exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-07-15

HP Security Bulletin HPSBGN03068
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03068 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | 9f946d69e9ae40c2b4951e6887030d834e2b618227253bcf06f848fb7f7f8e75
HP Security Bulletin HPSBHF02913
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02913 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS). The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-2618, CVE-2014-2619, CVE-2014-2620, CVE-2014-2621, CVE-2014-2622
SHA-256 | 805c37c22bb461da54bf4be56b89f7757e21875b44289d28facaff156b211741
HP Security Bulletin HPSBST03039
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03039 - Potential security vulnerabilities have been identified with HP StoreVirtual 4000 Storage and StoreVirtual VSA. The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-2605, CVE-2014-2606
SHA-256 | 6602c51ec6623596c7878756e8f0e731f49ba8f5350d89183544c5361c41042e
Red Hat Security Advisory 2014-0886-00
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0886-00 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | d3ca816758feba4cd5d87e779e2f7d1863ed3a7afb7b0768d0234ca5c12c0450
Red Hat Security Advisory 2014-0885-01
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0885-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 51e15bfe75d2d06eb17bd6b555217230ed6465d0220e45b26aff8848ef26cef7
Red Hat Security Advisory 2014-0884-00
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0884-00 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 824d19e24f381d4ffe663420e89fb27d7908ea0e5208c070a8564134a5a86b3c
Red Hat Security Advisory 2014-0883-01
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0883-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 2a52eb55391b6c8b922ce725eb855c7602647d799b5051376c79b0094d829e69
Ubuntu Security Notice USN-2277-1
Posted Jul 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2277-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
SHA-256 | af843cb7532468fdab2dbd84387a3debd85531865cd9b8f042810afd6648ede6
Ubuntu Security Notice USN-2278-1
Posted Jul 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2278-1 - Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-7345, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538
SHA-256 | fd91d89c0e0f45a391afcd59751756bc137092d30677dcd44fab7511dbf1a997
Wordpress WPTouch Authenticated File Upload
Posted Jul 15, 2014
Authored by Christian Mehlmauer, Marc-Alexandre Montpas | Site metasploit.com

The Wordpress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to the upload folder. Because the plugin also uses it's own file upload mechanism instead of the wordpress api it's possible to upload any file type. The user provided does not need special rights. Also users with "Contributer" role can be abused.

tags | exploit, arbitrary, file upload
SHA-256 | 3b83080229ddf1398d4c0e14805e19037ba1387ba609af42952912ac8e1c07bb
Browserify 4.2.0 Remote Command Execution
Posted Jul 15, 2014
Authored by Cal Leeming

Browserify versions 4.2.0 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | e8919d2a8ef51b9aa8f5d664f2a60bf400d82492defbb3819624caf491329efe
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Posted Jul 15, 2014
Authored by Matthew Bergin

A vulnerability within VBoxGuest module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 through 4.3.10 are affected.

tags | exploit, arbitrary
advisories | CVE-2014-2477
SHA-256 | 23d2e313c1427a208d2779f1e9be216e6d3f6f4025a67191718be30d6c492262
OctavoCMS Admin Panel Cross Site Scripting
Posted Jul 15, 2014
Authored by Hadi Arjmand

OctavoCMS suffers from cross site scripting vulnerabilities in its administrative panel functionality.

tags | exploit, vulnerability, xss
SHA-256 | 959d307a49e3a67b8d7ac7ec862c293249bd9716566f7d28742b776f11e9461b
HP Data Protection Manager 8.10 Remote Command Execution
Posted Jul 15, 2014
Authored by Polunchis

HP Data Protection manager version 8.10 suffers from a remote command execution.

tags | exploit, remote
SHA-256 | 72ed8aa446b8dbbc1ffeba0993da64ecfc95fa1b6da8e80ef2701ad611f32d1d
Elipse E3 Scada PLC Denial Of Service
Posted Jul 15, 2014
Authored by Firebits

HTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition.

tags | exploit, web, denial of service
advisories | CVE-2011-4899
SHA-256 | 65f5fc97bc8d00f15669db0bbffd8cdcdca03af1247dd6f844cccec55d045fbd
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close