exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2014-01-24

pChart 2.1.3 Cross Site Scripting / Directory Traversal
Posted Jan 24, 2014
Authored by Balazs Makany

pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | b4febd30f5ce93221ca07adaa67509442b41b186e1b14b8debfe2154c84000b8
Debian Security Advisory 2826-2
Posted Jan 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2826-2 - A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6890
SHA-256 | 1bbcb2ef9cd6819e795dc162ddb5c7da744ee0f48217762ade9f578929c5dbef
Mandriva Linux Security Advisory 2014-024
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.

tags | advisory, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0978, CVE-2014-1236
SHA-256 | 6996dd421efa9117f4b483fc6c479c51d2d2854a243ed739ddb0e740fc9be9d1
Mandriva Linux Security Advisory 2014-023
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-023 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-6402, CVE-2013-6427
SHA-256 | 91e13eb8f7923827c581c119376fd7f9a940365f7e3775d6636dfeb8210cd760
Mandriva Linux Security Advisory 2014-022
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-022 - Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.

tags | advisory, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2012-0786, CVE-2012-0787, CVE-2013-6412
SHA-256 | a4e7b7f5fa921c10736f914500d3700c44b196142c7c1c7ad4fde57f33181a71
Mandriva Linux Security Advisory 2014-021
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2013-7135
SHA-256 | 05feabcd42048ef05480549d29b92bb9644404398225353fca335e295da4c1c2
JAMon 2.7 Cross Site Scripting
Posted Jan 24, 2014
Authored by Christian Catalano

JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6235
SHA-256 | 05d3cecf7d59ce888a09043a4aa1af1988abd9d302ed9dd5da80c76ff2e50e0a
Ubuntu Security Notice USN-2089-1
Posted Jan 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2089-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-5804, CVE-2014-0411, CVE-2013-5910, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428, CVE-2014-0423, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772
SHA-256 | df92bc480d2bbe6892b45b34f1f7ef44d0eca78db48442c04a95810382a58c45
Ubuntu Security Notice USN-2088-1
Posted Jan 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2088-1 - Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

tags | advisory, remote, spoof
systems | linux, ubuntu
advisories | CVE-2013-1740
SHA-256 | a0185fb2945b52f58676814f7c2d5a0d59a2bdc2468d9bf7fdbf55f2e85626b7
Ubuntu Security Notice USN-2087-1
Posted Jan 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2087-1 - It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5607
SHA-256 | 68b326ff5a9d1bc5579dcfa9d4d047a99dd6f38fdc19188032d750ad6a1721de
Debian Security Advisory 2848-1
Posted Jan 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2848-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-5891, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
SHA-256 | 8de1a42f32bbbd17b73175f40ccc257f1623775f9476c9721e9cee2e5ee35c38
Gentoo Linux Security Advisory 201401-26
Posted Jan 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-26 - A vulnerability in Zabbix could allow remote attackers to execute arbitrary shell code. Versions less than 2.2.0-r4 are affected.

tags | advisory, remote, arbitrary, shell
systems | linux, gentoo
advisories | CVE-2013-6824
SHA-256 | e0fb59bd4a266a7be27464719a779471253f871e5060cc531de6395af2005985
Adult Webmaster PHP Password Disclosure
Posted Jan 24, 2014
Authored by vinicius777

Adult Webmaster PHP suffers from a remote password disclosure vulnerability.

tags | exploit, remote, php, info disclosure
SHA-256 | 5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1
Apple Security Advisory 2014-01-22-1
Posted Jan 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.

tags | advisory, code execution
systems | apple
advisories | CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1024, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2014-1242
SHA-256 | 88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9e
XOS Shop 1.0RC7o SQL Injection
Posted Jan 24, 2014
Authored by JoKeR_StEx

XOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1e0e8100901e6b54d82414baef8ff4d635720aa18959798a0e446a285227c175
Mediatrix 4402 Cross Site Scripting
Posted Jan 24, 2014
Authored by help AG Middle East

The Mediatrix web management interface for the 4402 device suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
advisories | CVE-2014-1612
SHA-256 | aaac0f29a73ffafcff8ac5efaa504c13c38f1455a68a5b60eb56d02d7e93dacb
Joomla Komento 1.7.2 Cross Site Scripting
Posted Jan 24, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-0793
SHA-256 | d21d15fee1f16a152f0150eda5cc06010930d83f7641b7f52398505dbad2e7eb
Joomla JV Comment 3.0.2 SQL Injection
Posted Jan 24, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla JV Comment extension version 3.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-0794
SHA-256 | 62a75319979a2ea2295519f55e7394ac65bbf8129d425fc67c56a24c882e5acc
CONFidence 2014 Call For Papers
Posted Jan 24, 2014
Site 2014.confidence.org.pl

CONFidence 2014 Call For Papers - This conference will take place from May 27th through the 28th, 2014 in Krakow, Poland.

tags | paper, conference
SHA-256 | 71d2bbc2102f585c9c3e61057e8049f83f85db20322c9d23a475d262ad7ace20
Simple E-Document 1.31 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
SHA-256 | 9821aaf3544714230413b34fb96644bebcf27f01db5d4f83eb60bbb5a7d45d75
Easy POS System SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

Easy POS System suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3790b82422dc9be079b7b09b1cad61a4832ad85eb8330671bd09b7127d6cf1b5
Pizza Inn Project SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

Pizza Inn Project suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f9bde7ca3b2a31bb0f1e5347f84dadaed0b1882477cdee7ba68fbaa7ab6c9b06
godontologico 5 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

godontologico version 5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ed9c67c234ec933a605da421e78f117ffe73066ee2e7ea7e446a1b9a2232e288
iTechClassifieds 3.03.057 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

iTechClassifieds version 3.03.057 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 145eea68b8316a6d18fee347c94403bed02835197d1ca4723d6ec9065f02f52c
mySeatXT 0.2134 SQL Injection
Posted Jan 24, 2014
Authored by vinicius777

mySeatXT version 0.2134 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 213650dc62c97ff056e942a7aa81bc08cd049a7e3804e30209dbd95c162f2006
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close