what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2015-01-27

FancyFon FAMOC 3.16.5 Cross Site Scripting
Posted Jan 27, 2015
Authored by Matthias Deeg | Site syss.de

FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | efa9652e44569c33fc4fee812a69f383c8001fe4f217c3d71994dbc05b3b72c3
FancyFon FAMOC 3.16.5 SQL Injection
Posted Jan 27, 2015
Authored by Matthias Deeg, Sebastian Nerz | Site syss.de

FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3a671192f0facf33bd6129a2886a8ff9396192343746c6b576a400840ee63a00
Qualys Security Advisory - glibc gethostbyname Buffer Overflow
Posted Jan 27, 2015
Authored by Alexander Peslyak, Qualys Security Advisory

Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".

tags | exploit, overflow
advisories | CVE-2015-0235
SHA-256 | ffa8d4a79d99689d850b8267b77bc648e3bd73f6426baa39b73870777ee69adb
Red Hat Security Advisory 2015-0092-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
SHA-256 | 620c64a2aa97609a8171e047e7c827ed68c38df906fd7ea24237c738885f5d14
SEANux 1.0 Remote Code Execution
Posted Jan 27, 2015
Authored by Larry W. Cashdollar

The Syrian Electronic Army SEANux linux distro version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
systems | linux
SHA-256 | b080cc1a04a781bc198b71a73b2e7296a4626b1e7f06b5166036b5722ce7cf48
WebKitGTK+ DoS / Code Execution / Bypass
Posted Jan 27, 2015
Authored by WebKitGTK+ Team

The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2927, CVE-2014-1292, CVE-2014-1297, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339
SHA-256 | 326b02ff487ef267ea4187e1de17d0c6aac589a200b5be40f35cf8784fed3930
D-Link DSL-2740R Unauthenticated Remote DNS Change
Posted Jan 27, 2015
Authored by Todor Donev

Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.

tags | exploit
SHA-256 | 12bcee98da8a2545e67c0fd61295e3e76c43d64f193a59bac3a91c594c824b90
0x90 International Cyber Security Summit 2015 Call For Papers
Posted Jan 27, 2015
Authored by 0x90 CFP

The 0x90 International Cyber Security Conference has announced its Call For Papers. It will be help March 14th, 2015 in Chennai.

tags | paper, conference
SHA-256 | aec3207fc46069cdc097a620f0ac9ee14f3235262ee2a4b2ec49cef66965d5dd
Red Hat Security Advisory 2015-0091-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0091-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | bdf037afd49b398166324949f92dc7768a32136e17bc96f57b60fefd223c3a7c
Red Hat Security Advisory 2015-0090-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0090-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
SHA-256 | 344c688ffb8ddd28041911af7b947b4637ab2b0d272cf93ad900b34861ef6a7c
Ubuntu Security Notice USN-2485-1
Posted Jan 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2485-1 - It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0235
SHA-256 | c7798887732cc742d95486b2a7043530084263b6462e11eafef68f99f3fe0843
Debian Security Advisory 3142-1
Posted Jan 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-6656, CVE-2014-6040, CVE-2014-7817, CVE-2015-0235
SHA-256 | 26074a481751614ed048aa65c68c0f68a31ac03ddd5cb0a7c9feb7060aa253ca
Debian Security Advisory 3141-1
Posted Jan 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3141-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-0562, CVE-2015-0564
SHA-256 | 85e9d53006911d7744cffdc0582d48c49061e09c59b47fdd03a3858bc366ab24
Debian Security Advisory 3140-1
Posted Jan 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3140-1 - Multiple security issues have been discovered in the Xen virtualization solution which may result in denial of service, information disclosure or privilege escalation.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2014-8594, CVE-2014-8595, CVE-2014-8866, CVE-2014-8867, CVE-2014-9030
SHA-256 | a2106c197e2e01397c5028ddbf50e4b1ec243676cc7ab6262b916a12ae043f69
Ubuntu Security Notice USN-2458-3
Posted Jan 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2458-3 - USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642
SHA-256 | 741324ee8837b8281a71616c36adb2d0af44e5dc3a322ae1f72ca546e720c2e4
FancyFon FAMOC 3.16.5 Session Fixation
Posted Jan 27, 2015
Authored by Matthias Deeg | Site syss.de

FancyFon FAMOC version 3.16.5 suffers from a session fixation vulnerability.

tags | exploit
SHA-256 | d9ed306cd69939777d43977859a23d2b0d269c3652c90899c8652bcdeb2459ce
FancyFon FAMOC 3.16.5 Missing Salt
Posted Jan 27, 2015
Authored by Matthias Deeg | Site syss.de

FancyFon FAMOC version 3.16.5 fails to mint one-way hashes without use of a salt.

tags | exploit
SHA-256 | b1d0a56de5c177ff2044a5a97d03ce257e2444febf937112e175e2fe8e4765a8
NASA.gov Cross Site Scripting
Posted Jan 27, 2015
Authored by Yann CAM

Multiple nasa.gov subdomains suffered from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6191218f1434ba043aed4a65a60f43793bbac40fe0e83ed770b31f5accb7a689
Android CVE-2014-7911 / CVE-2014-4322 Local Exploit
Posted Jan 27, 2015
Authored by retme

Proof of concept exploit that allows a local application to gain system privileges via CVE-2014-7911 and then root via CVE-2014-4322. The exploit included is for a Nexus 5 with Android 4.4.4 (KTU8P). The exploit may also work on other devices if the offsets of the rop chain are modified.

tags | exploit, local, root, proof of concept
advisories | CVE-2014-4322, CVE-2014-7911
SHA-256 | 9bee54444ab6e873a99692c9254b7a2016b81c6a94b64203d4746a410081dac3
Bro Network Security Monitor 2.3.2
Posted Jan 27, 2015
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple security-related bug fixes.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2014-9586
SHA-256 | 2fe5fbda0a86b5a594116d567fd9a4c2458d30f1c6670ba8e1fac0bc8848c69b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close