exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-06-13

Yealink VoIP Phone SIP-T38G Remote Command Execution
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2013-5758
MD5 | 87ccddc0feed6ebe37ed1387f2afa71b
Yealink VoIP Phone SIP-T38G Local File Inclusion
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2013-5756
MD5 | CVE-2013-5756,CVE-2013-5757
Yealink VoIP Phone SIP-T38G Default Credentials
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from having default credentials that are also easily guessable.

tags | exploit
advisories | CVE-2013-5755
MD5 | 6376048e9a4ffe4692df8bc5fef90b33
Yealink VoIP Phone SIP-T38G Privilege Escalation
Posted Jun 13, 2014
Authored by Mr.Un1k0d3r, Doreth.Z10

Yealink VoIP phone version SIP-T38G suffers from a remote privilege escalation vulnerability that gains a root shell.

tags | exploit, remote, shell, root
MD5 | CVE-2013-5759
Apache Hive 0.13.0 Authorization Failure
Posted Jun 13, 2014
Authored by Thejas Nair

Apache Hive version 0.13.0 suffers from an authorization failure issue. In SQL standards based authorization mode, the URIs used in Hive queries are expected to be authorized on the file system permissions. However, the directory used in import/export statements is not being authorized.

tags | advisory
advisories | CVE-2014-0228
MD5 | 2b95eb21c6fe2b2ff2d883672e5968f6
Asterisk Project Security Advisory - AST-2014-008
Posted Jun 13, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.

tags | advisory
advisories | CVE-2014-4048
MD5 | e7f4e447ff2973429204f7f14511596c
Asterisk Project Security Advisory - AST-2014-007
Posted Jun 13, 2014
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked.

tags | advisory, web, tcp
advisories | CVE-2014-4047
MD5 | f6bc42691087326bc220a4aa850a8c2e
Asterisk Project Security Advisory - AST-2014-006
Posted Jun 13, 2014
Authored by Jonathan Rose, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process.

tags | advisory, arbitrary, shell
advisories | CVE-2014-4046
MD5 | 4c818a4e650adae570ab2dafa1b04cc5
Asterisk Project Security Advisory - AST-2014-005
Posted Jun 13, 2014
Authored by John Bigelow, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.

tags | advisory
advisories | CVE-2014-4045
MD5 | 7918265ad799a0a1292fa023cd1e3c3b
HP Security Bulletin HPSBUX03046 SSRT101590
Posted Jun 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03046 SSRT101590 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 2d88d40709179c983042cfde9223693f
HP Security Bulletin HPSBST03016 4
Posted Jun 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03016 4 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | fec86b5d13c5b9495398673bd15c840d
Debian Security Advisory 2958-1
Posted Jun 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2958-1 - Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0478
MD5 | 8a9db9326e30219533025d3904bdd921
Debian Security Advisory 2957-1
Posted Jun 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2957-1 - Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack.

tags | advisory, javascript, xss
systems | linux, debian
advisories | CVE-2014-3966
MD5 | 2dd7d131a5daf996d82f40652d80f908
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jun 13, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 48666c89fab5390b1058c18923744e7e
PostgreSQL 8.4.1 Denial Of Service Integer Overflow
Posted Jun 13, 2014
Authored by Bernt Marius Johnsen

PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability.

tags | exploit, denial of service, overflow
advisories | CVE-2010-0733, OSVDB-63208
MD5 | fff2b20868131df6080f6dd86801c4e1
Yealink VoIP Phones XSS / CRLF Injection
Posted Jun 13, 2014
Authored by Jesus Oquendo

Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and hardware version 28.2.0.128.0.0.0.

tags | exploit, vulnerability, xss
advisories | CVE-2014-3427, CVE-2014-3428
MD5 | 09141b7f8a49b112dd8051a6052056c2
Ubuntu Security Notice USN-2232-2
Posted Jun 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-2 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 1930c3c35eb43e31c6a9743e115aa9bf
Ubuntu Security Notice USN-2245-1
Posted Jun 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2245-1 - Florian Weimer discovered that json-c incorrectly handled buffer lengths. An attacker could use this issue with a specially-crafted large JSON document to cause json-c to crash, resulting in a denial of service. Florian Weimer discovered that json-c incorrectly handled hash arrays. An attacker could use this issue with a specially-crafted JSON document to cause json-c to consume CPU resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-6370, CVE-2013-6371
MD5 | b1515acf6fa775f8a93f468e701ff7df
Lynis Auditing Tool 1.5.6
Posted Jun 13, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds PHP related tests (e.g. register_global), several improvements of existing functions, and new report values (plugins_enabled, session_timeout_enabled and session_timeout_method). Some smaller improvements have been applied.
tags | tool, scanner
systems | unix
MD5 | 713af0616508868ec6a088cc36537b7e
ZTE / TP-Link RomPager Denial Of Service
Posted Jun 13, 2014
Authored by Osanda Malith

ZTE and TP-Link RomPager denial of service exploit. Written in Python.

tags | exploit, denial of service, python
MD5 | 6eec897a2a2a5ec35db4087cb67a93fb
Core FTP LE 2.2 Heap Overflow
Posted Jun 13, 2014
Authored by Gabor Seljan

Core FTP LE version 2.2 suffers from a heap overflow vulnerability.

tags | exploit, overflow
MD5 | a243730e18a3045a2f4039ff6d1285a3
Plesk 10.4.4 / 11.0.9 XXE Injection
Posted Jun 13, 2014
Authored by z00

Plesk versions 10.4.4 and 11.0.9 XXE injection exploit.

tags | exploit, xxe
MD5 | 9ab67a1bdbc82f8e11bde9470183196d
SHOUTcast DNAS 2.2.1 Cross Site Scripting
Posted Jun 13, 2014
Authored by robercik101

SHOUTCAST DNAS version 2.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6bda5f93bec305e554232d52c4308139
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close