what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2015-04-01

EMC PowerPath Virtual Appliance Undocumented User Accounts
Posted Apr 1, 2015
Authored by Jeremy Brown | Site emc.com

EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.

tags | advisory
advisories | CVE-2015-0529
SHA-256 | 5c724dc11b55e6135597280fe27cc4c8461fd6d24bff85235297e73f979e85f7
Apache Cassandra Remote Code Execution
Posted Apr 1, 2015
Authored by G. Geshev

Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user. Versions 1.2.0 to 1.2.19, 2.0.0 to 2.0.13, and 2.1.0 to 2.1.3 are affected.

tags | advisory, java, remote, arbitrary
advisories | CVE-2015-0225
SHA-256 | d79a592a24e0f1d275de2bef522ee3e10d9c60eb83bb3d79b0647c9167894d02
WordPress VideoWhisper Video Presentation 3.31.17 Shell Upload
Posted Apr 1, 2015
Authored by Larry W. Cashdollar

WordPress VideoWhisper Video Presentation plugin version 3.31.17 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 0cdf8fc7a9feac538d33e69e93b9182196c71f2c1f39612f108f6f9080c9a631
WordPress VideoWhisper Video Conference Integration 4.91.8 Shell Upload
Posted Apr 1, 2015
Authored by Larry W. Cashdollar

WordPress VideoWhisper Video Conference Integration plugin version 4.91.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e278241b1e17374bd7cd8ca7f287302c9cf41039908640797121a0fcd68e6669
Ubuntu Security Notice USN-2555-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 792642a0875ba38ffc370521446151efc3f78fb089ed47720138b797c6d3ce23
Ubuntu Security Notice USN-2554-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606, CVE-2015-1607
SHA-256 | acd1c36d18e0b5be95a85b1785f915c0f1383d9bbab5c56b752b2a664eb94d1f
Red Hat Security Advisory 2015-0766-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0766-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
SHA-256 | f5a17a96e41d985f75d84a54fae9943e91331791c98f7bb1aa35dbda72003f2c
Red Hat Security Advisory 2015-0768-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0768-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 was retired on March 31, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
SHA-256 | 648825d8dc73c56e29a90b36d4f1d1953511dfc6988e0af5f1758d63f50007de
Red Hat Security Advisory 2015-0767-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 2f7e195b6925583791596a7cda6298ad5a59aee71434723dad31751db6670d60
Red Hat Security Advisory 2015-0771-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0771-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
SHA-256 | e3b030f24b184337237186d9ff8dfcababe9115af76fa2f8eafacd5b5c61dddb
Red Hat Security Advisory 2015-0773-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002, CVE-2014-7839, CVE-2014-8122, CVE-2015-0226, CVE-2015-0227
SHA-256 | 7d553cdde3aceb92018ddd32ec0b04e6ea93bb9c088302da1d9beeb4a352330c
Ubuntu Security Notice USN-2550-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2550-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
SHA-256 | 7a4778580cea3216629da61c7d110c82995a0a2ca6fbe876e5ada7c5c46b1841
WordPress Revolution Slider File Upload
Posted Apr 1, 2015
Authored by CrashBandicot

WordPress Revolution Slider suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | e6c7e3bc6c252d322d8087bddd624d4a930d413f4c71837c4cbae469de19d55f
Joomla Simple Photo Gallery Shell Upload
Posted Apr 1, 2015
Authored by CrashBandicot

Joomla Simple Photo Gallery component version 1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 471485860c354827e6f307364df426dfbf967d23cb77e28a8e4d4842c366166b
WordPress DesignFolio+ Theme File Upload
Posted Apr 1, 2015
Authored by CrashBandicot

WordPress DesignFolio+ theme suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 3156a36497d0f89281ca8225242aef3c4d8fc0c7745cd563f57c0c9350fab3b6
Packet Storm New Exploits For March, 2015
Posted Apr 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 224 exploits that were added to Packet Storm in March, 2015.

tags | exploit
systems | linux
SHA-256 | ff2d4f6a5e0d36e7a400694be6896782332b861bb542ff96067e295fc65f2246
Ericsson Drutt MSDP (Instance Monitor) Directory Traversal / File Access
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2015-2166
SHA-256 | 3ec5e7a19dfceaf768e251ecd59f9b06525b94e6e5eccd3b5be1827420e0eddf
Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (Report Viewer) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2165
SHA-256 | 31a4fbe0a1790e6d28216e8f94c7d86df336cb8dbee11a1a3d92ccaf7c4d4b73
Ericsson Drutt MSDP (3PI Manager) Cross Site Scripting
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b05a379a1807b632293eac0635614e6ba5b5255b1873a01e50d276e44403ffea
Ericsson Drutt MSDP (3PI Manager) Open Redirect
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from an open redirection vulnerability.

tags | exploit
advisories | CVE-2015-2167
SHA-256 | 5b999daeb1e47c076dbbe2187b47b03c9bcc12a23b726838e165175a8b0e7669
Red Hat Security Advisory 2015-0765-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3577
SHA-256 | 812ceadc9b7405e1b74c028dd9bff48d69f0ce6f109bef7f38161627f77360fb
Ubuntu Security Notice USN-2553-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2553-1 - William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655
SHA-256 | 02484c8fab51c184eb9e062e9c7ebe77fa923942a687e9282cf73f482e900084
Debian Security Advisory 3210-1
Posted Apr 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3210-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-2188, CVE-2015-2189, CVE-2015-2191
SHA-256 | 5a63ffb777ca827abef85c19da85b24d437657643fd675276c9250772710f24d
Mandriva Linux Security Advisory 2015-186
Posted Apr 1, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-186 - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally, the phpseclib package has been upgraded to the 0.3.10 version.

tags | advisory, remote, web, php
systems | linux, mandriva
advisories | CVE-2015-2206
SHA-256 | cb476e4dc5b3151a3746cb21a1fb8feb234d1026555f5fc162763d2baa1a81e9
Java.com Cross Site Scripting
Posted Apr 1, 2015
Authored by Yann CAM

Java.com suffered from multiple cross site scripting vulnerabilities.

tags | exploit, java, vulnerability, xss
SHA-256 | f43f2c501c3edc319bb1b75fa7176fd0ea09edceb2d1d23e7062ae9c772ff818
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close