what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-03-04

Java OpenID Server 1.2.1 XSS / Session Fixation
Posted Mar 4, 2014
Authored by Bartlomiej Balcerek

JOIDS (Java OpenID Server) version 1.2.1 suffers from reflected cross site scripting and session fixation vulnerabilities.

tags | exploit, java, vulnerability, xss
SHA-256 | d0111d88c2b72fdcea60d1fd44070e2af28045c390f13e4603277e4f163efcef
ClickDesk 4.3 Cross Site Scripting
Posted Mar 4, 2014
Authored by Owais Mehtab

ClickDesk versions 4.3 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9211
SHA-256 | 344fe9de1d611e0634831da9f2d4b854bfccfac96330419b32ed688d72f409ad
Ganib 2.3 SQL Injection
Posted Mar 4, 2014
Authored by drone

Ganib versions 2.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f53669a90a92541ae5ebdad41e56273cd5fd6b51046bd02996f9b2579f3c29e3
Red Hat Security Advisory 2014-0233-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0233-01 - PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations. It was found that PackStack did not correctly install the rules defined in the default security groups when deployed on OpenStack Networking, allowing network connections to be made to systems that should not have been accessible.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0071
SHA-256 | d0e3596d44e146faf389856532df61af504299d7155b1850dc343f3cb5a55d2c
Red Hat Security Advisory 2014-0232-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0232-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-0006
SHA-256 | 2cef7217286d6231bd24a8422992541b2a4b819ddcde406b623c1a34895443cd
Apache Cordova 2.9.0 Privilege Escalation
Posted Mar 4, 2014
Authored by Neil Bergman

Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.

tags | advisory
systems | ios
advisories | CVE-2014-0073
SHA-256 | 46f9762d77c27f4579740acc749cf9bbfa02d036bfb37b414990a0d228c44bb4
Apache Shiro 1.2.2 LDAP Authentication Bypass
Posted Mar 4, 2014
Authored by The Apache Shiro Team

Apache Shiro versions 1.0.0-incubating through 1.2.2 suffer from an LDAP authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2014-0074
SHA-256 | dd17aaac4e39d79fb0b7ad3c5615cb3f1d0c5d4dca808a15c9b0caf3d71d0851
Ipdecap 0.7
Posted Mar 4, 2014
Authored by Loic Pefferkorn | Site loicp.eu

Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, and ESP (IPSEC) protocols, and can also remove IEEE 802.1Q (virtual LAN) headers. It reads packets from a pcap file, removes the encapsulation protocol, and writes them in another pcap file.

Changes: This release has been ported to FreeBSD, and has better error messages and internal cleanup.
tags | tool, protocol
systems | unix
SHA-256 | 62458854a67a34d0c82bda34f6720a0648d7d8b5b452b9953b0cac0090993012
Red Hat Security Advisory 2014-0229-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0229-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An information leak flaw was found in the way glance stored certain logging information. An attacker with access to the glance log files could use this flaw to obtain authentication credentials to the OpenStack Object Storage back end. Note that only setups using the swift back end were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-1948
SHA-256 | 9af5320882c5b727f5614207ecd44d12d0af624df0e1ddd4be9c70270ba5c125
Red Hat Security Advisory 2014-0231-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0231-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2013-6419, CVE-2013-6437, CVE-2013-7048, CVE-2013-7130
SHA-256 | 5df7a83b8fe26fa0470a7d38af7acc1ed469562d7c88efd074564fedb66f3947
CMS Made Simple XSS / CSRF / PHP Object Insertion
Posted Mar 4, 2014
Authored by Pedro Ribeiro

CMS made simple has several security problems including cross site scripting in the admin console, weak cross site request forgery protection, and a possible PHP object insertion via unserialize.

tags | advisory, php, xss, csrf
advisories | CVE-2014-0334
SHA-256 | 165f2672c4e307d6f2d42b9cc9d42950c835e7ec626e6b398fbd8b1fe71de042
Red Hat Security Advisory 2014-0230-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0230-01 - MongoDB is a NoSQL database. A buffer over-read flaw was found in the way MongoDB handled BSON data. A database user permitted to insert BSON data into a MongoDB server could use this flaw to read server memory, potentially disclosing sensitive data. All mongodb users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6619
SHA-256 | dc3570de79530102a49796a2c80e9fa6107fb87bb494decdefa6c6177d7a699a
Slackware Security Advisory - gnutls Updates
Posted Mar 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0092
SHA-256 | d2fbe6a04e9c821c822111c7e9e0feff0b368ca90b59ebcf0371f30d2bcd3c80
Cory JobSearch 1.0 SQL Injection
Posted Mar 4, 2014
Authored by Slotleet

CoryApp Cory JobSearch suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e2cbbfcb6107f466b9c88014936f7d4ece59c46ccbf85de5cf1ff6afb627a8db
Calavera Uploader 3.5 Buffer Overflow
Posted Mar 4, 2014
Authored by Daniel La Calavera

Calavera Uploader version 3.5 SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 2b1aef2f7c9231e07b70b8bc26bf60a7b03287605b0e48d31fcaf28c0141a69a
Malware Analysis Part I
Posted Mar 4, 2014
Authored by Thomas Moller | Site 0x90.se

Malware Analysis Part I - This guide is the first part of a series of three where we begin with setting up the very foundation of a analysis environment; the analysis station. It will give the reader a quick recap in the different phases of malware analysis along with a few examples. It will then guide the reader in how to build an analysis station optimized for these phases. Along with this, the guide also introduces a workflow that will give the reader a good kick-start in performing malware analysis on a professional basis, not only on a technical level.

tags | paper
SHA-256 | 360e9264e9f61a47cd121cfae0c35e5ff25ec45bd1624d722d6c73494f35ee89
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close