exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2014-06-25 to 2014-06-26

G Data TotalProtection 2014 Code Execution
Posted Jun 25, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-3752
SHA-256 | d13c4d1c5599bcffe508e75fe31ffdd878a567e0ff4fc55a9e3ea8326e575583
FreeBSD Security Advisory - file / libmagic
Posted Jun 25, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.

tags | advisory
systems | freebsd
advisories | CVE-2012-1571, CVE-2013-7345, CVE-2014-1943, CVE-2014-2270
SHA-256 | 55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77
FreeBSD Security Advisory - iconv NULL Pointer Dereference
Posted Jun 25, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash.

tags | advisory
systems | freebsd
advisories | CVE-2014-3951
SHA-256 | 9bfeb0e4817eb394eec76aa8f4fc00b3d2ab4fd8db2a80a5508e38d04a7226b7
Endeca Latitude 2.2.2 Cross Site Scripting
Posted Jun 25, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in Endeca Latitude version 2.2.2. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users.

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2014-2400
SHA-256 | 0117a3582adcb45df2d59f7d5cf251f3aba0c99f2fe951f5b651db6fdbed6f34
Endeca Latitude 2.2.2 Cross Site Request Forgery
Posted Jun 25, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site request forgery vulnerability in Endeca Latitude version 2.2.2. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely.

tags | exploit, csrf
advisories | CVE-2014-2399
SHA-256 | 99a9fe37102713781cb33e19705a416f50053d6d7e9f3c43db8e55b55166f87d
Storesprite 7 Cross Site Scripting
Posted Jun 25, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Storesprite version 7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c6b72d41875e95a461df516082b4ea96529aa02422c666dd78d99280ba2170fa
HITB Malaysia 2014 Call For Papers
Posted Jun 25, 2014
Site cfp.hackinthebox.org

The Call For Papers for the 12th annual HITB security conference in Malaysia has been announced. It will take place October 13th through the 16th, 2014, in Kuala Lumpur.

tags | paper, conference
SHA-256 | f880e433338a2ac6c5081215135585e93b155e9fd11f46f8336ff48a40285095
Gentoo Linux Security Advisory 201406-23
Posted Jun 25, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-23 - A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition. Versions less than 2.6-r9 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2013-6890
SHA-256 | 57dc3e1a285c8fe8b6958526718ba1dc4e63fc27f271542dcf6e8b4fc210723f
Gentoo Linux Security Advisory 201406-24
Posted Jun 25, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-24 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.66 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2012-3411, CVE-2013-0198
SHA-256 | 03fe3ef285b1b5d1ff8c208a973714bdf9c38116c4b573b22286d305c570965b
Ubuntu Security Notice USN-2256-1
Posted Jun 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2256-1 - John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2014-3497
SHA-256 | 852027970b4a45e5e99ddbaa1d4e1623c2a36639b5516a4ace71e95384748ddf
Ubuntu Security Notice USN-2255-1
Posted Jun 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2255-1 - Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in OpenStack Neutron did not properly perform input validation when creating security group rules when specifying --remote-ip-prefix. A remote authenticated attacker could exploit this to prevent application of additional rules. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-6433, CVE-2014-0187, CVE-2014-4167
SHA-256 | 5f775a27ed4d74086084452e073f1d3f9e6287cb5e6b3c509943cf3d9cd94a8a
VMware Security Advisory 2014-0007
Posted Jun 25, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library.

tags | advisory, vulnerability
advisories | CVE-2014-0050, CVE-2014-0094, CVE-2014-0112
SHA-256 | 8cd3d3b5cff06fae69c9f9a484862c9a8161dfc6048ace9c43f4bda1f4c76169
HP Security Bulletin HPSBMU03053
Posted Jun 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03053 - A potential security vulnerability has been identified with HP Software Database and Middleware Automation (DMA). This vulnerability could be exploited remotely to allow unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 1810640be47e84480c50a8e56837d65eeec140c4910ff22cb30526ada4f2e835
HP Security Bulletin HPSBMU03051
Posted Jun 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 385e5e6edf1d7ef7bbc8050d651def4d345aba8a057fa2b355d6c87431ead849
Slackware Security Advisory - samba Updates
Posted Jun 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0178, CVE-2014-0239, CVE-2014-0244, CVE-2014-3493
SHA-256 | f86aa120b172105145f5b723718fabcd5166d7c4730b1069b104b7db69051aec
Slackware Security Advisory - bind Updates
Posted Jun 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-6230, CVE-2014-0591
SHA-256 | 0e4965f7bb1d28a71301f19ccc59d0c8f659d4e086810b386a4b957fbf02238a
Slackware Security Advisory - gnupg Updates
Posted Jun 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-4617
SHA-256 | d70acb59aa9d946ca7c03d3620dce7e120988cb13525d55d53947f4e44f6d58b
Slackware Security Advisory - gnupg2 Updates
Posted Jun 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-4617
SHA-256 | ffb2861293b91d3d41cb82b9fe3c9b272d7b73cfccae1f44e79448b86ce98a55
Gentoo Linux Security Advisory 201406-22
Posted Jun 25, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-22 - Multiple vulnerabilities have been found in Network Audio System, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.9.4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-4256, CVE-2013-4258
SHA-256 | 8e8c98241fe321935320292f6bb27e27dfb069ad254ce093c7b8f131c4fa6a23
Ubuntu Security Notice USN-2254-2
Posted Jun 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2254-2 - USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager (FPM) UNIX socket. This update grants socket access to the www-data user and group so installations and documentation relying on the previous socket permissions will continue to function. Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local, php, vulnerability
systems | linux, unix, ubuntu
advisories | CVE-2014-0185, CVE-2014-4049
SHA-256 | ede7bd37ec15cedb840fd3409d5f9ccc217ba19f7004f1e7a557e85fe7a11fdb
Debian Security Advisory 2967-1
Posted Jun 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2967-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2014-4617
SHA-256 | ac40a5ca8c3f76072a4be56a4377566a9c18d6ef3028f59e42d536c5c72182d1
Red Hat Security Advisory 2014-0790-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0790-01 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made.

tags | advisory, remote, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2014-3430
SHA-256 | 0e13ed0ca0865bb4148cdab7442ec2e3cbc2d65acb04cd37108d09f3f118e88c
Red Hat Security Advisory 2014-0789-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0789-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.

tags | advisory, web, local, python
systems | linux, redhat
advisories | CVE-2014-0240
SHA-256 | df6960d3491b83351ea2981cdccc88228741b708fd75b9ad397502a3952d4d4e
Red Hat Security Advisory 2014-0788-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0788-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.

tags | advisory, web, local, python
systems | linux, redhat
advisories | CVE-2014-0240, CVE-2014-0242
SHA-256 | 57c0800b7f3ba48e76c145bcd7098f16e17916222f694350196c4fe97a356438
Red Hat Security Advisory 2014-0792-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0792-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.

tags | advisory, java, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0248
SHA-256 | d264fc26b9e87effa16c94b201823aee95d04b749b963f509a2b404fdd55bd4a
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close