Exploit the possiblities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-02-25

McAfee ePolicy Orchestrator XML External Entity Expansion
Posted Feb 25, 2014
Site redteam-pentesting.de

RedTeam Pentesting identified an XML external entity expansion vulnerability in McAfee ePolicy Orchestrator's (ePO) dashboard feature. Users with the ability to create new dashboards in the ePO web interface who exploit this vulnerability can read local files on the ePO server, including sensitive data like the ePO database configuration. Versions 4.6.7 and below are affected.

tags | exploit, web, local
MD5 | 724d2b023c9019167f3cd08127c26878
WordPress Thanks You Counter Button 1.8.7 Cross Site Scripting
Posted Feb 25, 2014
Authored by HauntIT

WordPress Thanks You Counter Button version 1.8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 064a3ba7d4e068fdf667f4b365b4f029
WordPress EasyMedia Gallery 1.2.29 Cross Site Scripting
Posted Feb 25, 2014
Authored by HauntIT

WordPress EasyMedia Gallery version 1.2.29 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7419fa83cf9c4e334b4b53fe3dd52efc
Apache Tomcat Session Fixation
Posted Feb 25, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 6.0.33 through 6.0.37 suffer from a session fixation vulnerability.

tags | advisory
advisories | CVE-2014-0033
MD5 | 79e6f4fd5da771d4831b4876691affe6
Apache Tomcat Information Disclosure
Posted Feb 25, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1, 7.0.0 through 7.0.42, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability due to an incomplete fix for CVE-2005-2090.

tags | advisory, info disclosure
advisories | CVE-2005-2090, CVE-2013-4286
MD5 | ae23ddedd56b3c796ffd54760386c25e
IO File Manager 2.0.5 Path Traversal
Posted Feb 25, 2014
Authored by Keith Makan

IO File Manager version 2.0.5 suffers from a path traversal vulnerability.

tags | advisory, file inclusion
MD5 | c2a4ceba6a6d8021cab6c8be1f1a01fa
Barracuda Networks Firewall Filter Bypass
Posted Feb 25, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Barracuda Networks Firewall suffers from filter bypass and persistent script injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 702efcaf9724acab0acf903951283872
Microsoft Server 2008 Denial Of Service
Posted Feb 25, 2014
Authored by Pedro Luis Karrasquillo

There is a minor bug on the Microsoft Server 2008 DNS service that responds with the list of all root servers when queried for non-authoritative domains, even when recursion is set to OFF. This allows a malicious party to spoof the source ip on a udp DNS request to any Microsoft Server 2008 DNS and elicit a 533 byte response to a victim, making the server a contributor to coordinated distributed denial of service attacks. The response contains the default list of root DNS servers.

tags | advisory, denial of service, root, udp, spoof
MD5 | 0e7e19c3cbc34fab472aafd91474eee9
Technicolor TC7200 Credential Disclosure
Posted Feb 25, 2014
Authored by Jeroen

Technicolor TC7200 suffers from a credential disclosure vulnerability.

tags | exploit, bypass
advisories | CVE-2014-1677
MD5 | a3d0fde1367ed7d108ceac278431911e
Heap Spraying Whitepaper
Posted Feb 25, 2014
Authored by 6_Bl4ck9_f0x6

This whitepaper discusses heap spraying. Written in Portuguese.

tags | paper
MD5 | fe0c6a5e6c7c733b929a38391abdf0d1
Sendy 1.1.8.4 SQL Injection
Posted Feb 25, 2014
Authored by Hurley

Sendy version 1.1.8.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 02525d58182ca2a5edb0b4ad0a836a41
Red Hat Security Advisory 2014-0206-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0206-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon performed reference counting when using the rwm overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4449
MD5 | 970ae9980d83f7b6ecdef14d217d2178
Red Hat Security Advisory 2014-0207-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0207-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-4287
MD5 | 8e171ce1005907d516b3b2081dbcd6ea
Red Hat Security Advisory 2014-0205-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0205-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
MD5 | a0793b6d7aa8c6f0df3d463c2c90e485
Zen Cart E-Commerce 1.5.1 XSS / Open Redirect / Shell Upload
Posted Feb 25, 2014
Authored by HauntIT

Zen Cart E-Commerce version 1.5.1 suffers from cross site scripting, open redirection, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
MD5 | 509ef9f69f0fe9b1ec73f33bf0e7bce3
TYPO3 6.1.7 XSS / Disclosure / Shell Upload
Posted Feb 25, 2014
Authored by HauntIT

TYPO3 version 6.1.7 suffers from cross site scripting, information disclosure, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, info disclosure
MD5 | b8d48b521681a51fd998d0104cedb502
WiFiles HD 1.3 Local File Inclusion
Posted Feb 25, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WiFiles HD version 1.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a883e4a4a098dbc4e35290882a6de441
JORJWEB Ltda SQL Injection
Posted Feb 25, 2014
Authored by UmPire | Site vulnerability-lab.com

JORJWEB Ltda suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6e1892484b44f10fe2636f9b558e5afd
WordPress Media File Renamer 1.7.0 Cross Site Scripting
Posted Feb 25, 2014
Authored by Larry W. Cashdollar

WordPress Media File Renamer plugin version 1.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2040
MD5 | bdd98cd93dfed7e48d6719818a345336
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close