exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-04-11

Plex Media Server 0.9.9.10 CSRF / Disclosure
Posted Apr 11, 2014
Authored by S. Viehbock | Site sec-consult.com

Plex Media Server version 0.9.9.10 suffers from use of plain text protocols, insecure use of SSL/TLS, unauthenticated information disclosure, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, protocol, info disclosure, csrf
SHA-256 | 3e1cb6d955b6c33349b4369cc89ac45fd2b1365efadc1a8d845bde2d9f7310d6
WordPress Quick Page/Post Redirect Plugin 5.0.3 CSRF / XSS
Posted Apr 11, 2014
Authored by Tom Adams

WordPress Quick Page/Post Redirect plugin version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-2598
SHA-256 | 543d850e6bb8f1097ef237e3be4e4595f53890211e8adf65315339525e89497d
eScan Web Management Console Command Injection
Posted Apr 11, 2014
Authored by Joxean Koret, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, the runasroot utility can be abused to get root privileges. This Metasploit module has been tested successfully on eScan 5.5-2 on Ubuntu 12.04.

tags | exploit, web, arbitrary, root
systems | linux, ubuntu
SHA-256 | be98f3a46fc9d7210a97e0f50b3bd1ba9ebef9cc6d3e9b5455d3e8e5c69531c0
HP Security Bulletin HPSBMU02995
Posted Apr 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02995 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 907a6458638d1857cd1328f10a18b99a268dd876115f358b6ff918bc31df9780
VMware Security Advisory 2014-0003
Posted Apr 11, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0003 - VMware vSphere Client updates address security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2014-1209, CVE-2014-1210
SHA-256 | 56f51418605761c2a509b1939c5cfd16d1ef1ddf2ea7d5aae6e16c1785d17e53
Debian Security Advisory 2900-1
Posted Apr 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2900-1 - Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images.

tags | advisory, overflow, arbitrary
systems | linux, redhat, debian
advisories | CVE-2013-6369
SHA-256 | a62089eb0007a6409a8672fbd0149f4e0ed8f076992e3c6803504467be05377b
Mandriva Linux Security Advisory 2014-076
Posted Apr 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-076 - Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0466
SHA-256 | 31ae81767a1e79a18c421fe27db83de0a7d1fe84b2ad1d46c4714f7af4ce6540
RSA BSAFE Micro Edition Suite Certificate Chain Processing
Posted Apr 11, 2014
Site emc.com

RSA BSAFE MES 3.2.6, 4.0.5 and higher contains a fix for a security vulnerability that could potentially be exploited by malicious users to create improperly authenticated SSL connections. This vulnerability may cause creation of improperly authenticated SSL connections between the client and the server due to incorrect certificate chain processing logic. MES 4.0.5 and 3.2.6 are designed to address this issue by performing proper certificate validation.

tags | advisory
advisories | CVE-2014-0636
SHA-256 | 236ef77d0a1bb2c038e8abdf9d1b831bb5bdcc69b21aa665f1c64528c1e2a9ac
Woltlab Burning Board 3.9.1 pl1 Cross Site Scripting
Posted Apr 11, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Woltlab Burning Board 3.9.1 pl1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c5eca7aae45c7ecae901cc7a0eca5177eae979828c7eba201eabe71ece3f5c26
Twitget 3.3.1 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 11, 2014
Authored by Tom Adams

Twitget version 3.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-2559
SHA-256 | 266b8fb377793b085d1c5af6d02746d14f19958217853a10c4f6eee53b74a035
Comtrend CT 5361T Password Disclosure
Posted Apr 11, 2014
Authored by TUNISIAN CYBER

Comtrend CT 5361T suffers from a password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | c3beb0a9debd4f539927231b553437a370d4c2a79b7130c247a0f5193a78bcb0
D-Link DAP 1150 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 11, 2014
Authored by MustLive

D-Link DAP 1150 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 4df31b39cf88630f9e6a0e14c8f3506537065b37bfa5724c7cedfd18d99cbd4f
Apple Mac OS X Lion Kernel xnu Privilege Escalation
Posted Apr 11, 2014
Authored by Kenzley Alphonse

Apple Mac OS X Lion kernel xnu versions 1699.32.7 except 1699.24.8 NFS mount privilege escalation exploit. This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
SHA-256 | 8e779edf9df04a55e329faff795fd22465cd1d2fb570d611ba39e3d3871a8731
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140409
Posted Apr 11, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release addresses CVE-2014-0160 in openssl, which was bumped to version 1.0.1g. The kernel was also bumped to 3.13.8 plus Gentoo's hardened-patches, but all other packages remain at the same versions as the previous release. Upgrading is strongly recommended.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-0160
SHA-256 | 31b9e2d262b9e491ebcff8fbc73bf9d2aa0d0da21cceb7930e9d99be8d0958ac
Lynis Auditing Tool 1.5.0
Posted Apr 11, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds support for Amazon Linux and contains a new Lynis test for NTP to test step-tickers file (Red Hat and clones) [TIME-3160]. The FAQ and README files were updated, including references to the Web site.
tags | tool, scanner
systems | unix
SHA-256 | dc5035b49b065bb7d1f6b75b387127c9306526774bb87f9aa8c8e6d2363a51b1
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close