Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-03-18

McAfee Cloud SSO / Asset Manager Issues
Posted Mar 18, 2014
Authored by Brandon Perry

McAfee Cloud SSO is vulnerable to cross site scripting. McAfee Asset Manager version 6.6 is susceptible to a traversal that allows for arbitrary file read and remote SQL injection.

tags | exploit, remote, arbitrary, xss, sql injection, file inclusion
MD5 | 868186db4d28e5648987545b38b460d1
Red Hat Security Advisory 2014-0310-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0310-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.

tags | advisory, web, arbitrary, info disclosure
systems | linux, redhat
advisories | CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
MD5 | 2590f4b343b9a0a0edd5b56178d45e3d
Red Hat Security Advisory 2014-0312-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2009-0689
MD5 | ea1f38ee629a3feb144fccb0c2880872
Red Hat Security Advisory 2014-0311-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.

tags | advisory, remote, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2006-7243, CVE-2009-0689
MD5 | 5df46c79230de9f7190c8d0eb16d58aa
Ubuntu Security Notice USN-2150-1
Posted Mar 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2150-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1493, CVE-2014-1494, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
MD5 | e5f848ac60bba8e2a59d28c7394dff8e
ShadowIRCd 6.3+ / Elemental-IRCd 6.5+ Out Of Bounds
Posted Mar 18, 2014
Authored by Sam Dodrill

A vulnerability has been discovered in Elemental-IRCd/ShadowIRCd all the way back to version 6.3. If a client does a SASL authentication before the server is ready for it, a race condition will be met and the ircd will segfault to an address out of bounds error. Demonstration exploit included.

tags | exploit
MD5 | fc1db6cf5832c35c96cbb7e0290e2708
VLC 2.1.3 Cross Site Scripting
Posted Mar 18, 2014
Authored by Pietro Minniti, Francisco Perna

The web interface for VLC version 2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 7b0e4191a69a7d70c7f976a63acb288d
BarracudaDrive 6.6 Cross Site Scripting
Posted Mar 18, 2014
Authored by Prabhu S Angadi | Site secpod.com

BarracudaDrive version 6.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | cef0198933866739aa04ed82b3bcf021
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
Posted Mar 18, 2014
Authored by Martin Braun

Open-Xchange AppSuite versions 7.4.1 and 7.4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-2077
MD5 | 8ff1f075b4f1ad48d8173041bdc3d5cd
ExSoul Browser 3.2.2 Remote Code Execution
Posted Mar 18, 2014
Authored by Keith Makan

ExSoul Browser version 3.2.2 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
MD5 | 04230f97a4a9f6d55aa1b6ab37704a4b
Maligno 1.0
Posted Mar 18, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Bug fixes, simplified payload delivery method, client autogeneration, extended documentation.
tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | 614d7121a38a18325a890bf55d44f5fb
Gold MP4 Player 3.3 Universal SEH Buffer Overflow
Posted Mar 18, 2014
Authored by Gabor Seljan, Revin Hadi S | Site metasploit.com

This Metasploit module exploits a buffer overflow in Gold MP4 Player version 3.3. When this application loads a specially crafted flash URL, a buffer overflow can occur that allows for arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
MD5 | 82eddcbd92b30977d1ccf33478db6d3e
Array Networks vxAG / xAPV Privilege Escalation
Posted Mar 18, 2014
Authored by xistence

Array Networks vxAG version 9.2.0.34 and vAPV version 8.3.2.17 appliances suffer from poor permissions, default and weak user credentials, and ssh key handling issues.

tags | exploit
MD5 | e68de4bee85b308dcc7bb01dcc55fcb4
Quantum vmPRO 3.1.2 Root Shell
Posted Mar 18, 2014
Authored by xistence

Quantum vmPRO versions 3.1.2 and below suffer from a remote shell backdoor command that lets anyone ssh in and escalate to root.

tags | exploit, remote, shell, root
MD5 | 71977649a44253f552fee0162b363b00
1XTRA Browser 1.0 Remote Code Execution
Posted Mar 18, 2014
Authored by Keith Makan

XTRA Browser suffers from a remote code execution vulnerability stemming from insecure use of the addJavascriptInterface functionality. The vulnerability allows attackers to execute code through targeted browsing attacks to pages hosting malicious JavaScript or by loading up a malicious file into the affected application from the local storage.

tags | advisory, remote, local, javascript, code execution
MD5 | 2906e8ed19c4fdac9dd8b1b4f2ae65c5
nginx 1.4.0 64-bit Linux Remote Code Execution
Posted Mar 18, 2014
Authored by Sorbo

nginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).

tags | exploit, remote, code execution
systems | linux
advisories | CVE-2013-2028
MD5 | 4fe89a20d463c4ce41cb62c18ae60593
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close