exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-28

sb0x Project 2.0.1rc3
Posted May 28, 2014
Authored by levi0x0 | Site github.com

sb0x Project is a lightweight framework for penetration testing. Written in Python.

tags | tool, scanner, python
systems | unix
SHA-256 | 953f243708008c8e9e0c5ea69aad3cb16ab0c0bda7560bb9d7119548d2637301
Red Hat Security Advisory 2014-0559-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0559-01 - The Red Hat Enterprise Virtualization Manager data warehouse package provides the Extract-Transform-Load process and database scripts to create a historic database API. It also provides SQL BI reports creation for management and monitoring. It was found that the ovirt-engine-dwh setup script logged the history database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0202
SHA-256 | 5f8888f9aa9c43980c066c5c06f05a1024c407ad8a7c6d15802f4a3f4416332c
Red Hat Security Advisory 2014-0558-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0558-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. It was found that the ovirt-engine-reports setup script logged the reports database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0199, CVE-2014-0200, CVE-2014-0201
SHA-256 | bd0f437915b49f2d01976ffbb4ea6447e6ebe809ba39ea5a11c9372893c02d44
Red Hat Security Advisory 2014-0561-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0561-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP with NTLM authentication, LDAP, SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials.

tags | advisory, remote, web, protocol
systems | linux, redhat
advisories | CVE-2014-0015, CVE-2014-0138
SHA-256 | 9b7178c65f513e070e77be94e77db2220728f4e898877c6359747fcc720c3823
Red Hat Security Advisory 2014-0557-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0557-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system.

tags | advisory, remote, kernel, tcp, protocol
systems | linux, redhat
advisories | CVE-2014-0100, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3122
SHA-256 | 11e08a25ccc9449b51fc974bf55d7895cac1d67aa00b70338d758bd8911c49a6
Red Hat Security Advisory 2014-0560-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0560-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-0179
SHA-256 | 94239f6d883bee6d500f9c0488f7c3ba34b9d4128102a893c9f3c00863ef0452
Debian Security Advisory 2938-1
Posted May 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2938-1 - The initial organization and setup of Squeeze LTS has now happened and it is ready for taking over security support once the standard security support ends at the end of the month.

tags | advisory
systems | linux, debian
SHA-256 | 55b2d8374ef4e842a1b1dcf7cc65636b8bee542b9491e4d37a0a0a7f7fbce5e2
Debian Security Advisory 2937-1
Posted May 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2937-1 - Two security issues have been found in the Python WSGI adapter module for Apache.

tags | advisory, python
systems | linux, debian
advisories | CVE-2014-0240, CVE-2014-0242
SHA-256 | 3fc32fb17b4ab3171b0696918d378ce832f0f9298ccdc887b01b36b1574b34eb
Gentoo Linux Security Advisory 201405-28
Posted May 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-28 - A remote command injection vulnerability has been discovered in xmonad-contrib. Versions less than 0.11.2 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2013-1436
SHA-256 | 38fb811a8cac5932b75fa59e16b42be8839538cf9284093511c23adc5ced82a8
Red Hat Security Advisory 2014-0565-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0565-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0059
SHA-256 | f1e9f6c1c9be3e43a15d38d75587d92cb3da1e2846c3e184bcdbd280ba0ad505
Red Hat Security Advisory 2014-0564-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0564-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0059
SHA-256 | b605c57114719a77fe275c9838251481f50e536e80553823f178ad6e466a9bba
Red Hat Security Advisory 2014-0563-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0563-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0059
SHA-256 | 881e706fc0bedaff8a0768878e85814423dc159dee27a4733dd69daa905544bb
info.vmware.com Cross Site Scripting
Posted May 28, 2014
Authored by Robert Garcia

info.vmware.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 93f373ddd0b15311720ffb4ee10d3fa2ff732de4c159ce7664fe62e6a357c9bc
WebBoard CMS Cross Site Scripting
Posted May 28, 2014
Authored by IeDb

WebBoard CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b29c1580f47d8601f307bc2caa6aecf04ecec822a34b0158d188ae66779fdd6d
Lua Web Application Security Vulnerabilities
Posted May 28, 2014
Authored by Felipe Daragon | Site syhunt.com

This paper highlights risks associated with unvalidated input in Lua-based applications.

tags | paper
SHA-256 | b4f14650e83aeefc80c835944c58d54d354b9a258c6d244b09f76bbd9c1c50be
Sandcat Browser 5.0-beta.1
Posted May 28, 2014
Authored by Felipe Daragon

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications.

tags | tool, web
systems | unix
SHA-256 | cf989c86c0521b79f36955f23b5884a66b9f8bfdc0e7670e64ccb43a1afda929
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close