Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-02-28

couponPHP CMS 1.0 Cross Site Scripting / SQL Injection
Posted Feb 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

couponPHP CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | bbb6171551f00ca805f0fd04698eb8ae
Plex Media Server 0.9.9.2.374-aa23a69 Bypass / File Disclosure
Posted Feb 28, 2014
Authored by S. Viehbock | Site sec-consult.com

Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
MD5 | caef9d52859c1aa6653bf1f05c425a35
VCDGEAR 3.50 Stack Buffer Overflow
Posted Feb 28, 2014
Authored by Juan Sacco

VCDGEAR version 3.50 suffers from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
MD5 | f1a5ac01cc206095a5a9896555748f15
Microsoft Office 365 Outlook Filter Bypass
Posted Feb 28, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Microsoft Office 365 Outlook suffers from filter bypass and script insertion vulnerabilities.

tags | exploit, vulnerability
MD5 | 25baa692d8e3fe0ff15188fcf7b7fc4b
OrangeHRM 3.1.1 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

OrangeHRM version 3.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 20789db5c89a9555e1020f00f215cabd
SpagoBI 4.0 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Catalano

SpagoBI version 4.0 suffers from an administrative privilege escalation vulnerability.

tags | exploit
advisories | CVE-2013-6231
MD5 | 7970c993e8a493f4ef2e596031495c2b
webERP 4.11.3 SQL Injection
Posted Feb 28, 2014
Authored by HauntIT

webERP version 4.11.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bf32ac00c8f1f5ba7806e51c9ca76392
doorGets 6.0 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

doorGets version 6.0 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | ab4a3f68900f46a38b8210a86c6be240
MICROSENS PLMISWM 10.3.1 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Kudera, Stefan Riegler | Site sec-consult.com

MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability.

tags | exploit, web
MD5 | 560d4bad551ba72d0dd1220d814ca159
Gentoo Linux Security Advisory 201402-28
Posted Feb 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-28 - Multiple vulnerabilities have been found in Chrony, possibly allowing remote attackers to cause a Denial of Service condition. Versions less than or equal to 1.29 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4502, CVE-2012-4503
MD5 | 4cde162c1793831f0a12d405d7b93449
Slackware Security Advisory - subversion Updates
Posted Feb 28, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4505, CVE-2013-4558, CVE-2014-0032
MD5 | b0655f4cb432b7635c6c84630442b90c
Gentoo Linux Security Advisory 201402-29
Posted Feb 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-29 - Multiple integer overflow vulnerabilities have been found in ArgyllCMS which could allow attackers to execute arbitrary code. Versions less than 1.4.0-r1 are affected.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4405
MD5 | b9871ae258a5ff75032695acdf112ad1
Against Mass Scanner / SSH Brute Forcer 0.2
Posted Feb 28, 2014
Authored by pigtail23 | Site nullsecurity.net

Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.

Changes: Honeypot detection, optimizations, detection for key authentication, and much more.
tags | tool, scanner, tcp
systems | unix
MD5 | 97dcd3bfb5594579bb7552633ccc6d02
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
Posted Feb 28, 2014
Authored by juan vazquez, Z0mb1E, amisto0x07 | Site metasploit.com

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This Metasploit module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This Metasploit module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.

tags | exploit, remote, arbitrary
advisories | CVE-2014-0750
MD5 | 7214d05adba6a25634f88649ee6cb1dd
Total Video Player 1.3.1 Buffer Overflow
Posted Feb 28, 2014
Authored by Mike Czumak | Site metasploit.com

This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player\". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8.

tags | exploit, overflow
systems | windows, xp, 7
MD5 | 6d4a1753e43464bbcdf285f46e56458c
YAPET 1.0
Posted Feb 28, 2014
Authored by Rafael Ostertag | Site guengel.ch

YAPET is a small text based password manager. It features the Blowfish encryption algorithm and runs on most modern Unixes.

Changes: This release adds a new user interface with the ability to customize colors and adds a utility to export YAPET files to CSV files.
tags | tool
systems | unix
MD5 | aba50831724e22f9fc44c8b381ab2778
Red Hat Security Advisory 2014-0226-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0226-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired on February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. The retirement process for Red Hat Enterprise Linux 4 ELS will complete on February 28, 2015. On that date, the Red Hat Enterprise Linux 4 ELS channels will be moved to the "Retired" channels area on the Customer Portal, and customers will be unsubscribed from the Red Hat Enterprise Linux 4 Extended Life Cycle Support channels.

tags | advisory
systems | linux, redhat
MD5 | 8d79386c93207effa57338d3ac5913ff
Ubuntu Security Notice USN-2124-1
Posted Feb 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2124-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-0411, CVE-2014-0428, CVE-2014-0423, CVE-2013-5878, CVE-2013-5884, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428
MD5 | bd01e59b5113de864645eb1f6897ebe9
Red Hat Security Advisory 2014-0224-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0224-01 - The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new feature which offers seamless integrated access to Red Hat Access services from the Red Hat Enterprise Virtualization Administration Portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. Detailed information about this plug-in can be found in the Red Hat Customer Portal at https://access.redhat.com/site/articles/425603 The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
MD5 | 7d557b30876118a8a0c2bdc64513cbdd
Red Hat Security Advisory 2014-0223-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0223-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244
MD5 | 3dbe6b26a6a7e6895ed35db6c75773e7
Red Hat Security Advisory 2014-0222-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0222-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244
MD5 | 5d4603c08d7c58baa075632305fac691
Red Hat Security Advisory 2014-0221-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0221-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
MD5 | 42c1f6ad4b24aa64d1a4bcf194dba97a
Red Hat Security Advisory 2014-0225-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0225-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after March 31, 2014. In addition, technical support through Red Hat's Global Support Services for this product will no longer be provided after this date. Note: This notification applies only to those customers with subscriptions for Advanced Mission Critical Support channels for Red Hat Enterprise Linux 5.3.

tags | advisory
systems | linux, redhat
MD5 | 1dbcef2e882cc3a09dd23ffde0cf220f
EPESI CRM 1.5.5 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

EPESI CRM version 1.5.5-20140113 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | b18526a5d2a32bd7faa9881088d47735
GDL 4.2 XSS / SQL Injection / Traversal
Posted Feb 28, 2014
Authored by ByEge

GDL version 4.2 suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion
MD5 | c9a5025ecc61c3501600d0920577f7da
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close