what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-07-07

Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
Posted Jul 7, 2014
Authored by juan vazquez, Julian Vilas | Site metasploit.com

This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the service BKFSim_vhfd.exe when using malicious user-controlled data to create logs using functions like vsprintf and memcpy in a insecure way. This Metasploit module has been tested successfully on Yokogawa Centum CS3000 R3.08.50 over Windows XP SP3.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-3888
SHA-256 | db93fbf33e9788d81fe33dcce19468109935bbe2f51ee46720d0e3980569bb49
EMC Documentum Content Server Privilege Escalation
Posted Jul 7, 2014
Site emc.com

EMC Documentum Content Server contains fixes for privilege escalation vulnerabilities that could be potentially exploited by malicious users to compromise the affected system.

tags | advisory, vulnerability
advisories | CVE-2014-2513, CVE-2014-2514
SHA-256 | f325a3ed2f21489039f40780cda08a8b95fc127428b6d92df13bc26359e58257
EMC Documentum Foundation Services (DFS) XXE Injection
Posted Jul 7, 2014
Site emc.com

EMC DFS may be vulnerable to XXE vulnerability due to the way the JAXB XML parser handles the incoming XML from an authenticated user. This can be potentially leveraged by a malicious authenticated user to inject malicious data in the XML and retrieve information from sensitive files on the system. This may also be potentially leveraged to affect the integrity and availability of the system.

tags | advisory, xxe
advisories | CVE-2014-2510
SHA-256 | d1e1a73d1d637c161e05f25a631264752ec6586523f72bf2a11e1e625939b20d
Photo Org WonderApplications 8.3 File Inclusion
Posted Jul 7, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Photo Org WonderApplications version 8.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 3f47df8c41dd897769a58d64e4c0cf55a5ef8585a8d2114d2582e8dbebb518fe
Techboard/Syac Backdoor Access
Posted Jul 7, 2014
Authored by Roberto Paleari, Luca Giancane

Techboard/Syac DigiEye 3G devices suffer from a backdoor access vulnerability.

tags | advisory
SHA-256 | 33cc889ede70ca75a8c0e1208e6650725ce6572d34b522656e3ccc4be7b34240
Apache Syncope Insecure Password Generation
Posted Jul 7, 2014
Authored by Francesco Chicchiricco

Apache Syncope versions prior to 1.1.8 suffer from insecure random implementations being used to generate passwords.

tags | advisory
advisories | CVE-2014-3503
SHA-256 | 07427e4874a38a578223cafca4a59cd9cace199c27465512d0d278cda4d1ad58
Joomla JChatSocial 2.2 Cross Site Scripting
Posted Jul 7, 2014
Authored by Teodor Lupan

Joomla JChatSocial version 2.2 suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-3863
SHA-256 | b60c78e7fa6f4fbc79fb6c9ac9c1acb463e37fb609f80349f6b8bd49780480e5
Lime Survey 2.05+ Build 140618 XSS / SQL Injection
Posted Jul 7, 2014
Authored by Giuseppe D'Amore

Lime Survey version 2.05+ Build 140618 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 28da032c6555df3973c4da790e8ab241d1408608242238f8c81cc27c1b57bd84
Debian Security Advisory 2972-1
Posted Jul 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2972-1 - Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

tags | advisory, denial of service, kernel
systems | linux, debian
advisories | CVE-2014-4699
SHA-256 | abd13212bb911b20678d315d29c2d8d434dfae706531fe23b757f8e6a1abb52d
Red Hat Security Advisory 2014-0843-01
Posted Jul 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0843-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly.

tags | advisory, java, remote, web, denial of service, overflow
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | a6cc1be3f1885282158acec79e328dcd8c345e4b282490b64c738d66a990afb1
Red Hat Security Advisory 2014-0842-01
Posted Jul 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0842-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly.

tags | advisory, java, remote, web, denial of service, overflow
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | 3730ead4d99e94df65ba5aed1ed73050fa6e4d03e8b6d2f9203fd8f685755368
Yahoo! Flickr API Cross Site Scripting
Posted Jul 7, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

The Yahoo! Flickr API suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0a82633363f77300f20ae19f62cd3f4f98f06a8fc9e22d76720d61fa71d3f3f1
Netgear WNR1000v3 Credential Disclosure
Posted Jul 7, 2014
Authored by c1ph04

Netgear WNR1000v3 suffers from a password recovery credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | fd3330fd142b3b449f6632005ba44c89faaee27e562f16b553e16bed506c7e7b
PayPal Filter Bypass
Posted Jul 7, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal suffered from validation and filter bypass vulnerabilities.

tags | advisory, vulnerability
SHA-256 | c814e51c561c1d4de0929e44ba0a70a8cfa1ec3ec92bb85e324688d9e58c4177
Apple iTunes 11.2.2 Insecure Libraries
Posted Jul 7, 2014
Authored by Stefan Kanthak

Apple iTunes version 11.2.2 for Windows comes with outdated and vulnerable libraries.

tags | advisory
systems | windows, apple
advisories | CVE-2013-0339, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419
SHA-256 | 06dd04f00b24ec800040eaaa5b70fc019fae6203350c787c6d149bfb0721507b
Atom CMS Shell Upload / SQL Injection
Posted Jul 7, 2014
Authored by Jagriti Sahu

Atom CMS suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 3367d61b49a725f65775627f3fdafe186679e76b1405180e66b728a04893df9a
xClassified 1.2 SQL Injection
Posted Jul 7, 2014
Authored by Lazmania61

xClassified Classified Script version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0c10d89079cc85377c0afcce77166e3cefd368bcbaea45b7d25331a06fb11cb3
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close