exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2014-06-03

Hydra Network Logon Cracker 8.0
Posted Jun 3, 2014
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added patch for xhydra that adds bruteforce generator to the GUI, initial interactive password authentication test for ssh, patch which adds Unicode support for the SMB module, and module for redis. Various bug fixes and enhancements also included.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 9fd3cb8f839767be7185e3c62642366d85bb9fec82fdf34d97d8a593c0b535c4
Red Hat Security Advisory 2014-0596-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0596-01 - The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | f836b4e6265be37b61ebbaeb05c7c0654914fc9b847e41d68406944ce2824ce7
Red Hat Security Advisory 2014-0593-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0593-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, remote, arbitrary, kernel, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-0077, CVE-2014-2523
SHA-256 | e0af259e59818ab241512a60cb69f15bfc958b2f4f82dba792286e8e46eb78ae
Red Hat Security Advisory 2014-0595-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0595-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3466
SHA-256 | be4ccb2c931432b2046f2813b240d9148cd02af051c850e1537fafb04a55bc68
Red Hat Security Advisory 2014-0597-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0597-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2014-0128
SHA-256 | a93d86f1f5060ac79e0f3de5c45e337415845e6a955bd0933312513c4fbafde0
Red Hat Security Advisory 2014-0594-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0594-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3466, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | 5383daf04f0ecec5ab448cbfb42ba4c12d0682950ec05432c8551747b9422d50
iScan Online Mobile 2.0.1 Command Injection
Posted Jun 3, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iScan Online Mobile version 2.0.1 suffers from a command injection vulnerability.

tags | exploit
SHA-256 | a731c6d4bd6164a27e79d1384464ed90749504d9409a83ee5447f1340dd16584
Bluetooth Photo-File Share 2.1 LFI / File Upload
Posted Jun 3, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Bluetooth Photo-File Share version 2.1 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
SHA-256 | ba03a04131ebae4b1334c779e09e8be2223c8aa62629469e3302f05132dc4271
Transform Foundation Server 4.3.1 / 5.2 Cross Site Scripting
Posted Jun 3, 2014
Authored by Juan Francisco

Transform Foundation Server versions 4.3.1 and 5.2 suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2577
SHA-256 | 891b715a94170fd468abbd07c7655472ee14b471ec028d6a9f769e3fee3dff15
F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting
Posted Jun 3, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

F*EX version 20140313-1 suffers from HTTP response splitting and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2014-3875, CVE-2014-3876, CVE-2014-3877
SHA-256 | 4dc3b01fde7c0d86d616433b95f0ae326f207faf8f3d2b9d094c09535ccd6b6e
Infoware MapSuite Cross Site Scripting
Posted Jun 3, 2014
Authored by Christian Schneider | Site christian-schneider.net

Infoware MapSuite MapAPI versions prior to 1.0.36 and 1.1.49 suffer from a reflective cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-2843
SHA-256 | a0374d8003ffe3e7290f14bab2cc67a1a285a2970e8d9f52c59bd22a87baf3d6
Infoware MapSuite Server-Side Request Forgery
Posted Jun 3, 2014
Authored by Christian Schneider | Site christian-schneider.net

Infoware MapSuite MapAPI versions prior to 1.0.36 and 1.1.49 suffer from a server-side request forgery vulnerability.

tags | advisory
advisories | CVE-2014-2233
SHA-256 | f817a9ede9c3d3be1b53a712a7d5ad315b452b0e0d7c0f60418a333f6e823954
AllReader 1.0 Local File Inclusion
Posted Jun 3, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

AllReader version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 86da03a60130cf0ffb26d558ecf466aeb1489c6ecac333130056673e4417827c
FCKeditor 2.6.10 Cross Site Scripting
Posted Jun 3, 2014
Authored by Robin Bailey

FCKeditor versions 2.6.10 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ec48d54bf9a14cbe9ab85def3491fe17cec2d397f640fcfcf655631a9c67d93
TigerCom My Assistant 1.1 Local File Inclusion
Posted Jun 3, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

TigerCom My Assistant version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | e3522c306b0b47851c2701ae94fc8723ad5c8c10e6648ecb1c2f0fe3d9eaa944
Infoware MapSuite Path Traversal
Posted Jun 3, 2014
Authored by Christian Schneider | Site christian-schneider.net

Infoware MapSuite MapAPI versions prior to 1.0.36 and 1.1.49 suffer from a directory traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-2232
SHA-256 | f187867cdbb5ab804e0b032eec0f21b90b4d473ca96af7c4a66d270aafc547e5
Adobe Acrobat / Reader XI-X AcroBroker Sandbox Bypass
Posted Jun 3, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by an input validation error in the "AcroBroker.exe" component when processing local file paths, which could be exploited by attackers to write malicious files to any location on the disk and bypass Adobe Acrobat's sandbox.

tags | advisory, local, bypass
advisories | CVE-2014-0512
SHA-256 | ad3287533d595d02f6981ed86baf9f122df0208c06a04a1ab44a7b0e85c867be
Privacy Pro 1.2 Local File Inclusion
Posted Jun 3, 2014
Authored by LariX4, Vulnerability Laboratory | Site vulnerability-lab.com

Privacy Pro version 1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b54e439d3b968769db819c8c71d8260531546f364025a1e7a0c4ba15c98fb50d
PHPBTTracker+ 2.2 SQL Injection
Posted Jun 3, 2014
Authored by BackBox Team

PHPBTTracker+ version 2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fa7aba15ea97d81250320431b72f208e37edc68b259942c15690e998aadf30a5
RSA Adaptive Authentication Cross Site Scripting
Posted Jun 3, 2014
Site emc.com

RSA Adaptive Authentication (Hosted) contains a security fix for a DOM cross site scripting vulnerability that may potentially be exploited as a result of improper input validation in the rsa_fso.swf file. RSA Adaptive Authentication (Hosted) version 11.0 is affected.

tags | advisory, xss
advisories | CVE-2014-2502
SHA-256 | fb519bf1c5552b4299cf24beb800b4273768174db4ff04cd6cffb04d2131eb14
Files Desk Pro 1.4 Local File Inclusion
Posted Jun 3, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Files Desk Pro version 1.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f8df8c9ba58375e5c89b98fca9f1d0fa6d9c8f5d25291aeb2050ac71859b5754
NG WifiTransfer Pro 1.1 Local File Inclusion
Posted Jun 3, 2014
Authored by LariX4, Vulnerability Laboratory | Site vulnerability-lab.com

NG WifiTransfer Pro version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 582cb0caa7b800b3eec240541ede7b6b7c23ca1a5e21863808c02a9b6214e277
Debian Security Advisory 2941-1
Posted Jun 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2941-1 - It was discovered that clean_html() function of lxml (pythonic bindings for the libxml2 and libxslt libraries) performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripting.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2014-3146
SHA-256 | 280bdc31468dbbfe79487d5f5d96bff6d2824db0211c840de7cf89cd500e8cad
Debian Security Advisory 2943-1
Posted Jun 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2943-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-2270
SHA-256 | 14ceb25eecc0ebf2b0e99e958e18bd4f806ab39310e6a3cccdc09f253ced106d
Debian Security Advisory 2939-1
Posted Jun 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2939-1 - Several vulnerabilities were discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2014-1743, CVE-2014-1744, CVE-2014-1745, CVE-2014-1746, CVE-2014-1747, CVE-2014-1748, CVE-2014-1749, CVE-2014-3152
SHA-256 | 8bd1510fc2baf0432374eb30629721f1fd882feb4c32590debd2523d8935400c
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close