what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files Date: 2014-01-28

A10 Networks Loadbalancer Directory Traversal
Posted Jan 28, 2014
Authored by xistence

A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | c2d35e3676966352b7593606a6413280
Oracle Reports Shell Uploader
Posted Jan 28, 2014
Authored by Dana Taylor

Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.

tags | exploit, shell
advisories | CVE-2012-3153, CVE-2012-3152
MD5 | fcdc1ad241a1e254b58749531003d3f5
Eventum 2.3.4 Incorrect Permissions / Code Injection
Posted Jan 28, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2014-1631, CVE-2014-1632
MD5 | 0c697f86dbc734e152644f601abd5d6e
Red Hat Security Advisory 2014-0103-01
Posted Jan 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0103-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-6458, CVE-2014-1447
MD5 | c4c9a22e6bfc0d4bba7e821c7b652afb
Red Hat Security Advisory 2014-0100-01
Posted Jan 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0100-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system.

tags | advisory, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4270, CVE-2013-4470, CVE-2013-6378, CVE-2013-6383, CVE-2013-6431
MD5 | bb362a37b8ba46c925839fe6784e205e
Oracle Forms And Reports Database Disclosure
Posted Jan 28, 2014
Authored by Dana Taylor

An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.

tags | exploit, info disclosure
advisories | CVE-2012-3153
MD5 | e8eef7273ba6fa4b7f1f78d4c0256129
ManageEngine Support Center Plus 7916 Directory Traversal
Posted Jan 28, 2014
Authored by xistence

ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.

tags | exploit
MD5 | e0428e48a6efb94dfc9652f9aa0ebed2
pfSense 2.1 Inclusion / Traversal / Escalation
Posted Jan 28, 2014
Authored by Pichaya Morimoto

pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 2236c37d41c83964641aa9cb11395907
GNU Transport Layer Security Library 3.2.9
Posted Jan 28, 2014
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release avoids deadlocked connections on broken firewalls when the %COMPAT flag is specified, improves PKCS #11 support, and adds bugfixes.
tags | protocol, library
MD5 | 9ae2bfa55d4c12dd6005cfb7014977f9
Simple E-Document Arbitrary File Upload
Posted Jan 28, 2014
Authored by Brendan Coles, vinicius777 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.

tags | exploit, remote, web, arbitrary, php, code execution, file upload
MD5 | 6673942972dbee1582ce76afa3bf104d
Check Point Session Authentication Agent 4.1 Missing Authentication
Posted Jan 28, 2014
Authored by Jakub Jozwiak

Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.

tags | exploit, vulnerability, proof of concept
systems | linux
advisories | CVE-2014-1673
MD5 | 999162c6a13af936aa6f7973e4c4ec3b
RVAsec 3 Call For Papers
Posted Jan 28, 2014
Site rvasec.com

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations. It will be held June 5th through the 6th, 2014 in Richmond, VA, USA.

tags | paper, conference
MD5 | 35e7b6964523060446f3d6c6a1f732d2
Page 1 of 1

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    19 Files
  • 15
    Jul 15th
    11 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By