السلام عليكم ورحمت الله وبركاته ----------------------------------------------->
Camera is a responsive/adaptive slideshow. Try to resize the browser window
It uses a light version of jQuery mobile, navigate the slides by swiping with your fingers
It's completely free (even though a donation is appreciated)
Camera slideshow provides many options to customize your project as more as possible
It supports captions, HTML elements and videos.

Rabu, 05 Maret 2014

AUTO EXPLOIT DATABASE

Exploit


PACKETSTORM DATABASE

  • 5 March 2014: Windows Escalate UAC Protection Bypass (In Memory Injection) - Files ≈ Packet Storm
    This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).
  • 5 March 2014: ALLPlayer M3U Buffer Overflow - Files ≈ Packet Storm
    This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows 7 SP1.
  • 5 March 2014: Red Hat Security Advisory 2014-0249-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0249-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
  • 5 March 2014: Ubuntu Security Notice USN-2127-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2127-1 - Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.
  • 5 March 2014: Apache Cordova 2.9.0 File-Transfer Insecure Defaults - Files ≈ Packet Storm
    Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 and Cordova File-Transfer iOS standalone plugin (org.apache.cordova.file-transfer) versions 0.1.0 to 0.4.1 suffers from file-transfer insecure default settings.
  • 4 March 2014: Java OpenID Server 1.2.1 XSS / Session Fixation - Files ≈ Packet Storm
    JOIDS (Java OpenID Server) version 1.2.1 suffers from reflected cross site scripting and session fixation vulnerabilities.
  • 4 March 2014: ClickDesk 4.3 Cross Site Scripting - Files ≈ Packet Storm
    ClickDesk versions 4.3 and below suffer from multiple persistent cross site scripting vulnerabilities.
  • 4 March 2014: Google Youtube Arbitrary File Upload - Files ≈ Packet Storm
    Youtube.com suffered from an arbitrary file upload vulnerability when headers were manipulated.
  • 4 March 2014: Ganib 2.3 SQL Injection - Files ≈ Packet Storm
    Ganib versions 2.3 and below suffer from a remote SQL injection vulnerability.
  • 4 March 2014: Red Hat Security Advisory 2014-0233-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0233-01 - PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations. It was found that PackStack did not correctly install the rules defined in the default security groups when deployed on OpenStack Networking, allowing network connections to be made to systems that should not have been accessible.
  • 4 March 2014: Red Hat Security Advisory 2014-0232-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0232-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.
  • 4 March 2014: Apache Cordova 2.9.0 Privilege Escalation - Files ≈ Packet Storm
    Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.
  • 4 March 2014: Apache Shiro 1.2.2 LDAP Authentication Bypass - Files ≈ Packet Storm
    Apache Shiro versions 1.0.0-incubating through 1.2.2 suffer from an LDAP authentication bypass vulnerability.
  • 4 March 2014: Ipdecap 0.7 - Files ≈ Packet Storm
    Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, and ESP (IPSEC) protocols, and can also remove IEEE 802.1Q (virtual LAN) headers. It reads packets from a pcap file, removes the encapsulation protocol, and writes them in another pcap file.
  • 4 March 2014: Red Hat Security Advisory 2014-0229-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0229-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An information leak flaw was found in the way glance stored certain logging information. An attacker with access to the glance log files could use this flaw to obtain authentication credentials to the OpenStack Object Storage back end. Note that only setups using the swift back end were affected.

CERT VULNERABILITY DATABASE

SECURITYFOCUS DATABASE

Posted by at
Labels:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)