exploit the possibilities
Showing 1 - 25 of 39 RSS Feed

Files Date: 2014-05-22

D-Link Cross Site Scripting / Information Disclosure
Posted May 22, 2014
Authored by Kyle Lovett

D-Link DIR-652, DIR-835, DIR-855L, DGL-500, and DHP-1565 suffer from clear text storage of passwords, cross site scripting, and sensitive information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | b1d74ee568903473d380ad8b08d54f2d
Dotclear Media Manager Authenticated Arbitrary File Upload
Posted May 22, 2014
Authored by EgiX, Brandon Perry | Site metasploit.com

This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.

tags | exploit, arbitrary, file upload
MD5 | 2c23a561dc1c09205a2f28b372f86ce6
Cisco Security Advisory 20140521-nxos
Posted May 22, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. They are all affected by buffer overflow, privilege escalation, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
MD5 | 36d8c6aaad6e487c18531044cf826a0c
Cisco Security Advisory 20140521-waas
Posted May 22, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, overflow, arbitrary, code execution
systems | cisco
MD5 | f09ebdf5d95d4fb7b93da457236837b3
HP Security Bulletin HPSBMU03044
Posted May 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 2c959391daec754059041f441e2b4434
HP Security Bulletin HPSBMU03042
Posted May 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03042 - A potential security vulnerability has been identified with HP Operations Manager i running on Linux, and Windows. The vulnerability could be exploited by an authenticated OMi operator to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | linux, windows
advisories | CVE-2014-2607
MD5 | 02b3a7f31fee9ad66c46f8f577c2585f
Debian Security Advisory 2935-1
Posted May 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2935-1 - It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-3775
MD5 | ac03e4174a03c1ec2daa246d5024ef99
Red Hat Security Advisory 2014-0536-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0536-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
MD5 | ad06b9006906f51ab89d02824bb829d8
Red Hat Security Advisory 2014-0537-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0537-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
MD5 | 4caf4fa27f719f52dc0942b881f1f547
Apple Security Advisory 2014-05-12-1
Posted May 22, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1346, CVE-2014-1731
MD5 | 37909a99f78556109f76edbbb2111f58
Zed Attack Proxy 2.3.1 Linux Release
Posted May 22, 2014
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

Changes: Bug fixes.
tags | tool, web, vulnerability
systems | linux, unix
MD5 | d4382891da3f1ad5b6122c581a44c9ed
WordPress Conversion Ninja Cross Site Scripting
Posted May 22, 2014
Authored by Ashiyane Digital Security Team

WordPress Conversion Ninja plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 70da97f544a39761076147e9f33a5cb9
WordPress bib2html 0.9.3 Cross Site Scripting
Posted May 22, 2014
Authored by Ashiyane Digital Security Team

WordPress bib2html plugin version 0.9.3 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | d8ad9672459f1e03417fa01023e2d67a
rcrypt 1.4
Posted May 22, 2014
Authored by rage | Site 0xrage.com

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.

Changes: Version 1.4 adds support for eof data.
tags | tool, malware
systems | windows
MD5 | 40fba75715011b13fd4521163151dbb9
CoSoSys Endpoint Protector 4 SQL Injection / Backdoor
Posted May 22, 2014
Authored by S. Viehbock | Site sec-consult.com

CoSoSys Endpoint Protector 4 suffers from remote SQL injection, unauthenticated access, information disclosure, and backdoor vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 64f23e130a9c41e408aa75a28a520543
Dotclear 2.6.2 SQL Injection
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3783
MD5 | 0072cdfb755489a2c2427a32d3f8dc15
Dotclear 2.6.2 Arbitrary File Upload
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-3782
MD5 | c41bc1a22f02e513eaae80d882304e12
Dotclear 2.6.2 Authentication Bypass
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from an XML-RPC interface authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2014-3781
MD5 | 930391070853eeb2107de12ceeab82f8
Suricata IDPE 2.0.1
Posted May 22, 2014
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release adds TLS Heartbleed detection. It fixes the Unix socket runmode, fixes AF_PACKET IPS mode, and fixes various DNS handling issues. Many other issues were fixed.
tags | tool, intrusion detection
systems | unix
MD5 | 04fedf4c5148125743702ba463614e52
XML Schema, DTD, And Entity Attacks
Posted May 22, 2014
Authored by Timothy D. Morgan | Site vsecurity.com

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.

tags | paper, vulnerability
MD5 | 0824384b1cb8559eb52570b897ac8f6a
NULL Page Mitigations On Windows 8 x86
Posted May 22, 2014
Authored by Tavis Ormandy

This is a brief write up that discusses NULL page mitigations on Windows 8 and includes a piece of proof of concept code.

tags | exploit, proof of concept
systems | linux, windows
MD5 | 73e524a4ddc4355c68f3fdb4ff3a21ef
MIMEDefang Email Scanner 2.75
Posted May 22, 2014
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: There have been many cosmetic improvements to watch-multiple-mimedefangs.tcl. The "md_get_bogus_mx_hosts" function now checks A records if a domain has no MX records. A forward declaration of rebuild_entity was added to avoid warnings on recent Perl versions.
tags | tool
systems | windows, unix
MD5 | 9cece065550eb1463d5fa90e06a4f9ea
Binatone DT 850W Router Cross Site Request Forgery
Posted May 22, 2014
Authored by Samandeep Singh

Binatone DT 850W wireless router suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 073f3219c4b0f1399c4c52446c0387c6
Easy Address Book Web Server 1.6 Buffer Overflow
Posted May 22, 2014
Authored by superkojiman

Easy Address Book Web Server version 1.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, web, overflow
MD5 | 4b51c181921e1ba3c55680fd90122fa5
Easy File Management Web Server 5.3 Buffer Overflow
Posted May 22, 2014
Authored by superkojiman

Easy File Management Web Server version 5.3 suffers from a stack buffer overflow vulnerability.

tags | exploit, web, overflow
MD5 | a195ac946f8e44777e80ba05a5005036
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    7 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close