Exploit the possiblities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2014-01-24

pChart 2.1.3 Cross Site Scripting / Directory Traversal
Posted Jan 24, 2014
Authored by Balazs Makany

pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 3bb6340af6fc94bf416810517e6e450b
Debian Security Advisory 2826-2
Posted Jan 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2826-2 - A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6890
MD5 | 10bd75912116da1b1f0f255d1ceab1d7
Mandriva Linux Security Advisory 2014-024
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.

tags | advisory, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0978, CVE-2014-1236
MD5 | f02c972484822ba02e9e23b886706575
Mandriva Linux Security Advisory 2014-023
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-023 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-6402, CVE-2013-6427
MD5 | 507f8bbf691ff17906db922051bf1635
Mandriva Linux Security Advisory 2014-022
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-022 - Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.

tags | advisory, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2012-0786, CVE-2012-0787, CVE-2013-6412
MD5 | 05992d2288df8aea2fea609b31d38d8a
Mandriva Linux Security Advisory 2014-021
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2013-7135
MD5 | d0c47d399b85b666e75751a3c2a6654d
JAMon 2.7 Cross Site Scripting
Posted Jan 24, 2014
Authored by Christian Catalano

JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6235
MD5 | d594d499a28f2d0b4b969524fa21fc42
Ubuntu Security Notice USN-2089-1
Posted Jan 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2089-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-5804, CVE-2014-0411, CVE-2013-5910, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428, CVE-2014-0423, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772
MD5 | 4ca619188d010f4f4181cec8aab9511c
Ubuntu Security Notice USN-2088-1
Posted Jan 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2088-1 - Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

tags | advisory, remote, spoof
systems | linux, ubuntu
advisories | CVE-2013-1740
MD5 | 37c704650a19bf5d093d7566aa522ce4
Ubuntu Security Notice USN-2087-1
Posted Jan 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2087-1 - It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5607
MD5 | bbd2f1efbbc19f310fbbdd40b56429eb
Debian Security Advisory 2848-1
Posted Jan 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2848-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-5891, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
MD5 | ca464769834cccda6b60a5c89a1337e2
Gentoo Linux Security Advisory 201401-26
Posted Jan 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-26 - A vulnerability in Zabbix could allow remote attackers to execute arbitrary shell code. Versions less than 2.2.0-r4 are affected.

tags | advisory, remote, arbitrary, shell
systems | linux, gentoo
advisories | CVE-2013-6824
MD5 | 81fe4ac80af46980b4ba5d7647696f99
Adult Webmaster PHP Password Disclosure
Posted Jan 24, 2014
Authored by vinicius777

Adult Webmaster PHP suffers from a remote password disclosure vulnerability.

tags | exploit, remote, php, info disclosure
MD5 | 23ab32ba719b81278c5cb385946d62fe
Apple Security Advisory 2014-01-22-1
Posted Jan 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.

tags | advisory, code execution
systems | apple
advisories | CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2014-1242
MD5 | 456cb32347833dbbe45b5def70743501
XOS Shop 1.0RC7o SQL Injection
Posted Jan 24, 2014
Authored by JoKeR_StEx

XOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6eee4d830a0b94e1bdea4aa7c23e16f6
Mediatrix 4402 Cross Site Scripting
Posted Jan 24, 2014
Authored by help AG Middle East

The Mediatrix web management interface for the 4402 device suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
advisories | CVE-2014-1612
MD5 | 8b63ebf7592d180f7d552d9ba69119d5
Joomla Komento 1.7.2 Cross Site Scripting
Posted Jan 24, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-0793
MD5 | 8b9fab9766ed1633fb7e32f3115af3e3
Joomla JV Comment 3.0.2 SQL Injection
Posted Jan 24, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla JV Comment extension version 3.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-0794
MD5 | ce1d9aba19eb4a17d5fe8ccd13689e3f
CONFidence 2014 Call For Papers
Posted Jan 24, 2014
Site 2014.confidence.org.pl

CONFidence 2014 Call For Papers - This conference will take place from May 27th through the 28th, 2014 in Krakow, Poland.

tags | paper, conference
MD5 | e1e8dcb706f13154a36f6e136beecbf9
Simple E-Document 1.31 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
MD5 | 5e1264ee3cf3da931d8d1958dbf5c9f1
Easy POS System SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

Easy POS System suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f82c4c7bae7de0e74db06b9e477af1dc
Pizza Inn Project SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

Pizza Inn Project suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 41ba78a553117fe0a47dcf6e5ac09d5d
godontologico 5 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

godontologico version 5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 88382cd8eda9ad8e1b3e8902dc57953b
iTechClassifieds 3.03.057 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

iTechClassifieds version 3.03.057 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5944fc7347c88dbe3894e364a4324edb
mySeatXT 0.2134 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

mySeatXT version 0.2134 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ec46565c1f3f348427fd43bfe8adc162
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close