exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-01-22

T-Mobile Router Disclosure / Command Execution / Traversal / CSRF
Posted Jan 22, 2014
Authored by Johannes Greil | Site sec-consult.com

T-Mobile HOME NET Router LTE / Huawei B593u-12 version V100R001C54SP063 suffers from cross site request forgery, information disclosure, command injection, and directory traversal vulnerabilities.

tags | advisory, vulnerability, info disclosure, csrf
SHA-256 | 5ecc71b535700461b5eb90e9396b789a771cb54638c84b968532e6e4e659d99e
Mandos Encrypted File System Unattended Reboot Utility 1.6.3
Posted Jan 22, 2014
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This release adds systemd support for servers. It falls back to /var/run for a PID file if /run does not exist. It moves client data files from /usr/lib/mandos to whatever the architecture specifies, like /usr/lib/x86_64-linux-gnu/mandos or /usr/lib64/mandos.
tags | tool, remote, root
systems | linux
SHA-256 | 98d300089ef30f1e701fbbb74de72ab40d5d30e4e2a3f8352b8f3b45b2f77ff5
NCH Software Express Burn Plus 4.68 Buffer Overflow
Posted Jan 22, 2014
Authored by LiquidWorm | Site zeroscience.mk

NCH Software Express Burn Plus version 4.68 suffers from an EBP project file handling buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f3faa2625935e2f4e9b885ea0654295bf010125e8765622056a10aaedc1302d1
DaumGame ActiveX 1.1.0.x Buffer Overflow
Posted Jan 22, 2014
Authored by Daniel Chechik | Site trustwave.com

DaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, activex, proof of concept
advisories | CVE-2013-7246
SHA-256 | 700de7f082a11cf764630d887c017c3cbc2790e1de57e8121f8094354020695e
Gentoo Linux Security Advisory 201401-21
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-21 - Multiple vulnerabilities have been found in Poppler, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 0.24.5 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-4473, CVE-2013-4474, CVE-2013-7296
SHA-256 | 4538dde98f8c92351e219322d8718e56257b5b9b40521930dd6b7eb79de8556e
Gentoo Linux Security Advisory 201401-20
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-20 - Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. Versions less than 0.8.8b are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1644, CVE-2010-1645, CVE-2010-2092, CVE-2010-2543, CVE-2010-2544, CVE-2010-2545, CVE-2013-1434, CVE-2013-1435
SHA-256 | 60e499dc878470aef030b4e84ae80fe629bbd4de79b08c73333effba0110f1fd
Gentoo Linux Security Advisory 201401-19
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-19 - A buffer overflow error in GMime might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.4.15 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0409
SHA-256 | 7015ce34ec32841e3f2fb8df1c2fc061eaa55e1b2f1bde5478bf50c79f8b453b
Mandriva Linux Security Advisory 2014-014
Posted Jan 22, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-014 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate that is not properly handled by the openssl_x509_parse function. The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service via a crafted interval specification. The updated php packages have been upgraded to the 5.5.8 version which is not vulnerable to these issues. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions.

tags | advisory, remote, denial of service, arbitrary, spoof, php
systems | linux, mandriva
advisories | CVE-2013-4248, CVE-2013-6420, CVE-2013-6712
SHA-256 | 8cf7940a193c870dfe4a5421f1538695dff4660b76dc24b692930776885f8223
Red Hat Security Advisory 2014-0038-01
Posted Jan 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0038-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Virtualization Manager relayed SPICE connection information to remote-viewer when a native SPICE client invocation method was used. As a result, remote-viewer attempted an insecure connection first and only switched to a secure connection when requested by the SPICE server. An attacker able to intercept the SPICE connection could use this flaw to conduct man-in-the-middle attacks.

tags | advisory, remote
systems | linux, redhat, windows
advisories | CVE-2013-6434
SHA-256 | 5df079ba6e849babda647aa9e89fe5a31f17c77cebc3fcbbac4b809f9baf9f42
Red Hat Security Advisory 2014-0041-01
Posted Jan 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4353, CVE-2013-5605, CVE-2013-5606, CVE-2013-6449
SHA-256 | b4c76518fefda3f3206630aed636919cd1cea85e9a2b797b898a47ee35f3368f
Gentoo Linux Security Advisory 201401-25
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-25 - A heap-based buffer overflow in ldns might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.6.11 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2011-3581
SHA-256 | 59fbdc141d2fc66746573e6bfe90b16f20bbdd0ab366687f32bbdce7c4be86ab
Gentoo Linux Security Advisory 201401-24
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-24 - A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack. Versions less than 2.5.3 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2012-3523
SHA-256 | f6f048502cf3f99429097f71c3ea6443f38b357d2d436eaad1d83f308bc1e98a
Gentoo Linux Security Advisory 201401-23
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-23 - Multiple vulnerabilities have been found in sudo which could result in privilege escalation. Versions less than 1.8.6_p7 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777
SHA-256 | dda81040cd1424b5d756e10f8887535266792aeb424207b4e2da032de4b6d974
Gentoo Linux Security Advisory 201401-22
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-22 - A vulnerability in Active Record could allow a remote attacker to inject SQL commands. Versions less than 2.3.14-r1 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2012-6496
SHA-256 | 5ae7b184f2b9a809ef440c33b3aec3891a6294f8e5e3b68863ece85918e7b2a7
AOL File Inclusion / Cross Site Scripting
Posted Jan 22, 2014
Authored by Juan Carlos Garcia

America Online (AOL) suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | 8a613994798545bcea472db93af4ceb0b66319269963bcb88f660250d728a92b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close