exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-06-26

Mailspect Control Panel 4.0.5 Code Execution / File Read / XSS
Posted Jun 26, 2014
Authored by Onur Alanbel, Bilgi Guvenligi

Mailspect Control Panel version 4.0.5 suffers from remote code execution, arbitrary file read, and cross site scripting vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, xss
MD5 | 37b59e1a00ee50838e1b7aa853ea56b2
HP Enterprise Maps 1.00 Authenticated XXE Injection
Posted Jun 26, 2014
Authored by Brandon Perry

HP Enterprise Maps version 1.00 suffers from an authenticated XXE injection vulnerability.

tags | exploit, xxe
MD5 | 3f644d27b92ee8ff3b3c9fcd396def28
WordPress Simple Share Buttons Adder 4.4 CSRF / XSS
Posted Jun 26, 2014
Authored by Stuart Passe

WordPress Simple Share Buttons Adder plugin version 4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | bf64e4535adfa828a953b8d81f9bbae3
Red Hat Security Advisory 2014-0799-01
Posted Jun 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0799-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-0034, CVE-2014-0035, CVE-2014-0109, CVE-2014-0110, CVE-2014-3481
MD5 | ddb843a23bd25cadc031c32424b641bc
Red Hat Security Advisory 2014-0798-01
Posted Jun 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0798-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-0034, CVE-2014-0035, CVE-2014-0109, CVE-2014-0110, CVE-2014-3481
MD5 | 3ac86cf531026ec9943f6b9957c13b22
Red Hat Security Advisory 2014-0797-01
Posted Jun 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0797-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-0034, CVE-2014-0035, CVE-2014-0109, CVE-2014-0110, CVE-2014-3481
MD5 | af8f4c31c24ba26cd5ab1ca4e828a939
Gentoo Linux Security Advisory 201406-26
Posted Jun 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-26 - Multiple vulnerabilities have been found Django, the worst of which may allow a remote attacker to execute code. Versions less than 1.6.5 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0472, CVE-2014-0473, CVE-2014-0474, CVE-2014-1418
MD5 | 68038bc293cd50c42cf9a25e4c087e06
Ubuntu Security Notice USN-2257-1
Posted Jun 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2257-1 - Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0178, CVE-2014-0239, CVE-2014-0244, CVE-2014-3493
MD5 | 287df9b8f59307c4fdbb584df1bd83ee
Ubuntu Security Notice USN-2258-1
Posted Jun 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2258-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-4617
MD5 | 448c6ccedd62c225edfd73ea689dcac2
Red Hat Security Advisory 2014-0800-01
Posted Jun 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0800-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-1737, CVE-2014-1738, CVE-2014-3153
MD5 | d29d83fbdb6408e3f27b51ef48d70142
Red Hat Security Advisory 2014-0801-01
Posted Jun 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2014-1737, CVE-2014-1738
MD5 | 19697e807e694b96bf6afc5406e35d5b
Thomson TWG87OUIR Cross Site Request Forgery
Posted Jun 26, 2014
Authored by nopesled

Thomson TWG87OUIR suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 4d443736d63ca2ec59989a94d7ba3ff1
39 Bytes mkdir haxor / exit Shellcode
Posted Jun 26, 2014
Authored by Osanda Malith

39 bytes small mkdir() 'haxor' and exit() shellcode.

tags | shellcode
MD5 | 8c789304e8671a5f20aeec7fc6a1c299
Gentoo Linux Security Advisory 201406-25
Posted Jun 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-25 - Multiple vulnerabilities have been discovered in Asterisk, the worst of which could allow privileged users to execute arbitrary system shell commands. Versions less than 11.10.2 are affected.

tags | advisory, arbitrary, shell, vulnerability
systems | linux, gentoo
advisories | CVE-2014-4046, CVE-2014-4047
MD5 | f7c089e2a97f41ddbcf4fcf4f3aa01b5
Sophos Antivirus 9.5.1 Cross Site Scripting
Posted Jun 26, 2014
Authored by Pablo Catalina | Site portcullis-security.com

The Configuration Console of Sophos Antivirus version 9.5.1 (Linux) does not sanitize several input parameters before sending them back to the browser, so an attacker could inject code inside these parameters, including JavaScript code.

tags | advisory, javascript, xss
systems | linux
advisories | CVE-2014-2385
MD5 | b50071d884e4bb8703c92578301ba5cb
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close