what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-08-05

Symantec Endpoint Protection 11.x / 12.x Kernel Pool Overflow
Posted Aug 5, 2014
Authored by Matteo Memelli, sickness

Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2014-3434
SHA-256 | 4336ac24272f9e03af411eafef0734ba3a8c0d939a93fed5265bff19cf5612fe
Apache Cordova Bypass / Information Disclosure / Insertion
Posted Aug 5, 2014
Authored by Roee Hay, David Kaplan

Apache Cordova versions up to 3.5.0 suffer from information disclosure, whitelist bypass, and cross application issues.

tags | advisory, bypass, info disclosure
advisories | CVE-2014-3500, CVE-2014-3501, CVE-2014-3502
SHA-256 | b40574101ee277ded07c47ea5ed1519dd4879415cb724ee5af90126d1af3c686
Paypal Two-Factor Authentication Bypass
Posted Aug 5, 2014
Authored by Joshua Rogers

Paypal suffers from a two-factor authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 24457ef5527880a0a0aac8ad1972d107dd0beccd20fb9d4ea2a923cd5c44e4a8
HP Security Bulletin HPSBMU03037 2
Posted Aug 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03037 2 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 084b66e055026239b823e5a146253361afc7465060ae9d8e71bda3d8c747d60b
HP Security Bulletin HPSBMU03083
Posted Aug 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 73a42dd1d205af075ac13a53980fa2d8b783c0e087511fc3a802fccf142ae482
Red Hat Security Advisory 2014-1008-01
Posted Aug 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1008-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges.

tags | advisory, overflow, arbitrary, local, root, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-3560
SHA-256 | 895f5c5ab38ba11c423dfd8da315b61b826d60c28bd9d7889d9f879a38bc85fd
Red Hat Security Advisory 2014-1009-01
Posted Aug 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1009-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.

tags | advisory, overflow, arbitrary, local, root, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-3560
SHA-256 | 70496a8ebb4dd1731d7edfde1a87d5bddac755a49a265d385ecf721c1029c329
Ubuntu Security Notice USN-2306-2
Posted Aug 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
SHA-256 | 85b1f00c2d58351a28e5e5bf4fbb3b0ca4c61a877b00712d9431223f7f23c474
Red Hat Security Advisory 2014-1007-01
Posted Aug 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1007-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285, CVE-2014-0107
SHA-256 | d98d504697aa47b6242efe729363b71b1e6d6ea5e32959c502677616fcef87e6
Red Hat Security Advisory 2014-1004-01
Posted Aug 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1004-01 - The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-0022
SHA-256 | ec8a17bf89ea6a89674dde7563f016ec7cbf92c2d068f45ce3c2e5528b449282
HybridAuth 2.1.2 Remote Code Execution
Posted Aug 5, 2014
Authored by Pichaya Morimoto

HybridAuth versions 2.1.2 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b4a2c10f7402a9aa4df106939ba9ab80577ac3249e5e9f2dc6910440f71a315e
Vembu Storegrid Backup / Disaster Recovery Solution XSS / Code Execution
Posted Aug 5, 2014
Authored by Mike Antcliffe, Ed Tredgett

Vembu Storegrid Backup and Disaster Recovery solution suffers from privilege escalation, information disclosure, remote code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution, xss, info disclosure
SHA-256 | d618d75a0f84b532d28659f6547552d0538321f116fca1ea5115a8b5e9f9d91b
Superfish 7.x-1.9 Cross Site Scripting
Posted Aug 5, 2014
Authored by Ubani Anthony Balogun

Superfish version 7.x-109 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8ef2faf2c277333323448167cda1e9519a40ce672d93c2c92b8380794c6b3b0e
LinkedIn User Account Handling
Posted Aug 5, 2014
Authored by Kishor Sonawane

LinkedIn suffered from multiple user account handling vulnerabilities.

tags | advisory, vulnerability
SHA-256 | b7e80b64ef8208024ba12901499b3e191a841b53b9be1ea935d1b89ecafb893e
Download And Load (DLL) Shellcode
Posted Aug 5, 2014
Authored by Nytro

The shellcode downloads and loads https://rstforums.com/fisiere/dead.dll. The dead.dll library contains a simple MessageBox.

tags | web, shellcode
SHA-256 | 9b3b71b034ad73528caa43cda1296e3fe7ca567b2a131fa15fa58dd4abd4c16a
The Preferred Roaming List Zero Intercept Attack
Posted Aug 5, 2014
Authored by coderman

Whitepaper discussing how to not get man-in-the-middled at Defcon / Blackhat. Attackers in position to carry out Monkey-in-the-Middle against CDMA2000 links between customer stations and their carrier BTS equipment can leverage silent push PRL updates to apply a routing list preferring paths through malicious "tower(s)" carrying the subscriber voice and data traffic under threat. The use of a specific PRL version Zero (0), aka Preferred Roaming List Zero Intercept Attack, implements the rogue tower associations with least potential interference to legit carrier bands and devices present in broadcast domain of attack.

tags | paper
SHA-256 | 6ad1a29ff7edb0d81dee055061cb3d55b7de08bbf42dac02402dc4abff248b24
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close