what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-03-20

MS14-012 Internet Explorer TextRange Use-After-Free
Posted Mar 20, 2014
Authored by Jason Kratzer, sinn3r | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced back in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014 (before the patch).

tags | exploit
advisories | CVE-2014-0307
SHA-256 | 85541f060fdc844f7022ba1f1028c17d0836c505b9c83aa7c8c91868e0d21f22
Horde Framework Unserialize PHP Code Execution
Posted Mar 20, 2014
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.

tags | exploit, web, arbitrary, php
advisories | CVE-2014-1691
SHA-256 | 29c01edc4c0a6e6872a0827d3816b1b853df5b79ddb58262cb3d16dea0cc69e5
ShakaCon VI Call For Papers
Posted Mar 20, 2014
Site shakacon.org

The Shakacon 2014 Call For Papers has been announced. It will take place June 23rd through the 25th, 2014 in Honolulu, Hawaii.

tags | paper, conference
SHA-256 | 7f68946c4f04763b7ca71fc657d3741acc953dcb33a1b0b35e2369a048707988
Wireless Drive 1.1.0 LFI / Command Injection
Posted Mar 20, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Wireless Drive version 1.1.0 suffers from local file inclusion and command injection vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 38941e263c811f9b54fe8df01538bf6cc8cd17eddb8519ac0483cf9e0634df15
Mandriva Linux Security Advisory 2014-066
Posted Mar 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-066 - A vulnerability has been found and corrected in mozilla NSS. In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. The updated packages have been upgraded to the latest NSPR and NSS versions which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to version 1.97, which adds, removes, and distrusts several certificates.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-1492
SHA-256 | 3744078e3d10024e3dbb4c8a6fcc1632a55fb1a945271f81437b6a35e2bcc023
Debian Security Advisory 2882-1
Posted Mar 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2882-1 - Multiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attackers can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php and upload.php.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-5951
SHA-256 | e3053e7347129fdb8313688624203b8e5e42f057cbd0d08621883f98cf90f5f2
Mandriva Linux Security Advisory 2014-065
Posted Mar 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-065 - Multiple vulnerabilities has been found and corrected in apache. XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn. A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. The updated packages have been upgraded to the latest 2.2.27 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2013-6438, CVE-2014-0098
SHA-256 | 1ec6081089af1f4946cff5868c0d43bfeb1b19c4c7462f3ba46e3d8c8a2f59b2
EaseUS Todo Backup 5.8.0.0 Hardcoded Password
Posted Mar 20, 2014
Authored by Akastep

EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.

tags | exploit
SHA-256 | 0cc6d6d41811254e9e104cbf690cb20d99997fc1e10e662ae84fce53fa90ec43
FastCGI.com searcharchive.cgi Remote Command Execution
Posted Mar 20, 2014
Authored by Felipe Andrian Peixoto

searcharchive.cgi from www.FastCGI.com suffers from a remote command execution vulnerability.

tags | exploit, remote, cgi
SHA-256 | 26e2765a41fb08ab3a22d7d3ecb52da9d29cf805f8e3194b9eb5874c4c4d8e3f
D-Link DIR-600L Cross Site Request Forgery
Posted Mar 20, 2014
Authored by Dhruv Shah

D-Link DIR-600L hardware version AX and firmware version 1.00 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b631009354d41628f2c1a41d39df88b0765f8bdcbeae0b5ff610a03d682399e6
OXID eShop XSS / CRLF Injection
Posted Mar 20, 2014
Authored by storm

OXID eSHOP versions prior to 4.7.11/5.0.11 and 4.8.4/5.1.4 suffer from cross site scripting and CRLF injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-2016, CVE-2014-2017
SHA-256 | fc197b8994d3f956db7d23e14039dc8ada100372edc278a4674596d82b02cf15
Debian Security Advisory 2859-2
Posted Mar 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2859-2 - Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution (squeeze), reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2013-6485, CVE-2013-6490
SHA-256 | aba1f849829ba8b4b5d0c17cadf3cbcacb429fe9d1e6e2c22f31c36f5d4b0a25
Gentoo Linux Security Advisory 201403-05
Posted Mar 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-5 - Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0035, CVE-2012-3479
SHA-256 | fcc71b90de871eaffab6688a5962d6a9a3a70a8af03b82173b7f3b5e9b07ba7f
Quantum DXi V1000 SSH Private Key Exposure
Posted Mar 20, 2014
Authored by xistence | Site metasploit.com

Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

tags | exploit, remote, root
SHA-256 | c044490578edb32019383826af35b916fee53306c749cd979607ab19079e339f
Array Networks vAPV / vxAG Code Execution
Posted Mar 20, 2014
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default hardcoded private SSH key or default hardcoded login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made by Array Networks. After logged in as the unprivileged user, it's possible to modify the world writable file /ca/bin/monitor.sh with our arbitrary code. Execution of the arbitrary code is possible by using the backend tool, running setuid, to turn the debug monitoring on. This makes it possible to trigger our payload with root privileges.

tags | exploit, arbitrary, root
SHA-256 | 1fae43950316e011335dde728dbaad51c106df55957d6f35e6a4c67a1ed197aa
EMC Connectrix Manager Converged Network Edition 12.1.2 Disclosure
Posted Mar 20, 2014
Site emc.com

EMC Connectrix Manager Converged Network Edition (CMCNE) version 12.1.2 contains a potential security vulnerability through the FileUploadController servlet that is used to import firmware files to Connectrix Manager's repository. Due to insufficient input validation, attackers can potentially import arbitrary files to the EMC Connectrix Manager server.

tags | advisory, arbitrary
advisories | CVE-2014-2276
SHA-256 | fc0ee79237ba4c04837935f03a177c4f57881d01e8283fcaacdee610eaa13586
Cisco Security Advisory 20140319-asyncos
Posted Mar 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary, root
systems | cisco
SHA-256 | 4f7a4de55ce594d2a820d830d3f7961b0b2b3406ee721b3eb1b7ddb200030251
CMSimple 3.54 Cross Site Scripting
Posted Mar 20, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

CMSimple version 3.54 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2219
SHA-256 | c69a2e8bbe6fcf8ed4ef78f50033ee20cd9654bc968eb50e7e6c7488908078f3
Mohachat 0.1.1 Cross Site Scripting / Redirection
Posted Mar 20, 2014
Authored by Hossein Hezami

Mohachat version 0.1.1 suffers from HTML redirection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 31544f29344b5ff77aae1764c63c8c10acb364b3b68b5b62806135210166a4d7
x7chat 3.2 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

x7chat version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b2ae76c8b0677f18f7735fadae167a1b4a2666b2fa4eaecb92336b45c7d8621a
UAG-CMS Session Fixation
Posted Mar 20, 2014
Authored by Hossein Hezami

UAG-CMS suffers from a session fixation vulnerability.

tags | exploit
SHA-256 | 35d537cc326636b474e15bfcc48eb62a59f4ccadbbc1f958872b79cfefaa8a78
Qe 4.1.6 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

Qe version 4.1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c8b653ae280b2fbd4f2d5d2f7af6383d253dc18b724d670a971453f1cd93a7e9
PhpSiteManager 1.1.1 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

PhpSiteManager version 1.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 44c2cc7fadef53d592137e629fd069266e367989c6ae848f19b0becb28854762
No-CMS 0.6.6 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

No-CMS version 0.6.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1ee893c6b012f5334d897b92b74b70bdb8063b1397e59ec2c71a6461629eda69
Full Disclosure Mailing List Is Suspended
Posted Mar 20, 2014
Authored by John Cartwright

After 12 years, the full disclosure mailing list has suspended service indefinitely. This is the final message from Full Disclosure noting the closure.

tags | advisory
SHA-256 | 33d082638b3db7b562a76817d600a262b7fc4a760bdd03c9509dbdb5c378cb00
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close