what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 15 of 15

Files Date: 2014-02-24 to 2014-02-25

HP Security Bulletin HPSBMU02964

Posted Feb 24, 2014

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02964 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, xss, csrf

advisories | CVE-2013-1493, CVE-2013-2067, CVE-2013-6202

SHA-256 | c063f157a63c0bae841f9ebeda8031d30b8036d3ba7f4f41bb8a0666b7788340

Download | Favorite | View

Apple Security Advisory 2014-02-21-1

Posted Feb 24, 2014

Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-21-1 - iOS 6.1.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

tags | advisory

systems | apple, ios

advisories | CVE-2014-1266

SHA-256 | 5ff242039ba1164c5154f5b9eca7a76ae9b70fea05b0d0ef8d9136918a22e3f7

Download | Favorite | View

Red Hat Security Advisory 2014-0204-01

Posted Feb 24, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0204-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local

systems | linux, redhat

advisories | CVE-2014-0058

SHA-256 | b67208dcdf210c09e5b4aed78b79095618e66ddc70d9229c3e0746396ac3abdb

Download | Favorite | View

Apple Security Advisory 2014-02-21-3

Posted Feb 24, 2014

Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-21-3 - Apple TV 6.0.2 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

tags | advisory

systems | apple

advisories | CVE-2014-1266

SHA-256 | dd231ddc63d5bd4e78ec35443cb800485be3539a4ef4d9b0848ea0b76b742225

Download | Favorite | View

Savsoft Quiz Cross Site Request Forgery

Posted Feb 24, 2014

Authored by TUNISIAN CYBER

Savsoft Quiz suffers from a cross site request forgery vulnerability.

tags | exploit, csrf

SHA-256 | 2303cca1251931c791c673983e97fde38714e38eee850a8e9e07cfc1e5240d7e

Download | Favorite | View

Lynis Auditing Tool 1.4.3

Posted Feb 24, 2014

Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds support for ClearOS, data uploading for Lynis Enterprise users (--upload), a debug variable (and parameter), and a license_key option in the profile. It also has several fixes, and the report has been extended with some additional hints.

tags | tool, scanner

systems | unix

SHA-256 | 2c23bb33ec405502f1cf2302380570aa95d9dac1c3250e2d5c6f07200862307d

Download | Favorite | View

PHP Secure Communications Library 0.3.6

Posted Feb 24, 2014

Authored by Jim Wigginton | Site phpseclib.sourceforge.net

PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.

Changes: Minor bugfixes. Adds preliminary support for custom SSH subsystems. Adds ssh-agent support.

tags | php, library

SHA-256 | f04f1ebc8b999854c18a799dd59b76c84c87c104a095d78d9f1473fdebb25989

Download | Favorite | View

Debian Security Advisory 2867-1

Posted Feb 24, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2867-1 - Several vulnerabilities were discovered in otrs2, the Open Ticket Request System.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2014-1471, CVE-2014-1694

SHA-256 | add38397d641158072ed0535ee9bae0d24e191990da4d7231da74ebcb6e627d6

Download | Favorite | View

Ubuntu Security Notice USN-2120-1

Posted Feb 24, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2120-1 - Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. Various other issues were also addressed.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066

SHA-256 | 039ef81162af14d534e58d3e4c726daecdff46174ce77ce12a5dd6bd5a3dade4

Download | Favorite | View

Github Remote Command Execution

Posted Feb 24, 2014

Authored by joernchen

Github suffered from a remote command execution vulnerability via variable injection.

tags | exploit, remote

SHA-256 | 9f7a407ba51e7296ee3742308b11d9a6e7b6f2bcb28af5feb69321525261aeef

Download | Favorite | View

Joomla JoomLeague 2.1.12 XSS / XML Injection

Posted Feb 24, 2014

Authored by MustLive

Joomla JoomLeague plugin version 2.1.12 suffers from cross site scripting and XML injection vulnerabilities.

tags | exploit, vulnerability, xss, xxe

SHA-256 | af5baf2b9503bc98d029f951219f69ea3093ae597aa850367a0c41e1d206e812

Download | Favorite | View

CISTI 2014 Call For Papers

Posted Feb 24, 2014

Site aisti.eu

The Call For Papers for CISTI'2014, the 9th Iberian Conference on Information Systems and Technologies, has been announced. It will be held June 18th through the 21st, 2014 in Barcelona, Spain.

tags | paper, conference

SHA-256 | 8577694e14454fa46996f136fc909f2b4de343843acde2aa25d46bb4ecf75696

Download | Favorite | View

MyBB 1.6.12 SQL Injection

Posted Feb 24, 2014

Authored by Mr.XpR

MyBB version 1.6.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 6b0bf9b1bf870f7fbd330b2583ee19deb7b9bbb829e547b505627bd44daf59cd

Download | Favorite | View

Barracuda Networks WebFilter Script Insertion

Posted Feb 24, 2014

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

WebFilter Appliance Web-Application version 6.0.1.009 suffers from a script insertion vulnerability.

tags | exploit, web

SHA-256 | adaa2afa748caa2424e3ebe222836d0e1df898d7d7975534838213e4b4dc9f4d

Download | Favorite | View

FreePBX 2.x Remote Command Execution

Posted Feb 24, 2014

Authored by i-Hmx

FreePBX versions before 2.3 suffer from a remote command execution vulnerability.

tags | exploit, remote

SHA-256 | 1b6ab5d6eea2edb5fba249fb2cfe50bfe3208ae7e99bf070ba3cfb23ec2b8e63

Download | Favorite | View