what you don't know can hurt you
Showing 1 - 25 of 39 RSS Feed

Files Date: 2014-05-22

D-Link Cross Site Scripting / Information Disclosure
Posted May 22, 2014
Authored by Kyle Lovett

D-Link DIR-652, DIR-835, DIR-855L, DGL-500, and DHP-1565 suffer from clear text storage of passwords, cross site scripting, and sensitive information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | a7668e84297d67c97f777a5d017f21ef288453a895bebdf304e432fe59637710
Dotclear Media Manager Authenticated Arbitrary File Upload
Posted May 22, 2014
Authored by EgiX, Brandon Perry | Site metasploit.com

This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.

tags | exploit, arbitrary, file upload
SHA-256 | fa7134cec4517d630b5ea12c4242fbfc9bfb06e0df1b252b0e24e5fa245675a6
Cisco Security Advisory 20140521-nxos
Posted May 22, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. They are all affected by buffer overflow, privilege escalation, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
SHA-256 | 7cbdd459508984ad05613b5f8dfd78e812d9c4aa6af13199816c11689911fb2c
Cisco Security Advisory 20140521-waas
Posted May 22, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, overflow, arbitrary, code execution
systems | cisco
SHA-256 | debbd5883c0f1ee44fd9c6207d5297829694cf5da109411306a1a90b8555f5c5
HP Security Bulletin HPSBMU03044
Posted May 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 75b0264fcbec223ee3f4ea20c5e45106bd20fec772506d86b5b521ab51e99c32
HP Security Bulletin HPSBMU03042
Posted May 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03042 - A potential security vulnerability has been identified with HP Operations Manager i running on Linux, and Windows. The vulnerability could be exploited by an authenticated OMi operator to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | linux, windows
advisories | CVE-2014-2607
SHA-256 | f1b6918940249cce1d82af4f65bab7e6ca8abce69462188ab50ff2ced7fe6abc
Debian Security Advisory 2935-1
Posted May 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2935-1 - It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-3775
SHA-256 | 968e3067472edc877e3d58f8a306f4c3be00b07a88941c496bc361b1297c2a47
Red Hat Security Advisory 2014-0536-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0536-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
SHA-256 | efa88c6d2d6a9b3c9599b4e685e6a270ed5ced1f29e9a38839441774aef2e9be
Red Hat Security Advisory 2014-0537-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0537-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
SHA-256 | a64031dc8f87dc015972399f06eeeb57a3646b9a5d9e864b433f49d12014a63a
Apple Security Advisory 2014-05-12-1
Posted May 22, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1346, CVE-2014-1731
SHA-256 | cb432efb5b115028ce6fb6e5f7885637ec7ab0cf5c49906f721e09b631043157
Zed Attack Proxy 2.3.1 Linux Release
Posted May 22, 2014
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

Changes: Bug fixes.
tags | tool, web, vulnerability
systems | linux, unix
SHA-256 | 89c9d3e50ff99273c1579e1abf9894e4d2d42ebfbcc35f57d5fc35a54be4a428
WordPress Conversion Ninja Cross Site Scripting
Posted May 22, 2014
Authored by Ashiyane Digital Security Team

WordPress Conversion Ninja plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 0bfb7dbc417cfd5c7380ab708fe11a4521d81a62380978265ae01c7fb6d10f8c
WordPress bib2html 0.9.3 Cross Site Scripting
Posted May 22, 2014
Authored by Ashiyane Digital Security Team

WordPress bib2html plugin version 0.9.3 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | a4eadb29a9ee0fe5cc72b51220221339d9488e699962c0abddc7b56cc660e24f
rcrypt 1.4
Posted May 22, 2014
Authored by rage | Site 0xrage.com

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.

Changes: Version 1.4 adds support for eof data.
tags | tool
systems | windows
SHA-256 | 23829d9b1462518ce5a905745304ab65132b7ff256f08771ac7d918e69d1d89c
CoSoSys Endpoint Protector 4 SQL Injection / Backdoor
Posted May 22, 2014
Authored by S. Viehbock | Site sec-consult.com

CoSoSys Endpoint Protector 4 suffers from remote SQL injection, unauthenticated access, information disclosure, and backdoor vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | ee59c852aa9ec9b54cfb17cac2c30abf6fbb5c230308e6bbdca47b9cb0f61f3e
Dotclear 2.6.2 SQL Injection
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3783
SHA-256 | 2067441f7e53b38ccded93a55914eb552ab0546ea50c16e0ae0faf9cda833960
Dotclear 2.6.2 Arbitrary File Upload
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-3782
SHA-256 | 31ef78e04a371a4e90bcaf14ef4a3350c0869ac317a39cdbeb7a37d65897f61e
Dotclear 2.6.2 Authentication Bypass
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from an XML-RPC interface authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2014-3781
SHA-256 | 0ba9c89e27c9ba118a254a769b3bfb910bbbcfd3ba96f87cd6f39126a26f52b7
Suricata IDPE 2.0.1
Posted May 22, 2014
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release adds TLS Heartbleed detection. It fixes the Unix socket runmode, fixes AF_PACKET IPS mode, and fixes various DNS handling issues. Many other issues were fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | 2e9b6c04e3affaf652ec6a25f56fbabe85ee3ff890d082b6c0a0f239338c22cf
XML Schema, DTD, And Entity Attacks
Posted May 22, 2014
Authored by Timothy D. Morgan | Site vsecurity.com

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.

tags | paper, vulnerability
SHA-256 | 8e82def158ebfbe41cc7595829128a612d02d271dadd2f1c5596bfb75b802a36
NULL Page Mitigations On Windows 8 x86
Posted May 22, 2014
Authored by Tavis Ormandy

This is a brief write up that discusses NULL page mitigations on Windows 8 and includes a piece of proof of concept code.

tags | exploit, proof of concept
systems | linux, windows
SHA-256 | a7d45dd13990e785f7ee6bbec647ae6693fc0348799ef70a34911098b0fb2da6
MIMEDefang Email Scanner 2.75
Posted May 22, 2014
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: There have been many cosmetic improvements to watch-multiple-mimedefangs.tcl. The "md_get_bogus_mx_hosts" function now checks A records if a domain has no MX records. A forward declaration of rebuild_entity was added to avoid warnings on recent Perl versions.
tags | tool
systems | windows, unix
SHA-256 | 7852da1039ed22bc8df4e43c3094ee8c6d6ba154479efd37b643d488a3c85a42
Binatone DT 850W Router Cross Site Request Forgery
Posted May 22, 2014
Authored by Samandeep Singh

Binatone DT 850W wireless router suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 8d9c3eeed475845a253f821c47a2ce2c767601f741f279d533f68fce54e765dc
Easy Address Book Web Server 1.6 Buffer Overflow
Posted May 22, 2014
Authored by superkojiman

Easy Address Book Web Server version 1.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, web, overflow
SHA-256 | eb3749421af48dd72ae5531d12a661999239e19e1c8b9971b9aeb7d94178bfa8
Easy File Management Web Server 5.3 Buffer Overflow
Posted May 22, 2014
Authored by superkojiman

Easy File Management Web Server version 5.3 suffers from a stack buffer overflow vulnerability.

tags | exploit, web, overflow
SHA-256 | 01960135cf899303cf1fae8be238f11e79604d56f7f20d97c009897fa7e524b9
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close