exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2015-03-11 to 2015-03-12

Capstone 3.0.2
Posted Mar 11, 2015
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: Release 3.0.2 is a stable version with important fixes in the core and Python bindings.
tags | tool
systems | linux, unix
SHA-256 | b1b512d1117ee606e58cff793de17bccbd47b0d59d3b269f8c4c3f04a6d117f7
tcpdump 4.7.3
Posted Mar 11, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 1f87fb652ce996d41e7a06c601bc6ea29b13fee922945b23770c29490f1d8ace
Red Hat Security Advisory 2015-0674-01
Posted Mar 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0674-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7822, CVE-2014-8159, CVE-2014-8160, CVE-2014-8369
SHA-256 | 252d3a3f04735fff4c9e91df76c07d6a4f2fff78ef8e210b02cb32326371d925
Windows Pass-Through Authentication Methods Improper Validation
Posted Mar 11, 2015
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a domain-joined server, a pass-through authentication must be performed in order for the server to verify the client's Credentials with the domain controller. This logon request must be delivered to the domain controller over a secure channel. This secure channel is achieved by encrypting the server to DC communication using a shared secret, commonly known as a server's machine account password. On successful authentication, the domain controller returns the UserSessionKey back to the server. This key is used for cryptographic operations on a session. Examples of the use of this key are generating the keys needed to signing SMB packets, and the keys needed for encryption/decryption of SMB sessions. Improper validation between the account used to secure the communication channel and the logon request data being sent to the domain controller allows third parties to obtain the UserSessionKey for communications that were not meant for them.

tags | exploit, remote, protocol
systems | windows
advisories | CVE-2015-0005
SHA-256 | 2167c7e20b2242c7ce65869777a2ee4ff54c41d53ab3d3bacd78665f8b3aa975
GeniXCMS 0.0.1 Cross Site Request Forgery
Posted Mar 11, 2015
Authored by LiquidWorm | Site zeroscience.mk

GeniXCMS version 0.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 274ad29da4cea4499e6b0d0fd944f881b7c54c98857ec0441ad67f8d37f512b1
GeniXCMS 0.0.1 Cross Site Scripting
Posted Mar 11, 2015
Authored by LiquidWorm | Site zeroscience.mk

GeniXCMS version 0.0.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dfb828099e3526b65a26186abfe2ebda118862ba3aedb0923af2701324c43eb2
GeniXCMS 0.0.1 SQL Injection
Posted Mar 11, 2015
Authored by LiquidWorm | Site zeroscience.mk

GeniXCMS version 0.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c2e1a3a8f9a6e066f72bd3dd728e7366cce9678d505ad005514358b2eddd2cdb
RSA Digital Certificate Solution XSS / Denial Of Service
Posted Mar 11, 2015
Authored by Ken Cijsouw | Site emc.com

RSA Certificate Manager versions prior to 6.9 Build 558 and RSA Registration Manager versions prior to 6.9 Build 558 suffer from cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2014-0231, CVE-2015-0521, CVE-2015-0522, CVE-2015-0523
SHA-256 | b747d0ad2d5769c903036e95aae093e5e18483d9866dae57c158e7ac519e6401
EMC Secure Remote Services GHOST / SQL Injection / Command Injection
Posted Mar 11, 2015
Authored by Han Sahin | Site emc.com

EMC Secure Remote Services Virtual Edition (ESRS VE) suffers from GHOST, remote SQL injection, and command injection vulnerabilities. Affected products include versions 3.02 and 3.03.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2015-0235, CVE-2015-0524, CVE-2015-0525
SHA-256 | 6b3ffdb9909af633f358b0989f2fbd7d173162224f69793af11938be23147164
Dropbox SDK For Android Remote Exploitation
Posted Mar 11, 2015
Authored by Roee Hay, Or Peles

A vulnerability in the Dropbox SDK for Android may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques.

tags | exploit, paper
advisories | CVE-2014-8889
SHA-256 | a7cb57797a2240ddf7249a1c2eaae396a47c7ed63e6fdc3c40f4ef850798d906
Community Gallery 2.0 Cross Site Scripting
Posted Mar 11, 2015
Authored by Pham Kien Cuong

Community Gallery version 2.0 prior to 12/10/2014 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2275
SHA-256 | cb92d5dd35f62a2d13d3f41c6a2a67b81bd6b07c2ece8f9415dd1ad60f8ede2b
Microsoft Security Bulletin Summary For March, 2015
Posted Mar 11, 2015
Site microsoft.com

This bulletin summary lists fourteen released Microsoft security bulletins for March, 2015.

tags | advisory
SHA-256 | dcf06c1cb0465af847763c46a1b45b904ec12b76286ce0394b1e147ead2373a0
Cisco Security Advisory 20150310-ssl
Posted Mar 11, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, or perform a man-in-the-middle attack. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
SHA-256 | 3cc951b2e2fd3d06bb97f2457a80dc5c5cd1ee96a540304ec8ab84ce7843cb09
Debian Security Advisory 3182-1
Posted Mar 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3182-1 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-1782
SHA-256 | 56e9da97a560309b0ac9c520969ba7154b3f72b3e1c8f6089c1f38150e589102
Debian Security Advisory 3177-1
Posted Mar 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3177-1 - Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server's client verify mode not to be considered at all, in case the directory's configuration was unset. Clients with invalid certificates were then able to leverage this flaw in order to get access to that directory.

tags | advisory
systems | linux, debian
advisories | CVE-2015-2091
SHA-256 | 403a81294c535f9012b1e9fde992ea3ea2ad41d018768fc4e6cd09c6dfe40996
Debian Security Advisory 3181-1
Posted Mar 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3181-1 - Multiple security issues have been found in the Xen virtualisation solution.

tags | advisory
systems | linux, debian
advisories | CVE-2015-2044, CVE-2015-2045, CVE-2015-2151
SHA-256 | 6f1014bd6845fe2222b531e02c84f89d18e5a114da7328fdfe525316fa1dcd93
HP Security Bulletin HPSBUX03281 SSRT101968 1
Posted Mar 11, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03281 SSRT101968 1 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-4010
SHA-256 | cc6321fd565ed4ed970a94c5320901fd1e70598b3a3c32fc72679b7da5cc53af
Red Hat Security Advisory 2015-0672-01
Posted Mar 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0672-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon to crash under certain conditions.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-1349
SHA-256 | 54ce3fff2cfdb06fe60b9b071696bd0b93e9175b023fa5c0d8d260d7f5a96ed7
Ubuntu Security Notice USN-2524-1
Posted Mar 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2524-1 - Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-9687
SHA-256 | 98d28cd89746d7a82c306336627c6f32d21ae842618b3ea5ce65f696fecbe5dd
Ubuntu Security Notice USN-2522-3
Posted Mar 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2522-3 - USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7940
SHA-256 | 6819460584d09163605ab124e5445cc2bd77359c598577feb67f5076d761423a
Vastal I-tech phpVID 1.2.3 Cross Site Scripting
Posted Mar 11, 2015
Authored by Jing Wang

Vastal I-tech phpVID version 1.2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2f745f0f2053a1c50166e0ff9afe06971ef8e748db53f3dd09146b41f9b50d4a
Vastal I-tech phpVID 1.2.3 SQL Injection
Posted Mar 11, 2015
Authored by Jing Wang

Vastal I-tech phpVID version 1.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 95b50fdd191a4779c66a1f2589ae42d9e124e1da2e5d6e73cafa1ff0cbadb50f
WordPress Daily Edition Theme 1.6.2 Path Disclosure
Posted Mar 11, 2015
Authored by Jing Wang

WordPress Daily Edition theme version 1.6.2 suffers from a path disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | 5dbabeed6d1bf20e344bf57d1bd96e95389a6b5cb0fbf03eedf1b33b4bcf5581
WordPress Daily Edition Theme 1.6.2 Cross Site Scripting
Posted Mar 11, 2015
Authored by Jing Wang

WordPress Daily Edition theme version 1.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7055b3b6a9b880d9f321b46d1351fc6fcc7dc004250a82e39d2149ca6e81ef9b
SuperWebMailer 5.50.0.01160 Cross Site Scripting
Posted Mar 11, 2015
Authored by Jing Wang

SuperWebMailer version 5.50.0.01160 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 11a65aef4c3e0644db801f91caa34067f8f852e9810b45ced9e3cb69e66b0feb
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close