exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-11-03 to 2014-11-04

Aircrack-ng 1.2 Beta 3 DoS / Code Execution
Posted Nov 3, 2014
Authored by Nick Sampanis

Aircrack-ng version 1.2 Beta 3 suffers from code execution, denial of service, and privilege escalation vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
advisories | CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324
SHA-256 | f3e7c8a63cbec61d5c78827efb02d49d9d05689624c2f7561f5febd98b07fd60
Debian Security Advisory 3063-1
Posted Nov 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3063-1 - An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-8483
SHA-256 | 78b85433b74d258e82c7a6d556cb5a3cf6215ca5d833d747f029baec5c7100ea
Debian Security Advisory 3061-1
Posted Nov 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3061-1 - Multiple security issues have been found in Icedove, Debian's version of errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586
SHA-256 | 36ec64374890abf030cc3dda6ebf61dcdb33fbebc13e4b25dfaf34d57bfdf88c
Red Hat Security Advisory 2014-1796-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1796-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was reported that OpenShift Enterprise 2.2 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. OpenShift Enterprise 2.2 introduces the oo-gear-firewall command which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3602, CVE-2014-3674
SHA-256 | d0b19238b740defc001627b204319e65acf1d105d3b7f938e5177156cd42ead8
Red Hat Security Advisory 2014-1795-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1795-01 - The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-4337, CVE-2014-4338
SHA-256 | f4f080cd92162d6b8cb4a45568f8878ea79052302e9b3d47c111c48687f25f33
Red Hat Security Advisory 2014-1789-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1789-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admin_token. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3621
SHA-256 | 3bf35060fbacd4ed32d6a0fc48ddd540b081b19f605332632d49c83cc5872263
Red Hat Security Advisory 2014-1788-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1788-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API. A flaw was found in the GlusterFS and Linux smbfs drivers for OpenStack Block Storage. A remote attacker could use this flaw to disclose an arbitrary file from the cinder-volume host to a virtual instance by cloning and attaching a volume with a malicious qcow2 header.

tags | advisory, remote, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-3641
SHA-256 | 1f14178bc37fd354256e2af3191fa9407b3978bf2f2dae562fcc7b281f85e162
Red Hat Security Advisory 2014-1786-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1786-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-6414
SHA-256 | 680795e90e2cee6f220754e67e98f41e1fc708b68479853939bc41d5c4edadc9
Red Hat Security Advisory 2014-1785-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1785-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-6414
SHA-256 | a1b87ff0e90531750c1dabe2e1f345e97908cba7eab69fa2bbbcca0253c04881
Red Hat Security Advisory 2014-1784-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1784-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. It was found that Python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note that when the "insecure" option was not set in paste.ini, it evaluated to false, and verification was performed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-7144
SHA-256 | 0c4491814116023026031695bec3a54972e35e2266df6434824c867935cf2bc7
Red Hat Security Advisory 2014-1783-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1783-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. It was found that Python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note that when the "insecure" option was not set in paste.ini, it evaluated to false, and verification was performed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-7144
SHA-256 | 39e09fe62fba4a26a07ee3f4e9e6e5e26984232ab7264633c21ba5fbb0e6bf42
Red Hat Security Advisory 2014-1790-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1790-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admin_token. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3621
SHA-256 | fbacba99f528d97cc4ef1cb5c120eb75acbc053caf3148d3cdb9c08c8475fcca
Red Hat Security Advisory 2014-1781-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1781-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3608, CVE-2014-8750
SHA-256 | 69f9f63a94550f60955ddd6f7d6a1ba9b330cd2fc220b95fc40d0b9c48073ca1
Red Hat Security Advisory 2014-1782-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1782-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3608, CVE-2014-8750
SHA-256 | 6064751b84aea36555f6abebd1a6883784c53a9621627e8dd171e006ca924677
Red Hat Security Advisory 2014-1787-01
Posted Nov 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1787-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API. A flaw was found in the GlusterFS and Linux smbfs drivers for OpenStack Block Storage. A remote attacker could use this flaw to disclose an arbitrary file from the cinder-volume host to a virtual instance by cloning and attaching a volume with a malicious qcow2 header.

tags | advisory, remote, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-3641
SHA-256 | 97313a1b7d5ecdbf88f466667622cfd15d86f638e73c205a71940c83708b2a62
Debian Security Advisory 3062-1
Posted Nov 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3062-1 - HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code execution with the user privilege.

tags | advisory, remote, web, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-4877
SHA-256 | 81ca62ff439d497dff2d7be293884c4948bacdd36c50899703bccdedf1e419e2
Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation
Posted Nov 3, 2014
Authored by Roberto Paleari, Aristide Fattori

This proof of concept exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL() on Mac OS X Mavericks.

tags | exploit, proof of concept
systems | apple, osx
SHA-256 | 1dd3038cf5d241dc284516224174f72943e3ec4e439021ee7654973dc33df8a6
CiscoIRC mIRC Add-On
Posted Nov 3, 2014
Authored by Ryan K

CiscoIRC is an mIRC addon created in 2000 that allows the user to control hundreds of compromised cisco routers simultaneously via mIRC. This script should still work on the latest versions of mIRC but if not try with version 5.x.

systems | cisco
SHA-256 | 01f70f6ec30a6d1fde1bcd70195e26468c2289bdbb14a418d4013bd97cc4a3aa
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close