exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-01-16

Mandriva Linux Security Advisory 2014-006
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-006 - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-4520
SHA-256 | d503e763b57122b1bd5ea97bd2b93533c0511e842cf6a0c87bc31b04792daf0d
Mandriva Linux Security Advisory 2014-005
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-005 - The TLS driver in ejabberd before 2.1.12 supports weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. The updated packages have been upgraded to the 2.1.13 version which is not vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-6169
SHA-256 | 4f694e5ddc207e0db057b3c0ee6d0aba1eca623fa95f4affcd6efca3d29ffc0d
Joomla Sexy Polling 1.0.8 SQL Injection
Posted Jan 16, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla Sexy Polling extension version 1.0.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-7219
SHA-256 | 386f633addc7fcd69c71714e10ca43a9577c114d2f48bae9ca88cbf0936b85a3
Ubuntu Security Notice USN-2083-1
Posted Jan 16, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2083-1 - It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1236, CVE-2014-0978, CVE-2014-1235, CVE-2014-1236
SHA-256 | 25439a91952048a0b2275a1f124b3b5aa430718a373e261797e5b2b191ca184c
Mandriva Linux Security Advisory 2014-004
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi
systems | linux, mandriva
advisories | CVE-2013-7108, CVE-2013-7205
SHA-256 | 2a8a2c2fafea3404e1ed0dab309c14b4a4dc58b3300bfb3a8153d0ae8063119f
Mandriva Linux Security Advisory 2014-003
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-003 - Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via $() shell metacharacters, which are processed by bash. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, shell, bash
systems | linux, mandriva
advisories | CVE-2013-1362
SHA-256 | ae3af96c61f5cb0bcc8ef2cfd7bd0d9f0aa1fdf1facbc9382e974b70630cdf6e
Mandriva Linux Security Advisory 2014-002
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-002 - The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.4-P2 version which is unaffected by this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-0591
SHA-256 | 68b6dd6470caf042a0953b19a031782926ab5363c4da8f8ff80fd46eaa48eecf
Clam AntiVirus Toolkit 0.98.1
Posted Jan 16, 2014
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This release adds improved support for the Mac OS X platform, support for new file types, and quality improvements, including: Extraction, decompression, and scanning of files within the Extensible Archive (XAR)/Apple Disk Image (DMG) format. Decompression and scanning of files in the "Xz" compression format. Improvements and fixes to extraction and scanning of ole formats. An option to force all scanned data to disk. Various improvements to ClamAV configuration, support of third party libraries, and unit tests.
tags | tool, virus
systems | unix
SHA-256 | 35f5e84d734cdd4532c1cc6c92560c5b31d1c24f2e1e203bef0ca1351eb223dc
cryptmount Filesystem Manager 4.5
Posted Jan 16, 2014
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Loop-device setup was improved using the kernel's /dev/loop-control interface. Support for the TRIM/allow_discards option was added to support use on solid-state disks. Treatment of the run-time state was improved, moving files from /etc into /run.
tags | tool, kernel, encryption
systems | linux, unix
SHA-256 | 336aa4af20dfe4c174d723a5d0fde77635c8ac95067c10378abc4eb6d136f915
SSLsplit 0.4.8
Posted Jan 16, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release adds experimental support for pf on Mac OS X, and adds support for pf divert-to on FreeBSD and OpenBSD. SSLsplit now removes headers advertising support for SPDY/QUIC from HTTP responses. Additionally, a number of segmentation faults, a memory leak, and a file descriptor leak have been fixed, greatly improving overall stability.
tags | tool, encryption
SHA-256 | 2c181413b1ac98c2e968838cf2aff201b6ff5bba656c22f9d1c756626cd5aa16
Red Hat Security Advisory 2014-0030-01
Posted Jan 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0030-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416
SHA-256 | 836069891824f01a4d1a0c0c357d7e19a31e12bd8afa1255bf2a8c7943cd1cf7
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jan 16, 2014
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-0591
SHA-256 | 42bd91e5a207d906b383d2f4b8c14bcb28389b0113837035f0080c510470026d
Ajenti 1.2.13 Cross Site Scripting
Posted Jan 16, 2014
Authored by Project Zero Labs

Ajenti version 1.2.13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f2384d32b3cba7169334e5e7866064ae6d12640e7c4f7b1f468bed3c547f1f20
Drupal Anonymous Posting 7.x Cross Site Scripting
Posted Jan 16, 2014
Authored by drikc | Site drupal.org

Drupal Anonymous Posting third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 3f66516fa2d17f145270d1b32bfdcb6d5737821a00485d9156519b16c187b504
Drupal 6.x / 7.x Impersonation / Access Bypass / Hardening
Posted Jan 16, 2014
Authored by David Rothstein, Damien Tournoud, Christian Mainka, Matt Vance, Vladislav Mladenov | Site drupal.org

Drupal core versions 6.x and 7.x suffer from impersonation, access bypass, and security hardening vulnerabilities.

tags | advisory, vulnerability
SHA-256 | f5c6a398f6c3eb4be7409e8de673476647efb02968ec5e6d76e45d68ffbfdae9
DomPHP 0.83 SQL Injection
Posted Jan 16, 2014
Authored by Houssamix

DomPHP versions 0.83 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | cb2dcf35ad0fd792e1f894e8174876bc0f117e63ac62244dd54a12a0b864d723
Y! Toolbar Cross Site Scripting
Posted Jan 16, 2014
Authored by David Hoyt

A local stored cross site scripting vulnerability affects Y! Toolbar for FireFox on MAC version 3.1.0.20130813024103 and Windows version 2.5.9.2013418100420.

tags | advisory, local, xss
systems | windows
advisories | CVE-2013-6853
SHA-256 | 142248a0c37ee7fab8c5439b25c68e5735667f364eea08f98a2fd5994f534c29
Spring JavaScriptUtils.javaScriptEscape() Escape Failure
Posted Jan 16, 2014
Authored by Pivotal Security Team

The JavaScriptUtils.javaScriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in a cross site scripting vulnerability. Spring MVC versions 3.0.0 through 3.2.1 are affected.

tags | advisory, xss
advisories | CVE-2013-6430
SHA-256 | 242790135a9927b7deb87c43607a629b3269e553eee7b7f28d9784435b870ce8
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close