what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-06-24

Microsoft Dynamics CMS 2013 CSRF / File Upload / Replay
Posted Jun 24, 2014
Authored by Vadodil Joel Varghese

Microsoft Dynamics CRM 2013 is susceptible to multiple security vulnerabilities such as cross site request forgery, cross browser, replay, and file upload attacks.

tags | exploit, vulnerability, file upload, csrf
SHA-256 | 6b2cfd8531debcc4385762b23654dceb2f5f418d1dd4aad882be46f1e63e17e0
r2dr2 UDP DrDoS Amplification Tool
Posted Jun 24, 2014
Authored by Pablo Alobera | Site securitybydefault.com

r2dr2 is a UDP amplification attack tool for committing DRDoS denial of service attacks.

tags | tool, denial of service, udp
SHA-256 | 90aad7c803a9edd43b0a8e6475f9e30fc2f194c5f679e6328122032f306cfc15
TimThumb 2.8.13 Remote Code Execution
Posted Jun 24, 2014
Authored by Pichaya Morimoto

TimThumb version 2.8.13 with WebShot enabled suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 6c1a5f9fe02b211531e8610b366ae5ef5647ad9b838030ad32e7a11481a4ccac
HP Security Bulletin HPSBHF03052
Posted Jun 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03052 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | b47b3c7f4ac3559bddf86c59b1503433af2a0bfc437cd35375d3a4fc1b150437
D-Link authentication.cgi Buffer Overflow
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.

tags | exploit, remote, web, overflow, cgi
advisories | OSVDB-95951
SHA-256 | 450e0c17e9ed8a5889f1222fd8943a072ac89cff24fdb5117836d675f119995d
D-Link hedwig.cgi Buffer Overflow in Cookie Header
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.

tags | exploit, remote, web, cgi, code execution
advisories | OSVDB-95950
SHA-256 | 34fd8be52c6556ed2de772a2ee3aff9ac71be9f460f14eb17c88ae1909383dd4
SpamTitan 6.01 Cross Site Scripting
Posted Jun 24, 2014
Authored by William Costa

SpamTitan version 6.01 suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f3ac07a043a85c59a96327ff59d22880505e159ff1b3503616bcd8dbd5fce37c
Supermicro IPMI/BMC Cleartext Password Scanner
Posted Jun 24, 2014
Authored by 1N3 | Site treadstonesecurity.blogspot.ca

This script automates scanning for the Supermicro IPMI/BMC cleartext password vulnerability. It can check full subnets or individual hosts and includes an option to scan via proxy and to view vulnerable hosts listed in ShodanHQ.

tags | exploit
SHA-256 | e368bb65b92ec2b0491d4f9bcbea58351c46f62c857e2b132316a9843b04816d
Maligno 1.1
Posted Jun 24, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload execution (sandbox evasion), automatic metasploit resource file generation.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 25d4bc4e590478b83b26d629bca17049d507bdcc5b7e005af9a4b7b761b33434
Gentoo Linux Security Advisory 201406-21
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-21 - Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. Versions less than 7.36.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0138, CVE-2014-0139
SHA-256 | 090b15096d43be2a5496a00652c5582533b2fa4c98c5f69f159e282331632787
Gentoo Linux Security Advisory 201406-20
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-20 - A vulnerability has been found in nginx which may allow execution of arbitrary code. Versions less than 1.4.7 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0133
SHA-256 | 3e519a84a2acdaf4c4485c9b31a5fdcefeaa8e4c356e434dd87d582ec8ce444e
Gentoo Linux Security Advisory 201406-19
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1620, CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
SHA-256 | 74e12d781dc2269c43a0d713ed2d5e4560d44b59280cef7ff26ff92e33913982
Red Hat Security Advisory 2014-0784-01
Posted Jun 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0784-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
SHA-256 | 2fe962a0ac26681f3b48cc7f43712a45010ac30946e2d8611c69b22787862bf3
Red Hat Security Advisory 2014-0785-01
Posted Jun 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0785-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. Seam is an open source development platform for building rich Internet applications in Java. Seam integrates technologies such as Asynchronous JavaScript and XML, JavaServer Faces, Java Persistence API, and Enterprise Java Beans. Seam 2.3 provides support for JSF 2, RichFaces 4, and JPA 2 capabilities, running on top of Red Hat JBoss Enterprise Application Platform 6. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.

tags | advisory, remote, web, arbitrary, javascript, code execution
systems | linux, redhat
advisories | CVE-2014-0248
SHA-256 | 06ffa563b022f7b57fa8a4d45d3f1578fddfa7ff5c60e99cce20af00025ce177
Red Hat Security Advisory 2014-0783-01
Posted Jun 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0783-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
SHA-256 | 7970ead449f6465fe4c9d9f66ba3f4bd81ac210eff065518739a14c9b7a31fb3
Debian Security Advisory 2966-1
Posted Jun 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2966-1 - Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0178, CVE-2014-0244, CVE-2014-3493
SHA-256 | cadbb346ed967f6dc5615cdffc603a76e74ec852b15489b482e1e7fbdcfbf707
Debian Security Advisory 2965-1
Posted Jun 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2965-1 - Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2013-4243
SHA-256 | e90896a3995b973826f47abf3ef4a738f398fc2a44b8103de0909eef969c1a38
Debian Security Advisory 2964-1
Posted Jun 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2964-1 - Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this flaw.

tags | advisory, remote, bypass
systems | linux, debian
advisories | CVE-2014-4168
SHA-256 | 80209052e28549a23409c2154ad25d6f0050a19726489b2590493d4a26aca86a
Ubuntu Security Notice USN-2254-1
Posted Jun 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2254-1 - Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local, php
systems | linux, unix, ubuntu
advisories | CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-4049
SHA-256 | 2b8da918b6d2a26bf40ceadde3bfdcca411a3dfed0ac5a2df1c150957c5ab312
Ubuntu Security Notice USN-2232-3
Posted Jun 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-3 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | cc6733f4fffea0f3b6869064e684111e12bbecad4854424c42c0407cf80705b2
Ubuntu Security Notice USN-2253-1
Posted Jun 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2253-1 - It was discovered that LibreOffice unconditionally executed certain VBA macros, contrary to user expectations.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0247
SHA-256 | b81ffc82c33e804f6dfee7e601bf1524665c2fbc6e1927ce1e0b5e89796cb3c6
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close