what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-07-27

Red Hat Security Advisory 2015-1510-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1510-01 - Clutter is a library for creating fast, visually rich, graphical user interfaces. Clutter is used for rendering the GNOME desktop environment. A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock. All clutter users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using clutter must be restarted for the update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3213
SHA-256 | 050bb143bd5ebf35de0eb647bca94245ab7398ef9d5e39a5df3bb9cb634f9a0f
Ubuntu Security Notice USN-2686-1
Posted Jul 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2686-1 - It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-3183, CVE-2015-3185
SHA-256 | 3c6254fd60e8dfa90b9d54b8281fd49cf2896d7495e64eaffb88a8ceccf7aed2
Foxit Reader 7.1.5 Arbitrary Code Execution
Posted Jul 27, 2015
Authored by Sascha Schirra

Foxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
SHA-256 | 9da8a1034afb8dd1ecf6f36562d0356f8048cf0ebf078c27562a216194531c8e
Hawkeye-G 3.0.1.4912 Cross Site Scripting / Information Leakage
Posted Jul 27, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Hawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dedfab25cf599a5d471846668f02839f82db68639796aad291a1a95774f4e305
Seditio CMS 1.7.1 Password Disclosure
Posted Jul 27, 2015
Authored by Arash Khazaei

Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 1780346582854c7fdc89148449d9eeb1ad330538db092f6b047b6f4ff3c1e490
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
Posted Jul 27, 2015
Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, cryptography
advisories | CVE-2015-1793
SHA-256 | 0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3b
Red Hat Security Advisory 2015-1508-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1508-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | 00824dcce64f6db1345af18546421048f71ab7526a400efd8f3eb27dfb3700df
Red Hat Security Advisory 2015-1507-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1507-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | ddef7cd95b5ec264096b359446cefb22c25ef8d746777a0c5f1cc22a1c3f642f
Debian Security Advisory 3318-1
Posted Jul 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3318-1 - Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-1283
SHA-256 | 83ddc7aa74dbc651b8f2b3677ef0e97369412cc6d8bc40e4acca028111d494cf
Debian Security Advisory 3317-1
Posted Jul 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3317-1 - Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-1331, CVE-2015-1334
SHA-256 | 0c757887b859f350dc7059ceb18c56f376fff07f6d2055c9c9184bfdc54423ec
Debian Security Advisory 3316-1
Posted Jul 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3316-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-8873, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 77f6084f42e84ac99b7ceff809ccb976e89d5a9bf14710928cf2e5b55b224527
Red Hat Security Advisory 2015-1499-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1499-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 44.0.2403.89, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-1270, CVE-2015-1271, CVE-2015-1272, CVE-2015-1273, CVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279, CVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285, CVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605
SHA-256 | 0b2bd46b245d90c8db3e033a85a7c5353db15fc1209d1b13c6e35cb3d470205f
Seditio CMS 1.7.1 Open Redirect
Posted Jul 27, 2015
Authored by Arash Khazaei

Seditio CMS version 1.7.1 suffers from an open redirect vulnerability.

tags | exploit
SHA-256 | 2ff996b84f5e2517c42761313b4f6b91deae750fa6ae089104e6d04642bfc884
PHP File Manager Backdoor / XSS / CSRF / Shell Upload
Posted Jul 27, 2015
Authored by Sijmen Ruwhof

PHP File Manager suffers from cross site request forgery, cross site scripting, backdoor, file check, remote shell upload, and various other vulnerabilities.

tags | advisory, remote, shell, php, vulnerability, xss, csrf
SHA-256 | fdce4b71d80c857ab7c7314a383b0e1455af501dd6b040a30a6b5b7e8582ae3b
XenForo 1.4.9 Cross Site Scripting
Posted Jul 27, 2015
Authored by WRZ

XenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5d38872663e90c1322bb0e4199d9762f1f981af682bd046d78e6ef57fd238678
Linux Reverse TCP Shell In Python
Posted Jul 27, 2015
Authored by B3mB4m

Python code that provides a reverse TCP shell.

tags | tool, shell, tcp, rootkit, python
systems | unix
SHA-256 | 1fcc71b39d612ebdffeef62541bdc403a023c65238677035f5058a17e34b39cd
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close