the original cloud security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-07-07

Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
Posted Jul 7, 2014
Authored by juan vazquez, Julian Vilas | Site metasploit.com

This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the service BKFSim_vhfd.exe when using malicious user-controlled data to create logs using functions like vsprintf and memcpy in a insecure way. This Metasploit module has been tested successfully on Yokogawa Centum CS3000 R3.08.50 over Windows XP SP3.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2014-3888
MD5 | febfc146ac24fa56a942db094ac4c1da
EMC Documentum Content Server Privilege Escalation
Posted Jul 7, 2014
Site emc.com

EMC Documentum Content Server contains fixes for privilege escalation vulnerabilities that could be potentially exploited by malicious users to compromise the affected system.

tags | advisory, vulnerability
advisories | CVE-2014-2513, CVE-2014-2514
MD5 | c6016b2d81b714ed3017da986144aa2b
EMC Documentum Foundation Services (DFS) XXE Injection
Posted Jul 7, 2014
Site emc.com

EMC DFS may be vulnerable to XXE vulnerability due to the way the JAXB XML parser handles the incoming XML from an authenticated user. This can be potentially leveraged by a malicious authenticated user to inject malicious data in the XML and retrieve information from sensitive files on the system. This may also be potentially leveraged to affect the integrity and availability of the system.

tags | advisory
advisories | CVE-2014-2510
MD5 | 15e33dfdeb957f8787e7ff68f99100b2
Photo Org WonderApplications 8.3 File Inclusion
Posted Jul 7, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Photo Org WonderApplications version 8.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 37f4fbd442df8b43a46f2381fd8bc5a9
Techboard/Syac Backdoor Access
Posted Jul 7, 2014
Authored by Roberto Paleari, Luca Giancane

Techboard/Syac DigiEye 3G devices suffer from a backdoor access vulnerability.

tags | advisory
MD5 | f45510cb98d7b54ec52f0117d29f6fc1
Apache Syncope Insecure Password Generation
Posted Jul 7, 2014
Authored by Francesco Chicchiricco

Apache Syncope versions prior to 1.1.8 suffer from insecure random implementations being used to generate passwords.

tags | advisory
advisories | CVE-2014-3503
MD5 | 19aedbfce17249dc0fa8d28fb42f7850
Joomla JChatSocial 2.2 Cross Site Scripting
Posted Jul 7, 2014
Authored by Teodor Lupan

Joomla JChatSocial version 2.2 suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-3863
MD5 | 6abb2a89f73b72b07a66e5a3908411bf
Lime Survey 2.05+ Build 140618 XSS / SQL Injection
Posted Jul 7, 2014
Authored by Giuseppe D'Amore

Lime Survey version 2.05+ Build 140618 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | c5dc0d959e9d98f2ed4378e62c5ef5ae
Debian Security Advisory 2972-1
Posted Jul 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2972-1 - Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

tags | advisory, denial of service, kernel
systems | linux, debian
advisories | CVE-2014-4699
MD5 | b161caea6f008c592583b28e37e41a2c
Red Hat Security Advisory 2014-0843-01
Posted Jul 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0843-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly.

tags | advisory, java, remote, web, denial of service, overflow
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
MD5 | f0f2300e5202316ceb144a9cce5fba6a
Red Hat Security Advisory 2014-0842-01
Posted Jul 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0842-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly.

tags | advisory, java, remote, web, denial of service, overflow
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
MD5 | eeb58ebe168517d31daee9a798805942
Yahoo! Flickr API Cross Site Scripting
Posted Jul 7, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

The Yahoo! Flickr API suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 58c8492506294d5b41062d304371fae1
Netgear WNR1000v3 Credential Disclosure
Posted Jul 7, 2014
Authored by c1ph04

Netgear WNR1000v3 suffers from a password recovery credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 6c6b885cf2236e098fb6af1e82c46bf7
PayPal Filter Bypass
Posted Jul 7, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal suffered from validation and filter bypass vulnerabilities.

tags | advisory, vulnerability
MD5 | bcb1a46823f052d390ef8175776c8157
Apple iTunes 11.2.2 Insecure Libraries
Posted Jul 7, 2014
Authored by Stefan Kanthak

Apple iTunes version 11.2.2 for Windows comes with outdated and vulnerable libraries.

tags | advisory
systems | windows, apple
advisories | CVE-2013-0339, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419
MD5 | fd881938444eac64aee8ad1070cfc71a
Atom CMS Shell Upload / SQL Injection
Posted Jul 7, 2014
Authored by Jagriti Sahu

Atom CMS suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 8eb6bbf50c904d6cb8069b796c3eb7a8
xClassified 1.2 SQL Injection
Posted Jul 7, 2014
Authored by Lazmania61

xClassified Classified Script version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1c245a57161d9aaabfa81454fe0ba2f0
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close