209bd00
Horde Webmail 5.1 Open Redirect
Posted Mar 31, 2014
Authored by Felipe Andrian Peixoto

Horde Webmail version 5.1 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | f3bfdd6bd23da3ad823bbc2c0e6dd878f8671a1ae58971fcb65267ec1cb64052
Tor Timing Attack Proof Of Concept
Posted Mar 31, 2014
Authored by Jann Horn

This write up is a proof of concept end-to-end correlation for Tor connections using an active timing attack.

tags | paper, proof of concept
SHA-256 | 9dae24b1d19e1e4a4b9cb0e31a8b16804e47159fc6cf2372976e60fe0026ce9f
WordPress Js-Multi-Hotel 2.2.1 XSS / DoS / Disclosure / Abuse
Posted Mar 31, 2014
Authored by MustLive

WordPress Js-Multi-Hotel plugin version 2.2.1 suffers from cross site scripting, abuse of functionality, denial of service, and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | b0710350332e42b116bfa62641fb48da142ad7b2686b5d41ac322c55648e6fbf
AudioCoder 0.8.29 Memory Corruption
Posted Mar 31, 2014
Authored by sajith

AudioCoder version 0.8.29 memory corruption to code execution via SEH exploit.

tags | exploit, code execution
SHA-256 | 0f1d5e9ac2a09a11a1cf2de974edcdd6ae678079675b1f5f5aca4fa2fa9c1130
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close