what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-04-08

Vtiger Install Unauthenticated Remote Command Execution
Posted Apr 8, 2014
Authored by Jonathan Borgeaud | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Vtiger install script. This Metasploit module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again.

tags | exploit, web, arbitrary
advisories | CVE-2014-2268
SHA-256 | 168b20b9f1430832a755c5282b7d87e702796d3a8ede2140bfc9bf4996352b16
Open-Xchange AppSuite 7.4.2 XSS / Disclosure
Posted Apr 8, 2014
Authored by Martin Braun

Open-Xchange AppSuite versions 7.4.2 and below suffer from multiple password disclosure and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2014-2391, CVE-2014-2392, CVE-2014-2393
SHA-256 | 348cc4505b3feff5407c50da62d97a957b38975a969613b4950953a41d048bcb
OpenSSL TLS Heartbeat Extension Memory Disclosure
Posted Apr 8, 2014
Authored by Jared Stafford

This memory disclosure exploit is a quick and dirty demonstration of the TLS heartbeat extension vulnerability.

tags | exploit, info disclosure
advisories | CVE-2014-0160
SHA-256 | 52f0798dad98c4a1b6cab83a8eda203099ba005a12190fde8917fba6bb4fbe85
Microsoft Security Bulletin Summary For April, 2014
Posted Apr 8, 2014
Site microsoft.com

This bulletin summary lists four released Microsoft security bulletins for April, 2014.

tags | advisory
SHA-256 | 42ab9375d5a119d1504c4e87bffce35081ffe9c6a3dc551142efb5af27129816
Bluetooth Text Chat 1.0 Code Execution
Posted Apr 8, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Bluetooth Text Chat version 1.0 for iOS suffers from a code execution vulnerability.

tags | exploit, code execution
systems | apple, ios
SHA-256 | 3230526c05b67c40d7a37d84acba59c35e2357e4b5168af9fa91f4db7f0113c7
BlackBerry Z 10 Buffer Overflow
Posted Apr 8, 2014
Authored by Modzero Security

BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor.

tags | exploit, overflow
advisories | CVE-2014-2389
SHA-256 | 94f3ad9825cf56bf2e0d4385ec6edf97a421ec557a510f614000c11f62775b0b
HP Security Bulletin HPSBST02980
Posted Apr 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02980 - A potential security vulnerability has been identified in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux. The vulnerability could be exploited locally resulting in elevation of privilege. Revision 1 of this advisory.

tags | advisory
systems | linux
advisories | CVE-2013-6216
SHA-256 | 16c17df1bc75e43156e9b8be57baa10d7586b91a62e7dcbb2c9d3806f740f339
Halon Security Router XSS / CSRF / Open Redirect
Posted Apr 8, 2014
Authored by Juan Manuel Garcia

Halon Security Router suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 6a89ccc532c3b03e26dc887d1ad606c3b5effc18b384765f25f3a06bdd2836bd
BlazeDVD Pro Player 6.1 Buffer Overflow
Posted Apr 8, 2014
Authored by Deepak Rathore

BlazeDVD Pro Player version 6.1 stack-based buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 36ddc24b6e1b4dd2f3591102abac3bd0971dd7eda9dae438577b41a87b9287db
Red Hat Security Advisory 2014-0378-01
Posted Apr 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0378-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.

tags | advisory, kernel, info disclosure
systems | linux, redhat
advisories | CVE-2014-0160
SHA-256 | 85f3267b23c3a2c746ab13cf225702438ff173d13d36e28e69a306ae88cbb914
Gentoo Linux Security Advisory 201404-07
Posted Apr 8, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-7 - Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. Versions less than 1.0.1g are affected.

tags | advisory, remote, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2014-0076, CVE-2014-0160
SHA-256 | 5a052eecc5f9820f2774d8bfc627f2dcb6074aeb700f13c087a5702f55105cee
Gentoo Linux Security Advisory 201404-06
Posted Apr 8, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-6 - Multiple vulnerabilities in Mesa could result in execution of arbitrary code or Denial of Service. Versions less than 9.1.4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2864, CVE-2012-5129, CVE-2013-1872
SHA-256 | 36031cee58d1f9371bb65ef019c1a9362896bfe76486340bbed7f9f618fdb875
Red Hat Security Advisory 2014-0377-01
Posted Apr 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0377-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.

tags | advisory, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2014-0160
SHA-256 | 8f7c4d4d016c55715c90ff4dff65e34096a229969fb8f1a6a46114297025d9fa
Red Hat Security Advisory 2014-0376-01
Posted Apr 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0376-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.

tags | advisory, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2014-0160
SHA-256 | d29801163552d6c5ef3d311980862e909fec81f30ffc610d069125419da17ffe
Debian Security Advisory 2897-1
Posted Apr 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2897-1 - Multiple security issues were found in the Tomcat servlet and JSP engine.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
SHA-256 | 2b66a4a8295291756dace91cbeeb0f72ed10e5069d62d5a8388c8a95212581eb
Debian Security Advisory 2896-2
Posted Apr 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2896-2 - This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0160
SHA-256 | bdc2b441a742338d68217274b585f77a71fb0818c37b23e2611c5800372cdb67
Debian Security Advisory 2896-1
Posted Apr 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2896-1 - A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0160
SHA-256 | b46b7cdf2bdf994b775cf460ae5825957211930d6a2c4d11361546b5cd798cc0
Ubuntu Security Notice USN-2124-2
Posted Apr 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2124-2 - USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-0411, CVE-2014-0423, CVE-2014-0428
SHA-256 | 3e97ae5d9547293ea4ae339a2f1a074b113d672fbb9e11a7e3479121dbd4b0e2
Heartbleed Mass Testing Script
Posted Apr 8, 2014
Authored by Mustafa Al-Bassam, Jared Stafford

This is a modified version of ssltest.py that will do a mass scan for the Heartbleed TLS heartbeat vulnerability.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 82c6e88d81229fdc66b6164151c0633d131f032bbe9893c23498032d22ddb017
Heartbleed Proof Of Concept
Posted Apr 8, 2014
Authored by Jared Stafford

This exploit is a quick and dirty demonstration of the Heartbleed TLS vulnerability.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 0415e43e7ef638d6c409ac662bd691d4eaf202ca6d154493d8cc75be1e929801
Joomla Inneradmission SQL Injection
Posted Apr 8, 2014
Authored by Lazmania61

Joomla Inneradmission component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b995e316a3a1fc834d325da8115f4a448b6ae916afb9869b8e446050e3e306d0
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close