what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2014-06-19

AlienVault OSSIM av-centerd Command Injection
Posted Jun 19, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.

tags | exploit, web, perl, code execution
advisories | CVE-2014-3804
SHA-256 | f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8
HP Security Bulletin HPSBOV03047
Posted Jun 19, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03047 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | e545961d2486992ac5cd08c4a4d901c108cc777140b0a87c47be2e344c642f8a
Balkan Computer Congress 2014 Call For Papers
Posted Jun 19, 2014
Authored by BalCCon

This is the announcement for the Balkan Computer Congress 2014 (BalCCon) Call For Papers. It will be held September 5th through the 7th in Novi Sad, Vojvodina, Serbia.

tags | paper, conference
SHA-256 | 395fdebd464d9ea73ff861ca19bf341d233affbb6c7ed3c341b6e2939a6ba13f
Red Hat Security Advisory 2014-0772-01
Posted Jun 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0772-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2012-6638, CVE-2014-1737, CVE-2014-1738
SHA-256 | b39ab59da6eb4cf12abfe7f5da13883f79093f424333564d663bd67f9e433ae8
Red Hat Security Advisory 2014-0770-01
Posted Jun 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0770-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. A shell command injection flaw was found in the way foreman-proxy verified URLs in the TFTP module. A remote attacker could use this flaw to execute arbitrary shell commands on the system with the privileges of the user running foreman-proxy. This issue was discovered by Lukas Zapletal of Red Hat. Note that for Red Hat Enterprise Linux OpenStack Platform 3.0, Foreman was released as a Technology Preview.

tags | advisory, remote, arbitrary, shell
systems | linux, redhat
advisories | CVE-2014-0007
SHA-256 | 45d2dd06196dba362bdfc1b1fba8fc39ea1986b37fdf8f3bba736cdd0e23f021
Gentoo Linux Security Advisory 201406-18
Posted Jun 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-18 - A vulnerability in rxvt-unicode may allow a remote attacker to execute arbitrary code. Versions less than 9.20 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-3121
SHA-256 | 265fd3c25d7c4ae3e599687c6a81d3c09bfb1e5777f345264551bcebcc0ff312
Ubuntu Security Notice USN-2250-1
Posted Jun 19, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2250-1 - Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1533, CVE-2014-1538, CVE-2014-1541
SHA-256 | dddebba2dc6819014946e60612c0b01c0f17fe3554a8617afe844276d7b32721
Red Hat Security Advisory 2014-0771-01
Posted Jun 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0771-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-3153
SHA-256 | 045975b06f49ae62face7f508bfd20413516dac60cbe25c8914c866298aa5808
Ericom AccessNow Server Buffer Overflow
Posted Jun 19, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Ericom AccessNow Server. The vulnerability is due to an insecure usage of vsprintf with user controlled data, which can be triggered with a malformed HTTP request. This Metasploit module has been tested successfully with Ericom AccessNow Server 2.4.0.2 on Windows XP SP3 and Windows 2003 Server SP2.

tags | exploit, web, overflow
systems | windows
advisories | CVE-2014-3913
SHA-256 | ebcadf3ecbef96b23f35bdc1801d697a19ccfe4ec12a013d2b6a82b0e6e572b2
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close