exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-07-24

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation
Posted Jul 24, 2014
Authored by pws

Lian Li NAS suffers from hard-coded cookies, authentication bypass, backdoor accounts, privilege escalation, and various other vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | 3beb9f254b611e2bd928ddade1f770e4ee79355c995275396c0bd8b3574ada1d
Omeka 2.2.1 Remote Code Execution
Posted Jul 24, 2014
Authored by LiquidWorm | Site zeroscience.mk

Omeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file[0]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension. Versions 2.2.1 and 2.2 are affected.

tags | exploit, arbitrary, php, code execution
SHA-256 | 0a1342ee773203c952cf130020bde67a3a822d5d3ee8eec7f9380b7a27d2f503
UniFi / mFi / AirVision Cross Site Request Forgery
Posted Jul 24, 2014
Authored by Seth Art

Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-2225
SHA-256 | cf5d956415dfe69bd227bf92fe0ee5baa564b421821ec63c1aeec8494b6581f5
HP Security Bulletin HPSBMU03076
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 9b97ca3342a8fe043d011e3fbc87f0bef6c8bf5869678631e38d1bc64e95c33b
HP Security Bulletin HPSBMU03074
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 1a4d710e9dd7291eeed8fb57906255564db16e374b955cf64cee067d9ffb017e
Ubuntu Security Notice USN-2300-1
Posted Jul 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2300-1 - Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-4607
SHA-256 | 052eb44f42d6cd5dd14d059c17c5bf9a8bc99472168ac85239a8e82354f16e46
Ubuntu Security Notice USN-2301-1
Posted Jul 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2301-1 - It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-0012, CVE-2014-1402
SHA-256 | 3a91ff5ebd149d7e0aab5ae4a428957385901e2a8fa50facfe13ef486970061a
Red Hat Security Advisory 2014-0888-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0888-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-2894, CVE-2014-3461
SHA-256 | 195082a4a46ffe4559088354e4d5d5cc6eb186e63237e778eda10ca9584098ab
Red Hat Security Advisory 2014-0941-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0941-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks if a user were tricked into clicking on a malicious URL.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2014-3497
SHA-256 | d30f5bfd8905d8674b1d746649a38df392d90111e0b2c428837a01b20f20c092
Red Hat Security Advisory 2014-0940-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0940-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3517
SHA-256 | 0dea30bc1e9c22fe2fa05d20778c0dea310d9d7295170dd8826f16158c433de1
Red Hat Security Advisory 2014-0939-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475
SHA-256 | 13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3c
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 800b88b6e669b68b95c950719ea21eea841a6a017de7043e0fe01ed0e04856c5
Slackware Security Advisory - mozilla-firefox Updates
Posted Jul 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 5749f434a5e46d39aece443e0baac9e8e1e5bf270e85ab57d73bb8f77029cdd2
Slackware Security Advisory - httpd Updates
Posted Jul 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
SHA-256 | 8b2ce2fa4eaa2da3d41503e0ff66afd040e6de3710d8ec4fb82e11f6fde37915
Debian Security Advisory 2987-1
Posted Jul 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2987-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4266, CVE-2014-4268
SHA-256 | faa288d612eeef5bf4c9f58961bc2f8a33f1a0148d0997c3924c7b9e14b513ee
Debian Security Advisory 2986-1
Posted Jul 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2986-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
SHA-256 | a4eb9120a7e71d7ea237528df4080150da04d22d7c5825f8d7976d867f97602d
WordPress Video Gallery 2.5 Cross Site Scripting / SQL Injection
Posted Jul 24, 2014
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | fa03954d2dcdb36b2c9e8c2703248818216e1246ba65e78aacd009799544085f
Windows Mail Rogue Program.exe Execution
Posted Jul 24, 2014
Authored by Stefan Kanthak

Windows Mail will execute a rogue program if it is sitting at C:\Program.exe.

tags | exploit
systems | windows
SHA-256 | f3534d160722b0c8512076ca40f68dc52eb9958ad735b147cbbd847d80bd678a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close