what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-03-25

Ubuntu Security Notice USN-2549-1
Posted Mar 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2549-1 - It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. Fabian Yamaguchi discovered that libarchive incorrectly handled certain type conversions. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0211, CVE-2015-2304
SHA-256 | a21c54de461ecbc21d0031ce3c666809c5980fd2ba0a648ee1d7e916688abbca
Debian Security Advisory 3197-2
Posted Mar 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3197-2 - The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.

tags | advisory
systems | linux, debian
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292
SHA-256 | 8ffa01890f95e94ab414f9473060e0fffbf3f3be11fbf797714fa6a0c0a6d411
pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 25, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2015-2294, CVE-2015-2295
SHA-256 | 17f91d13806f834c29b1b913f8c480f5b36357931284cb1c6d8b791cd8c6f217
Ubuntu Security Notice USN-2548-1
Posted Mar 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2548-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2015-0250
SHA-256 | d292c8c54c0625368669907a9cb53fed70161f0ef2a1072fca343fe9f3cbc9da
WordPress Marketplace 2.4.0 Add Administrator
Posted Mar 25, 2015
Authored by Claudio Viviani, Kacper Szurek

WordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.

tags | exploit, php
SHA-256 | ac59d4a9526b37f10ef94defac072ade2a47ac7bfca88a79255e93f826142f61
Mini-Stream RM-MP3 Converter 2.7.3.700 Buffer Overflow
Posted Mar 25, 2015
Authored by TUNISIAN CYBER

Mini-Stream RM-MP3 Converter version 2.7.3.700 local buffer overflow exploit with message box shellcode.

tags | exploit, overflow, local, shellcode
SHA-256 | 4ed27043a3181af40f56ae9bf436272d765cd8693620a76592e3424d76c080f3
HP Security Bulletin HPSBGN03285 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03285 1 - Potential security vulnerabilities have been identified with these three packages. These vulnerabilities could be exploited to allow execution of code. HP Operation Agent Virtual Appliance for monitoring VMware vSphere environments (OAVA) HP Virtualization Performance Viewer for monitoring VMware vSphere environments (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA). Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322, CVE-2015-0235
SHA-256 | 172838bdb356ce6ff085acbfa8cc07719e149fed64df6c1daaa6c456b43e7a32
HP Security Bulletin HPSBMU03263 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03263 1 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | e9470422791d2a2b95c43579456c672fbc3a4de6806dd7e01f693c18ab61c8c6
HP Security Bulletin HPSBMU03291 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03291 1 - A potential security vulnerability has been identified with HP Operations Orchestration running Powershell operations that could result in the remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2015-2108
SHA-256 | dfa33d95c5b97229bad94d7c80beb01e5a9d49c60dd241d5263e97aaea3bce57
HP Security Bulletin HPSBMU03292 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03292 1 - A potential security vulnerability has been identified with HP Operations Orchestration that could result in authentication bypass. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2109
SHA-256 | 509a6fcac01c24dff38150100ab1f08082dd575792764b055a22d55c0c785c5a
HP Security Bulletin HPSBMU03262 2
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03262 2 - A potential security vulnerability has been identified with the HP Version Control Agent running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. A second vulnerability could be exploited to cause a Denial of Service (Dos). Revision 2 of this advisory.

tags | advisory, denial of service
systems | linux, windows
advisories | CVE-2014-3566, CVE-2014-5139
SHA-256 | 218f0c2a31014c81caf3dc20a4383a93b33e4c8723e78076f68121e372890291
HP Security Bulletin HPSBHF03276 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03276 1 - A potential security vulnerability has been identified with HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4). The vulnerability could be exploited remotely resulting in unauthorized access or Denial of Service. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2015-2106
SHA-256 | 0bb3556b2a1709dbbc1f3c292420358bf30f6b1c1c79507ceb5876a01ecc94b6
HP Security Bulletin HPSBHF03275 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03275 1 - A potential security vulnerability has been identified with HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4). The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 172e4ff7e09b9e3d9390027c862dbf18f867bdecc9c0c44208f7297496685b6b
HP Security Bulletin HPSBMU03301 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03301 1 - Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3566
SHA-256 | c0ddf1cba31f6d75cc901730731461ddf99ca69b7955086116786dd7bed332a3
Red Hat Security Advisory 2015-0720-01
Posted Mar 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0720-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0005, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3472, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3558, CVE-2014-3577, CVE-2014-3578, CVE-2014-3625
SHA-256 | 4ce89b92cfd48ba7281a739aa5bd977c0dd79177e1e4b9ae367ed1deba2659c9
Red Hat Security Advisory 2015-0719-01
Posted Mar 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0719-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. It was found that the 'do' parameter permitted expression language injection, which could allow a remote attacker to execute Java methods on an affected server.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2015-0279
SHA-256 | 3bc10be638561a84a22f7d12bb3bbe4617b2600873ca067c9751772eb657ddd8
HP Security Bulletin HPSBGN03288 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03288 1 - A potential security vulnerability has been identified with HP Server Automation. This vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2015-0240
SHA-256 | d6a1647519e8e6318998d9bf72dbd53af0d42837ee32a610e3accf6ae3e02c08
HP Security Bulletin HPSBGN03282 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03282 1 - Potential security vulnerabilities have been identified with the underlying Linux Operating System kernel which supports these three Virtual Appliance packages. These vulnerabilities could be exploited to allow execution of code and other issues. HP Operations Agent Virtual Appliance for monitoring VMware vSphere environments (OAVA) HP Virtualization Performance Viewer Virtual appliance (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA). Revision 1 of this advisory.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322
SHA-256 | 864b0db9d75f4f8f952cedebeb176669331ab60bcc28a09d3c66acf6f249367d
WordPress Marketplace 2.4.0 Arbitrary File Download
Posted Mar 25, 2015
Authored by Kacper Szurek

WordPress Marketplace version 2.4.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-9013, CVE-2014-9014
SHA-256 | ff5c9bca6be4f917e44ba3f43280d1887e3442049bcb78dc75cd7e35100af664
HP Security Bulletin HPSBHF03151 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03151 1 - A potential security vulnerability has been identified with HP Integrated Lights-Out 2 and 4 (iLO 2, iLO 4) and Chassis Management (iLO CM) firmware. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) remote execution of code, and elevation of privilege. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-7876
SHA-256 | 6d007742f5d31173b6a72e6a8245ed5bde88f82e18a6f74138485feba30517e1
Joomla Spider Random Article SQL Injection
Posted Mar 25, 2015
Authored by Jagriti Sahu

Joomla Spider Random Article component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fa08b153d4be75c3ef3dc85593c751b07ba4907dd1c8090e641c63c957325b65
Question2Answer 1.7 Cross Site Scripting
Posted Mar 25, 2015
Authored by s0w

Question2Answer version 1.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e26696f351c024c5393265e8748ed1af7855f5d0b528fc56711ca201d3840a08
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close