what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-02-25

McAfee ePolicy Orchestrator XML External Entity Expansion
Posted Feb 25, 2014
Site redteam-pentesting.de

RedTeam Pentesting identified an XML external entity expansion vulnerability in McAfee ePolicy Orchestrator's (ePO) dashboard feature. Users with the ability to create new dashboards in the ePO web interface who exploit this vulnerability can read local files on the ePO server, including sensitive data like the ePO database configuration. Versions 4.6.7 and below are affected.

tags | exploit, web, local, xxe
SHA-256 | f7760236a00eacc72f537370300bd2e7c27f9ec542d2cb4813cf607dd4d9f889
WordPress Thanks You Counter Button 1.8.7 Cross Site Scripting
Posted Feb 25, 2014
Authored by HauntIT

WordPress Thanks You Counter Button version 1.8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3beb0104ba796c9217de0ec54b1460cd194061fb341d3687622e6a815bf873f8
WordPress EasyMedia Gallery 1.2.29 Cross Site Scripting
Posted Feb 25, 2014
Authored by HauntIT

WordPress EasyMedia Gallery version 1.2.29 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 65c1f265556eda50715b048d152b9a787813d464fe658d6b4b1e0ab0cc1f40dd
Apache Tomcat Session Fixation
Posted Feb 25, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 6.0.33 through 6.0.37 suffer from a session fixation vulnerability.

tags | advisory
advisories | CVE-2014-0033
SHA-256 | 36ba52ce6c47d3e65da9ef3538ecc03acfbac6781df236369fa3d9cf1cbe32e3
Apache Tomcat Information Disclosure
Posted Feb 25, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1, 7.0.0 through 7.0.42, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability due to an incomplete fix for CVE-2005-2090.

tags | advisory, info disclosure
advisories | CVE-2005-2090, CVE-2013-4286
SHA-256 | 85aca72a0ab50801bdc11f8b35cd76f7c8566b582f96d36c721332941fd2bdcc
IO File Manager 2.0.5 Path Traversal
Posted Feb 25, 2014
Authored by Keith Makan

IO File Manager version 2.0.5 suffers from a path traversal vulnerability.

tags | advisory, file inclusion
SHA-256 | 0cfee755a5b538954bca4d085dca80c9d4c553ed657879443b0b2b5db33e2aa0
Barracuda Networks Firewall Filter Bypass
Posted Feb 25, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Networks Firewall suffers from filter bypass and persistent script injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 3e6110147616408ffffdc19b6094016444f1836570b03df5c2d8f5beb4982fe6
Microsoft Server 2008 Denial Of Service
Posted Feb 25, 2014
Authored by Pedro Luis Karrasquillo

There is a minor bug on the Microsoft Server 2008 DNS service that responds with the list of all root servers when queried for non-authoritative domains, even when recursion is set to OFF. This allows a malicious party to spoof the source ip on a udp DNS request to any Microsoft Server 2008 DNS and elicit a 533 byte response to a victim, making the server a contributor to coordinated distributed denial of service attacks. The response contains the default list of root DNS servers.

tags | advisory, denial of service, root, udp, spoof
SHA-256 | 3ab734fcb865afbabdc1004a74625865444aad1020e90004c4aa22a1133b0f2a
Technicolor TC7200 Credential Disclosure
Posted Feb 25, 2014
Authored by Jeroen

Technicolor TC7200 suffers from a credential disclosure vulnerability.

tags | exploit, bypass
advisories | CVE-2014-1677
SHA-256 | 9f6c7c15a7f27f0ec335b9ea7bc481a88b501ed6faf77a5cb0cc350b5d05ef5d
Heap Spraying Whitepaper
Posted Feb 25, 2014
Authored by 6_Bl4ck9_f0x6

This whitepaper discusses heap spraying. Written in Portuguese.

tags | paper
SHA-256 | 4d45d4dd1363f5031cde304561cd53549c288ebffe7ac68449637f119a2fbfcc
Sendy 1.1.8.4 SQL Injection
Posted Feb 25, 2014
Authored by Hurley

Sendy version 1.1.8.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 74aae280b77a5843f8d578ac23031384027384e97236c1b96f69bd194871de8d
Red Hat Security Advisory 2014-0206-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0206-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon performed reference counting when using the rwm overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4449
SHA-256 | 9c689b3ebd6223f8dbf725d5945bc082153a9b46734afbac8556f3e603864fd4
Red Hat Security Advisory 2014-0207-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0207-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-4287
SHA-256 | b6fc9c49b408a54729b4c85557930045fbbf125f724779636954247247d8f72d
Red Hat Security Advisory 2014-0205-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0205-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
SHA-256 | 476cc57ac7d2a60a70463bd1508b65b17563cc85cab064c2e1c8b1038f6f9dd7
Zen Cart E-Commerce 1.5.1 XSS / Open Redirect / Shell Upload
Posted Feb 25, 2014
Authored by HauntIT

Zen Cart E-Commerce version 1.5.1 suffers from cross site scripting, open redirection, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 4c6c2cecddc3c9d1f83daf55b16aa431c469a46598dead1f3adc59cc5654bbaf
TYPO3 6.1.7 XSS / Disclosure / Shell Upload
Posted Feb 25, 2014
Authored by HauntIT

TYPO3 version 6.1.7 suffers from cross site scripting, information disclosure, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, info disclosure
SHA-256 | b888906af2eec081b22f2e8a0ef4acded7b21991327edff43e08055ec32bc9c8
WiFiles HD 1.3 Local File Inclusion
Posted Feb 25, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

WiFiles HD version 1.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 4b414f1d66eb244966066e2e74a74ad6bdf3688efbd02ab2dded85f3d7cd5fff
JORJWEB Ltda SQL Injection
Posted Feb 25, 2014
Authored by UmPire, Vulnerability Laboratory | Site vulnerability-lab.com

JORJWEB Ltda suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 99cc837fdfeb8fc9b256b1aaed0d99f7aa765acceb36ff8ffc7a5b6f02798f02
WordPress Media File Renamer 1.7.0 Cross Site Scripting
Posted Feb 25, 2014
Authored by Larry W. Cashdollar

WordPress Media File Renamer plugin version 1.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2040
SHA-256 | 39e43c6d9014a50baafd552c0ee274abc0e783d155db5d4cfef1cd7983dada81
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close