Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-03-20

MS14-012 Internet Explorer TextRange Use-After-Free
Posted Mar 20, 2014
Authored by Jason Kratzer, sinn3r | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced back in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014 (before the patch).

tags | exploit
advisories | CVE-2014-0307
MD5 | 8bb6af6d6ba624486f786a18d3748472
Horde Framework Unserialize PHP Code Execution
Posted Mar 20, 2014
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.

tags | exploit, web, arbitrary, php
advisories | CVE-2014-1691
MD5 | 30e3a5b2a37a48b8d49e624f76c16db2
ShakaCon VI Call For Papers
Posted Mar 20, 2014
Site shakacon.org

The Shakacon 2014 Call For Papers has been announced. It will take place June 23rd through the 25th, 2014 in Honolulu, Hawaii.

tags | paper, conference
MD5 | d199cb0ca71501b3ab563ab71f539624
Wireless Drive 1.1.0 LFI / Command Injection
Posted Mar 20, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Wireless Drive version 1.1.0 suffers from local file inclusion and command injection vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 46e72625b157b5e185061e8cf38c2c73
Mandriva Linux Security Advisory 2014-066
Posted Mar 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-066 - A vulnerability has been found and corrected in mozilla NSS. In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. The updated packages have been upgraded to the latest NSPR and NSS versions which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to version 1.97, which adds, removes, and distrusts several certificates.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-1492
MD5 | 1bf2734730f09ab011e31755eb0b5e58
Debian Security Advisory 2882-1
Posted Mar 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2882-1 - Multiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attackers can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php and upload.php.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-5951
MD5 | 8e8029d9eb8f93780302d6f61386e367
Mandriva Linux Security Advisory 2014-065
Posted Mar 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-065 - Multiple vulnerabilities has been found and corrected in apache. XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn. A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. The updated packages have been upgraded to the latest 2.2.27 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2013-6438, CVE-2014-0098
MD5 | 1c9a8e508b55329b7fa1299f49c9c633
EaseUS Todo Backup 5.8.0.0 Hardcoded Password
Posted Mar 20, 2014
Authored by Akastep

EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.

tags | exploit
MD5 | 9d4ba97087cb7cbb7f183dc491c10c5d
FastCGI.com searcharchive.cgi Remote Command Execution
Posted Mar 20, 2014
Authored by Felipe Andrian Peixoto

searcharchive.cgi from www.FastCGI.com suffers from a remote command execution vulnerability.

tags | exploit, remote, cgi
MD5 | f1ac4bfdfbdf431b9e604f2510ccda60
D-Link DIR-600L Cross Site Request Forgery
Posted Mar 20, 2014
Authored by Dhruv Shah

D-Link DIR-600L hardware version AX and firmware version 1.00 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8cb469bac7accc74cd1f462560b56d45
OXID eShop XSS / CRLF Injection
Posted Mar 20, 2014
Authored by storm

OXID eSHOP versions prior to 4.7.11/5.0.11 and 4.8.4/5.1.4 suffer from cross site scripting and CRLF injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-2016, CVE-2014-2017
MD5 | 0fa46537255c89bdbd93adc9951c95dd
Debian Security Advisory 2859-2
Posted Mar 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2859-2 - Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution (squeeze), reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2013-6485, CVE-2013-6490
MD5 | 79f958af46ccca1c5d2f7678e0e3be5f
Gentoo Linux Security Advisory 201403-05
Posted Mar 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-5 - Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0035, CVE-2012-3479
MD5 | a73d75fd9b4ce06bdceeb400052f77d2
Quantum DXi V1000 SSH Private Key Exposure
Posted Mar 20, 2014
Authored by xistence | Site metasploit.com

Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

tags | exploit, remote, root
MD5 | 88975f652be0d2e795054295cb884767
Array Networks vAPV / vxAG Code Execution
Posted Mar 20, 2014
Authored by xistence | Site metasploit.com

This Metasploit module exploits a default hardcoded private SSH key or default hardcoded login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made by Array Networks. After logged in as the unprivileged user, it's possible to modify the world writable file /ca/bin/monitor.sh with our arbitrary code. Execution of the arbitrary code is possible by using the backend tool, running setuid, to turn the debug monitoring on. This makes it possible to trigger our payload with root privileges.

tags | exploit, arbitrary, root
MD5 | 64a30a02142bc1de16e0749225b0ee94
EMC Connectrix Manager Converged Network Edition 12.1.2 Disclosure
Posted Mar 20, 2014
Site emc.com

EMC Connectrix Manager Converged Network Edition (CMCNE) version 12.1.2 contains a potential security vulnerability through the FileUploadController servlet that is used to import firmware files to Connectrix Manager's repository. Due to insufficient input validation, attackers can potentially import arbitrary files to the EMC Connectrix Manager server.

tags | advisory, arbitrary
advisories | CVE-2014-2276
MD5 | 9392b86928ec8ed2eb565b53f0947361
Cisco Security Advisory 20140319-asyncos
Posted Mar 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary, root
systems | cisco
MD5 | 28879503b1e4e334b27063c9887dd12b
CMSimple 3.54 Cross Site Scripting
Posted Mar 20, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

CMSimple version 3.54 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2219
MD5 | e054a262e3cf1f293ae072583b63e7a9
Mohachat 0.1.1 Cross Site Scripting / Redirection
Posted Mar 20, 2014
Authored by Hossein Hezami

Mohachat version 0.1.1 suffers from HTML redirection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 615e6ac68c1334100bc11499cb6dd7c4
x7chat 3.2 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

x7chat version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a607a375e04d81c8bf5ea15f39cbde29
UAG-CMS Session Fixation
Posted Mar 20, 2014
Authored by Hossein Hezami

UAG-CMS suffers from a session fixation vulnerability.

tags | exploit
MD5 | 4a58e0cf7417b71345a161ecc3dfe055
Qe 4.1.6 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

Qe version 4.1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 99a1f7b745ee9a9e9a981da09630d5aa
PhpSiteManager 1.1.1 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

PhpSiteManager version 1.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f0a3ca61432672d481780ffee556104e
No-CMS 0.6.6 Cross Site Scripting
Posted Mar 20, 2014
Authored by Hossein Hezami

No-CMS version 0.6.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 90ee25328256dd30d004370d41897e16
Full Disclosure Mailing List Is Suspended
Posted Mar 20, 2014
Authored by John Cartwright

After 12 years, the full disclosure mailing list has suspended service indefinitely. This is the final message from Full Disclosure noting the closure.

tags | advisory
MD5 | 741067115f1e4f73a838242b4d75033c
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close