Home » Hacking » Exploit

Kamis, 17 Juli 2014

Exploit

EXPLOIT DATABASE

PACKETSTORM DATABASE

  • 16 July 2014: Oracle Data Redaction Is Broken - Files ≈ Packet Storm
    Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.
  • 16 July 2014: pyClamd 0.3.10 - Files ≈ Packet Storm
    pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
  • 16 July 2014: Bitdefender GravityZone File Disclosure / Missing Authentication - Files ≈ Packet Storm
    Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.
  • 16 July 2014: Microsoft Windows DirectShow Privilege Escalation - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.
  • 16 July 2014: e107 2.0 alpha2 Cross Site Scripting - Files ≈ Packet Storm
    e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
  • 16 July 2014: Citrix Netscaler Disclosure / Cross Site Scripting - Files ≈ Packet Storm
    Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
  • 16 July 2014: Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
  • 16 July 2014: OpenVPN Access Server Arbitrary Code Execution - Files ≈ Packet Storm
    Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.
  • 16 July 2014: Microsoft Internet Explorer Request Object Confusion Sandbox Bypass - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
  • 16 July 2014: Microsoft Internet Explorer CSS @import Memory Corruption - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.
  • 16 July 2014: Alfresco Community Edition 4.2.f Server Side Request Forgery - Files ≈ Packet Storm
    Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
  • 16 July 2014: HP Security Bulletin HPSBMU03072 SSRT101644 - Files ≈ Packet Storm
    HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
  • 16 July 2014: Ubuntu Security Notice USN-2280-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2280-1 - It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.
  • 16 July 2014: Ubuntu Security Notice USN-2279-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
  • 16 July 2014: Red Hat Security Advisory 2014-0889-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0889-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

CERT VULNERABILITY DATABASE

SECURITYFOCUS DATABASE

Posted in:
Posting Lebih Baru Posting Lama Beranda

1 komentar:

I would like to say that this blog really convinced me to do it! Thanks, very good post

Posting Komentar