exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-04-25

Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow
Posted Apr 25, 2014
Authored by j0sm1, Wesley Neelen | Site metasploit.com

This Metasploit module triggers a stack buffer overflow in Wireshark versions 1.8.12/1.10.5 and below by generating an malicious file.

tags | exploit, overflow
advisories | CVE-2014-2299
SHA-256 | 9a0517e6d1e5163de35e4817296671008162392223a5c12c8ee4a7970047e1f9
Mac OS X NFS Mount Privilege Escalation
Posted Apr 25, 2014
Authored by joev, Kenzley Alphonse | Site metasploit.com

This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to and below xnu-1699.32.7 except xnu-1699.24.8 are affected.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
SHA-256 | 7dda844fc6c2159587750ff9bbb7d5956502e05e69840baeb969d48120b1443f
HP Security Bulletin HPSBMU03017 2
Posted Apr 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03017 2 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 2 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | e9a78459f7e987b83bf4af8f0957d2dda3712e58121f226f6f32537579683a93
VideoWhisper 7 Cross Site Scripting
Posted Apr 25, 2014
Authored by Mahmoud Ghorbanzadeh

VideoWhisper version 7 for Drupal suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2715
SHA-256 | 3cb36f0f355441197eacc71c9ca9d019691be0cbec19e7c31df8fb082d3eb583
Depot WiFi 1.0.0 Code Execution / Local File Inclusion
Posted Apr 25, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Depot WiFi version 1.0.0 for iOS suffers from code execution and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion
systems | apple, ios
SHA-256 | 239876a4258fa1ffcf2718fcb13020b5cd7008ce28f17eef80d30d9eaea994bd
GeoCore MAX DB 7.3.3 Blind SQL Injection
Posted Apr 25, 2014
Authored by Esac

GeoCore MAX DB version 7.3.3 suffers from a time-based remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 64ba7edde32456837b3726c9218f6cbada0d228c7d4a3ff8408e3d7216df33dc
HP Security Bulletin HPSBMU03023
Posted Apr 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03023 - A potential security vulnerability has been identified in HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
SHA-256 | 265d34dec60e1f903018c216fd1d7594a225c2b117f6462facc19c5c9c6b82cc
WordPress iMember360is 3.9.001 XSS / Disclosure / Code Execution
Posted Apr 25, 2014
Authored by Everett Griffiths

WordPress iMember360is plugin versions 3.8.012 through 3.9.001 suffers from arbitrary code execution, database credential disclosure, arbitrary user deletion, and cross site scripting vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution, xss, info disclosure
SHA-256 | 4d85f0311356c907bff3b2196646e771d62abcd6b04f759570f4f0300a39cb77
HP Security Bulletin HPSBST03016
Posted Apr 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03016 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | cc603d74519194ed684085382b3f25f8e81c35c6cb29ed84719965071aec239b
HP Security Bulletin HPSBMU02895 SSRT101253 2
Posted Apr 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 2 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
SHA-256 | 0a07ff8e1b3e2972b6af5cc5d704474d68bf9a9d401e1cdab7ed39724fa01539
Debian Security Advisory 2906-1
Posted Apr 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2906-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-4162, CVE-2013-4299, CVE-2013-4345, CVE-2013-4512, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6381, CVE-2013-6382, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7339, CVE-2014-0101, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2014-2039, CVE-2014-2523, CVE-2103-2929
SHA-256 | 336839d986f877d0c9633d42e6961fa76ae807751676c40199ee1f7de18091c3
Debian Security Advisory 2912-1
Posted Apr 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2912-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0462, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | 79dfda837e78d1e5259e544223cb2c97b5077035eab63af2590729a5832b5f12
WordPress Work-The-Flow 1.2.1 Shell Upload
Posted Apr 25, 2014
Authored by nopesled

WordPress Work-The-Flow plugin version 1.2.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 81151a69aad7d23a4b3ad3b647d219987ca81d347d7e6393e87eb89ac65182da
Kolibri 2.0 Stack Buffer Overflow
Posted Apr 25, 2014
Authored by Polunchis

Kolibri version 2.0 GET request stack buffer overflow exploit that spawns a bindshell on TCP/4444.

tags | exploit, overflow, tcp
SHA-256 | 329f1e7a41c16584e5af9f1499b811f888b81bccdba1aee77683cad9955bd7b6
InfraRecorder 0.53 Unicode Buffer Overflow
Posted Apr 25, 2014
Authored by Osanda Malith

InfraRecorder version 0.53 suffers from a unicode buffer overflow vulnerability.

tags | exploit, denial of service, overflow
SHA-256 | 0b8679268a6b10a4b2a1deab7b8b065f4eb7d1e739f4942337e4e38231c083d0
WordPress Echelon Theme Shell Upload
Posted Apr 25, 2014
Authored by th3rockst3r

The WordPress Echelon theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c33b258feee36d875dc4c0082563970e58db338744d94505982121e9877a3449
xnews 3-0-0 Cross Site Scripting
Posted Apr 25, 2014
Authored by kurdish hackers team | Site kurdteam.org

xnews version 3-0-0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cb801e3e008731eae78be6fac9fbc8ace62b194df563ec4abc47db0f3fbefd09
Live.com UI Redress Attack
Posted Apr 25, 2014
Authored by Sandeep Kamble

Live.com suffered from a UI redressing attack.

tags | advisory
SHA-256 | 225b94c84cff17ea94e1fb2b927ea713b15076fee01dcd5ee0b5645ae0ed3abf
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close