what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-07

F5 iControl Remote Command Execution
Posted May 7, 2014
Authored by Brandon Perry

F5 iControl systems suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-2928
SHA-256 | 3bb67baccdc0e397583692f37c40518c602a130776335c7f7b2de6042944cd0d
Cisco Security Advisory 20140507-webex
Posted May 7, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | cisco
SHA-256 | 59c4296af5b6ceca8e5b74de5fd6b6d22992aeb1fe2b1d7f7edacfb749f4de6e
HP Security Bulletin HPSBMU03018 3
Posted May 7, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03018 3 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 3 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 0e7d0b8ece89f46abe0b7aabc8e34444d04b7cf5220ce1b9f9c8b7dbeb2ecee7
Fortiweb 5.1.x Cross Site Request Forgery
Posted May 7, 2014
Authored by William Costa, Enrique Nissim | Site fortiguard.com

FortiWeb versions 5.1.x and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2014-3115
SHA-256 | 348864acff9f9973120d33162b0f9a517791d4941d91591f5a9b3c03290565df
Offiria 2.1.0 Cross Site Scripting
Posted May 7, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Offiria version 2.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2689
SHA-256 | 025b9cc75f03eaf22ce2c6ff43f58faed7d6d01e2abb67350a626700ff82d560
NIELD (Network Interface Events Logging Daemon) 0.5.1
Posted May 7, 2014
Authored by Tetsumune KISO | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.

Changes: This release includes a security update and adds support for systemd.
tags | tool, kernel, system logging
systems | unix
SHA-256 | 39905bd42aa4ad95f5542059aa12ec489efbcd158bd484eaf52c6bf29e65c673
Breakpoint 2014 Call For Papers
Posted May 7, 2014
Authored by bpx | Site ruxconbreakpoint.com

The Breakpoint 2014 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 8th through the 9th, 2014. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.

tags | paper, conference
SHA-256 | 51295251d034007a82e1fcd395c19ee9d0d2a864ef12982d4645554778062163
SQL Injection In Insert, Update, And Delete
Posted May 7, 2014
Authored by Osanda Malith

This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.

tags | paper, sql injection
SHA-256 | 9499be52d5cfed9d72ecaf10bc20f2276bb6bc14fd6d1eb70d8afca6916fdf70
HP Security Bulletin HPSBMU02994 4
Posted May 7, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02994 4 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | bd6e50aa40efcf27d2a55702821100a9e57b90bb9cc5e357d0771a96e60ef110
Red Hat Security Advisory 2014-0474-01
Posted May 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0474-01 - Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.

tags | advisory, java, remote, web, code execution
systems | linux, redhat
advisories | CVE-2014-0114
SHA-256 | d012c34ca5796768ff82182aacb36f0a7e897e45e96c86d8e528eb920b2fd870
Ubuntu Security Notice USN-2208-2
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-2 - USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6491
SHA-256 | d0d5156d5df85a3712f3a696f3471fd131bc63c5a190a82aa2f593f624ebb58d
Ubuntu Security Notice USN-2208-1
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-1 - JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-6491
SHA-256 | 53acf4004418f2da4a2339679b5b8960dea74b9702a0c8eb99b88eef60eba10e
Terminal IP Lookup Tool (TILT) 0.6
Posted May 7, 2014
Authored by AeonDave | Site github.com

Tilt, aka Terminal ip lookup tool, is an easy and simple open source tool implemented in Python for ip/host passive reconnaissance. It is very handy for first reconnaissance approach and for host data retrieval.

Changes: Many Improvements and updates.
tags | tool, python
systems | unix
SHA-256 | e6aa0d6a3853455672f7b9eac9259f2ab799338ce64330ca99b428a3c6335aad
WordPress Photo-Gallery Cross Site Request Forgery
Posted May 7, 2014
Authored by Felipe Andrian Peixoto

WordPress Photo-Gallery plugin suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.

tags | exploit, csrf
SHA-256 | c782dc85e948b6e33fa0638384eb3d60963677fc0c110663b3ea8899d7e182d7
Global Domains International Cross Site Scripting / Traversal
Posted May 7, 2014
Authored by indoushka

Sites by Global Domains International, Inc suffer from cross site scripting and directory traversal vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 0f6600539c8143a8fa9d056116a8e385d2f7f10edcf47301dbf33bf88f5ab309
InvisionPower CMS Links To Titles 3.0 Cross Site Scripting
Posted May 7, 2014
Authored by UmPire

InvisionPower CMS Links to Titles utility version 3.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d003bac19ce9abb550ac27edf8a886c7e70a1c1cf25d4cb98871573a9b3f7aca
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close