what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-08-18

EMC Documentum Cross Site Scripting
Posted Aug 18, 2014
Site emc.com

EMC Documentum WebTop based products contain fixes for multiple cross-scripting vulnerabilities that could potentially be exploited by malicious users to inject arbitrary script via some query string parameters. This may lead to execution of malicious html requests or scripts in the context of an authenticated user. These issues are caused due to the vulnerable parameters ?startat? and ?entryId?.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2014-2511
SHA-256 | b434568623c4c0e8cf4b56bd01b7005b5a5a3db80d070310d5419ca3eebed85e
EMC Documentum Cross Site Request Forgery
Posted Aug 18, 2014
Site emc.com

Documentum WDK based clients may be vulnerable to multiple CSRF vulnerabilities. A malicious unauthenticated attacker can potentially leverage this vulnerability to trick authenticated users of the application to click on specially-crafted links that are embedded within an email, web page or other source and perform Docbase operations with that user privileges.

tags | advisory, web, vulnerability
advisories | CVE-2014-2518
SHA-256 | 4df293103cd5f8c60c8784e2a3ef3a2ec090d9c792323de73f9429bdd73c182e
Ubuntu Security Notice USN-2232-4
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-4 - USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 67e0e8644e9b976275e227eeae25d58569e1a29be71eb344aa1092fdbe47be4d
Gitlab-shell Code Execution
Posted Aug 18, 2014
Authored by Brandon Knight | Site metasploit.com

This Metasploit module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account valid credentials are required to exploit this vulnerability.

tags | exploit, shell
advisories | CVE-2013-4490
SHA-256 | 65fe10c27fade5931f989520557835098ed4bf35e440ecf8cc61973c2269ee5b
Firefox toString console.time Privileged Javascript Injection
Posted Aug 18, 2014
Authored by moz_bug_r_a4, joev, Cody Crews | Site metasploit.com

This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2013-1670, CVE-2013-1710
SHA-256 | 723732f5e9f85d7844a5395a8a59e9af072256440c604cfc1138fd3468e2d08d
Debian Security Advisory 3006-1
Posted Aug 18, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3006-1 - Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-1432, CVE-2013-1442, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-2211, CVE-2013-4329, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368, CVE-2013-4494, CVE-2013-4553, CVE-2014-1950, CVE-2014-2599, CVE-2014-3124, CVE-2014-4021
SHA-256 | 022c7dacd6753366685e6693c5aeb3e32a9dce17c24badf0fc135994da1dfee0
Apache HttpComponents Man-In-The-Middle
Posted Aug 18, 2014
Authored by Subodh Iyengar

Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.

tags | advisory
advisories | CVE-2014-3577
SHA-256 | 889514603cc555b13c01e72b05be1ebefa0cbf2ff89b15aa2ff8b3f9c2602bf1
Senkas Kolibri WebServer 2.0 Buffer Overflow
Posted Aug 18, 2014
Authored by tekwizz123

Senkas Kolibri WebServer version 2.0 is vulnerable to remote code execution via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the application's binary itself, which once executed, will allow the attacker to execute his/her payload located in the HOST field.

tags | exploit, remote, code execution
advisories | CVE-2010-5301, CVE-2014-4158, CVE-2014-5289
SHA-256 | e7aca045137e803e2f420610b3f8fd1f46b74e952efdfc1f4fc8d70e6048f942
Red Hat Security Advisory 2014-1073-01
Posted Aug 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1073-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-1492
SHA-256 | 03bc1e998b88732356d3e9bf36b37a5c3c6517bf7c5512470a4b2b29f352b83a
Ubuntu Security Notice USN-2317-1
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2317-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-5206, CVE-2014-5207
SHA-256 | 891094f08750c7ff1ccc2f3aa4fe734c4fae78b401f90a2713af74ba81869398
Ubuntu Security Notice USN-2318-1
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2318-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-5206, CVE-2014-5207
SHA-256 | ac47389034e16265b91f850754f4d17ed121b6517b8fb5a79f805b8139d46dff
Outlook.com For Android Failed Validation
Posted Aug 18, 2014
Authored by Yorick Koster

Outlook.com for Android fails to properly validate SSL server certificates allowing for man-in-the-middle attacks. This issue was found in Outlook.com for Android version 7.8.2.12.49.2176 and version 7.8.2.12.49.6434.

tags | advisory, bypass
advisories | CVE-2014-5239
SHA-256 | feb52f7f3c4f0ae9883f60191249254d8403bfb4759cf2e2b7f8a017088d241a
Tenda A5s Router Authentication Bypass
Posted Aug 18, 2014
Authored by zixian

Tenda A5s router suffers from an authentication bypass vulnerability due to improperly trusting cookies.

tags | exploit, bypass
advisories | CVE-2014-5246
SHA-256 | 75354821f95fabdfb5c0ba4d05cdf943735ebbb7e157fc3995bef4b079711abd
Viproy VoIP Penetration / Exploitation Kit 2.0
Posted Aug 18, 2014
Authored by Fatih Ozavci | Site viproy.com

Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.

Changes: Released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extensions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analyzers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyze modules.
tags | tool
systems | linux, unix
SHA-256 | dd2aee754acd9cdcd4184af9508f9a6f1c6510444a5f6485807f4ac9ebf5000f
VoIP Wars: Attack Of The Cisco Phones
Posted Aug 18, 2014
Authored by Fatih Ozavci

These are the slides from the presentation "VoIP Wars: Attack of the Cisco Phones" from the talk given at Defcon 22 and Blackhat USA 2014.

tags | paper
systems | cisco
SHA-256 | 720ddb24a662b21cf705390762e270841f4e60b42dfbc2cfb78cf7cff84316a9
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close