Exploit the possiblities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-07-28

Oxwall 1.7.0 Remote Code Execution
Posted Jul 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory. Version 1.7.0 (builds 7907 and 7906) are affected.

tags | exploit, arbitrary, php, code execution
MD5 | b408d435b0b22c345d9eadd73012f297
Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

Oxwall version 1.7.0 (builds 7907 and 7906) suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | bbc2588fc53ab1125d4cda053c5e73ed
HP Security Bulletin HPSBGN02936
Posted Jul 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02936 - A potential security vulnerability has been identified with HP and H3C VPN Firewall Module Products. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-4840
MD5 | 77c7828b06c770c697c38cf8674a56a7
SQLmap Cheatsheet 1.0
Posted Jul 28, 2014
Authored by Alejandro Ramos

This is a very thorough cheatsheet for using SQLmap.

tags | paper
MD5 | 7ea687468fba482ff1d7e5126ee353c1
Redis Portscan Utility
Posted Jul 28, 2014
Authored by Alejandro Ramos

This python script port scans a host using a redis server.

tags | tool, scanner, python
systems | unix
MD5 | e8f725b6a996d08817dcb40ab7292b5f
Parallels Tools 9.0 Privilege Escalation
Posted Jul 28, 2014
Authored by Anastasios Monachos

Parallels Tools version 9.0 for Windows suffers from an unquoted search path local privilege escalation vulnerability.

tags | advisory, local
systems | windows
MD5 | a08ed95e30819818002814d9c544ac44
iTunes Manifest.mbdb Parser
Posted Jul 28, 2014
Authored by Alejandro Ramos

This python script parses the Manifest.mbdb binary database file from iTunes Backup and prints CSV output.

tags | tool, python
systems | unix
MD5 | 5bd437fb617c24170c0871d730117f83
Ground Zero Summit (G0S) 2014 Call For Papers
Posted Jul 28, 2014
Site g0s.org

The Ground Zero Summit (G0S) 2014 Call For Papers has been announced. It will take place November 13th through the 16th, 2014 in New Delhi.

tags | paper, conference
MD5 | 557e4be75db4c869a7fe217c38e9eafc
Web Encryption Extension Authentication Bypass
Posted Jul 28, 2014
Authored by Ralf Senderek

Web Encryption Extension (WEE) suffers from an authentication bypass vulnerability.

tags | advisory, web, bypass
MD5 | a8e61ce9dac422ea7f5b6aa373fbba5b
ZeroCMS 1.0 Cross Site Scripting
Posted Jul 28, 2014
Authored by Mayuresh Dani

ZeroCMS version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4710
MD5 | f3bed96d0a0c071157b4868586e02e50
Red Hat Security Advisory 2014-0949-01
Posted Jul 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0949-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699
MD5 | f69703d921d194cda6c2c3509e06498e
Debian Security Advisory 2991-1
Posted Jul 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2991-1 - Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.

tags | advisory, remote, web
systems | linux, debian
advisories | CVE-2013-5705
MD5 | 16d144d66a3e036dc0ef3bcffb3b3732
Debian Security Advisory 2990-1
Posted Jul 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2990-1 - It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, unix, debian
advisories | CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
MD5 | a09a0571d72fa11e24390d7ace3b8364
Gentoo Linux Security Advisory 201407-05
Posted Jul 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-5 - Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Versions less than 1.0.1h-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | a4bd592dd793d5371924c274f2bf1d18
DirPHP 1.0 Local File Inclusion
Posted Jul 28, 2014
Authored by -Chosen-

DirPHP version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 2e5f45c3daeacb2b10aa31e12798e676
Barracuda Networks Spam / Virus Firewall 5.1.3 XSS
Posted Jul 28, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Barracuda Networks Spam and Virus Firewall version 5.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, virus, xss
MD5 | 24cc68791462f50f645d1cd9d86eb112
Android SDK SQL Injection
Posted Jul 28, 2014
Authored by ms

Android's SDK suffers from a SQL injection vulnerability in the delete() method.

tags | advisory, sql injection
advisories | CVE-2014-4959
MD5 | 46e98f4a41fc98329f43ab1ce2e8daec
CMSimple 4.4.4 RFI / Code Execution / Default Password
Posted Jul 28, 2014
Authored by Govind Singh

CMSimple version 4.4.4 suffers from code execution, default credential, and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 2c4c894cb9402575d943e3582b4a367c
MasterCard Open Redirect
Posted Jul 28, 2014
Authored by Anastasios Monachos

MasterCard.com.au suffers from an open redirect vulnerability.

tags | exploit
MD5 | 77dc1b214c7c0b74a7b3c4e00d19a427
WordPress Slider Revolution Responsive 4.1.4 File Download
Posted Jul 28, 2014
Authored by Claudio Viviani

WordPress Slider Revolution Responsive plugin versions 4.1.4 and below suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 9168eee2811f57117b4e4e87dd38c9bc
Sagem F@st 3304-V1 Denial Of Service
Posted Jul 28, 2014
Authored by Z3ro0ne

Sagem F@st 3304-V1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 4bcd669d8f277ba21aea31790d6fe700
dtSearch Desktop Untrusted Library Loading Execution
Posted Jul 28, 2014
Authored by Ivan Sanchez

Some products from dtSearch Corporation suffer from DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | d793e1e5fb7edf620e8359384435fc2d
WordPress Lead Octopus Power SQL Injection
Posted Jul 28, 2014
Authored by Amirh03in

WordPress Lead Octopus plugin versions prior to 1.1.1 suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. NOTE: The author of this plugin has contacted Packet Storm and claims they have fixed this issue as of 2014/12/07. The fixed version is 1.1.1.

tags | exploit, remote, sql injection
MD5 | 2463180c6853e18a995ceaaeab98223e
WordPress FBGorilla SQL Injection
Posted Jul 28, 2014
Authored by Amirh03in

WordPress FBGorilla plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | c9a06720a924b68c1c8db1415a6a935e
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close