what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2014-01-28

A10 Networks Loadbalancer Directory Traversal
Posted Jan 28, 2014
Authored by xistence

A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | cd1d7881579b65ddec9b55be9bc64a68cfb6ab226deae42efa4a82f9439a111f
Oracle Reports Shell Uploader
Posted Jan 28, 2014
Authored by Dana Taylor

Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.

tags | exploit, shell
advisories | CVE-2012-3153, CVE-2012-3152
SHA-256 | 3581d647b9a2e8009d1d33ce3190ed76df5b93ae7c3bb78683ead1f423d79945
Eventum 2.3.4 Incorrect Permissions / Code Injection
Posted Jan 28, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2014-1631, CVE-2014-1632
SHA-256 | 7e14b6132c32b76074863b2d2bee5da28e1064c2155acfee7dc34c7d4969418f
Red Hat Security Advisory 2014-0103-01
Posted Jan 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0103-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-6458, CVE-2014-1447
SHA-256 | 7b1d521f318669771a8ca7881bbfac85e4135dc68581fe3f44db9e5bd6c4a001
Red Hat Security Advisory 2014-0100-01
Posted Jan 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0100-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system.

tags | advisory, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4270, CVE-2013-4470, CVE-2013-6378, CVE-2013-6383, CVE-2013-6431
SHA-256 | 727398f9fbb6e96f7d037aef65ed857962d0af32a4a9cdc6be996dd37bd672bc
Oracle Forms And Reports Database Disclosure
Posted Jan 28, 2014
Authored by Dana Taylor

An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.

tags | exploit, info disclosure
advisories | CVE-2012-3153
SHA-256 | 2212ed674699348aa6036bb33d09aa0705d27be6a5efb384721f1dfc9cc92015
ManageEngine Support Center Plus 7916 Directory Traversal
Posted Jan 28, 2014
Authored by xistence

ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.

tags | exploit
SHA-256 | 7f3d4cf2f0f2823e532afe04ee4652f5b01e45dec6270e68523714952b7cd42b
pfSense 2.1 Inclusion / Traversal / Escalation
Posted Jan 28, 2014
Authored by Pichaya Morimoto

pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | a196c8dbe2940fca23547db68328ab1e0aa1e282b862808dd145f9ca266b2404
GNU Transport Layer Security Library 3.2.9
Posted Jan 28, 2014
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release avoids deadlocked connections on broken firewalls when the %COMPAT flag is specified, improves PKCS #11 support, and adds bugfixes.
tags | protocol, library
SHA-256 | 736f5855423e30ed11314aa09197e35edb8136fbd67b69915eec0d5ef2de7ff8
Simple E-Document Arbitrary File Upload
Posted Jan 28, 2014
Authored by Brendan Coles, vinicius777 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.

tags | exploit, remote, web, arbitrary, php, code execution, file upload
SHA-256 | 6e99abeb1415d8df56dfb483b3ab125f1112848d4094f7b300a31eecd774a5f1
Check Point Session Authentication Agent 4.1 Missing Authentication
Posted Jan 28, 2014
Authored by Jakub Jozwiak

Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.

tags | exploit, vulnerability, proof of concept
systems | linux
advisories | CVE-2014-1673
SHA-256 | 72c58abdedbdd388c629229b4209b2ae54e94e204621503ea71431c315e26d46
RVAsec 3 Call For Papers
Posted Jan 28, 2014
Site rvasec.com

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations. It will be held June 5th through the 6th, 2014 in Richmond, VA, USA.

tags | paper, conference
SHA-256 | c33a688039b2e63d6cb584a362a3873d57371c81b774ed1ab4ec8f9c8e5a892c
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close