what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-08-27

WordPress Navis DocumentCloud 0.1 Cross Site Scripting
Posted Aug 27, 2015
Authored by Harry Metcalfe

WordPress Navis DocumentCloud plugin version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2807
SHA-256 | eb89f9e25ace8d58f4187bff085dd55fdc0a330cda30e57a0db85050911c40f0
Red Hat Security Advisory 2015-1693-01
Posted Aug 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1693-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-4497, CVE-2015-4498
SHA-256 | 9b2e9a060e33cc0a2687081a2c395aa46ddf9b9ec1e52e6502df3079ce61d110
Ubuntu Security Notice USN-2723-1
Posted Aug 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2723-1 - A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bas Venis discovered that the addon install permission prompt could be bypassed using data: URLs in some circumstances. It was also discovered that the installation notification could be made to appear over another site. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to install a malicious addon. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4497, CVE-2015-4498
SHA-256 | 4d49a8932c386a3626af418e26cce00ed96770da2972b0601cb7c78619dbe836
Ubuntu Security Notice USN-2725-1
Posted Aug 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2725-1 - Seth Arnold discovered that ippusbxd in the cups-filters package would incorrectly listen to all configured network interfaces. A remote attacker could use this issue to possibly access locally-connected printers.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-6520
SHA-256 | a2f21595cca8c859e4e075ad71ffff0e79f50bf78c7230ecebc70dd37d933047
Debian Security Advisory 3344-1
Posted Aug 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3344-1 - Multiple vulnerabilities have been discovered in the PHP language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2015-4598, CVE-2015-4643, CVE-2015-4644, CVE-2015-5589, CVE-2015-5590
SHA-256 | 336d50d6256b315b13a267027575d849aa84b77d54fa92fb507a883c990583a8
HP Security Bulletin HPSBGN03402 2
Posted Aug 27, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03402 2 - Potential security vulnerabilities have been identified in HP Performance Manager. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 7255fe9b9e0c4dc2613a0fce0cf8175e66e35e1985b0c6504390b0105dfe41de
Red Hat Security Advisory 2015-1691-01
Posted Aug 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1691-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date.

tags | advisory
systems | linux, redhat
SHA-256 | e4a48f3f24af8ae3ca2c224da14a007a02a813aec85087da24a788efe4371e5e
Ubuntu Security Notice USN-2724-1
Posted Aug 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2724-1 - It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9718, CVE-2015-5165, CVE-2015-5166, CVE-2015-5225, CVE-2015-5745
SHA-256 | 80b79018159461f757b7f8b7bcd9805650ddf859a2e27b6be0a84adade307939
HP Security Bulletin HPSBHF03408 1
Posted Aug 27, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03408 1 - Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2015-5367, CVE-2015-5368
SHA-256 | 76e51b6977b0aafef214808e12cfd4b8be86ce4f972770bb73775db04b3d9e03
FENIX 0.92 Buffer Overflow
Posted Aug 27, 2015
Authored by Juan Sacco

FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 6562b200ed6f0101fff5117229054f71cf3af90934e4ca91e22b9087a53116ec
LinuxOptic CMS 2009 Authentication Bypass
Posted Aug 27, 2015
Authored by Vulnerability Laboratory, Aaditya Purani | Site vulnerability-lab.com

LinuxOptic CMS 2009 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | fb5510a4e8241f843f5f5647141f946a2f3127a5a149a226a545326bfffff821
WordPress Private Only 3.5.1 CSRF / Cross Site Scripting
Posted Aug 27, 2015
Authored by Tom Adams

WordPress Private Only plugin version 3.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2015-5483
SHA-256 | dab9719c8bbda7fbb1bd873063f790d3b7aeb28984b3a0ff28b38002c26621b1
Anchor CMS PHP Object Injection
Posted Aug 27, 2015
Authored by Scott Arciszewski

Anchor CMS suffers from a PHP object injection vulnerability.

tags | advisory, php
advisories | CVE-2015-5687
SHA-256 | 01360b0ef87b8be3a5a7368eac27d098cc885b14e087ad44e9eb0a5154ed8a8b
BSIGN 0.4.5 Buffer Overflow
Posted Aug 27, 2015
Authored by Juan Sacco

BSIGN versions 0.4.5 and below suffer from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 96bc6b623e2246e2153eaae563245037e96717a2892cddb0b082e2b39ab7c6da
Dogma India dogmaindia CMS Authentication Bypass
Posted Aug 27, 2015
Authored by Vulnerability Laboratory, Aaditya Purani | Site vulnerability-lab.com

Dogma India dogmaindia CMS suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | e83e7863e16b666b0fa577c942a5232b031229a84ba725a9bedf9a2cb44b6929
Windows Script Host UAC Bypass
Posted Aug 27, 2015
Authored by vozzie

The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.

tags | exploit, remote
systems | windows
SHA-256 | 221d3bbec1c5df5426bf707aa9ebcf83deb62a5dcff3e0f43a1161f218d916e7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close