exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-07-28

Oxwall 1.7.0 Remote Code Execution
Posted Jul 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory. Version 1.7.0 (builds 7907 and 7906) are affected.

tags | exploit, arbitrary, php, code execution
SHA-256 | 8c841d9fd35b8ea44852d334bfc0cbfb91d113810cf27954d9f28bd0fe47a749
Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

Oxwall version 1.7.0 (builds 7907 and 7906) suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 34546a5be05a8197c0ae4879533d170e5c4a9b004a6b0c51de251d8dcc6cfb19
HP Security Bulletin HPSBGN02936
Posted Jul 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02936 - A potential security vulnerability has been identified with HP and H3C VPN Firewall Module Products. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-4840
SHA-256 | edff2d81ce7184365529aef787166593faca72b38d334fdef41d69d33eb4d493
SQLmap Cheatsheet 1.0
Posted Jul 28, 2014
Authored by Alejandro Ramos

This is a very thorough cheatsheet for using SQLmap.

tags | paper
SHA-256 | ddc97c7300247d96dea29d50c29d669f4ea5e85011b11619ce9658f9642b3ae4
Redis Portscan Utility
Posted Jul 28, 2014
Authored by Alejandro Ramos

This python script port scans a host using a redis server.

tags | tool, scanner, python
systems | unix
SHA-256 | e34e7469c343ec4c195957f541a7b939f348e4592e0efa5781b15ab3d1c6083e
Parallels Tools 9.0 Privilege Escalation
Posted Jul 28, 2014
Authored by Anastasios Monachos

Parallels Tools version 9.0 for Windows suffers from an unquoted search path local privilege escalation vulnerability.

tags | advisory, local
systems | windows
SHA-256 | 4ac561e0a8ae43976d960ffd7ca304c4850b8d9c8ae4062502ad7e6f64ca3b20
iTunes Manifest.mbdb Parser
Posted Jul 28, 2014
Authored by Alejandro Ramos

This python script parses the Manifest.mbdb binary database file from iTunes Backup and prints CSV output.

tags | tool, python
systems | unix
SHA-256 | 00948cd9ec05d0f8cce9a5a8d032ae719d7500423c9432e6280010936d75eaa2
Ground Zero Summit (G0S) 2014 Call For Papers
Posted Jul 28, 2014
Site g0s.org

The Ground Zero Summit (G0S) 2014 Call For Papers has been announced. It will take place November 13th through the 16th, 2014 in New Delhi.

tags | paper, conference
SHA-256 | c02e17c904e25b586337adeb4e003360b4ff3222641904017d48172a23e777c6
Web Encryption Extension Authentication Bypass
Posted Jul 28, 2014
Authored by Ralf Senderek

Web Encryption Extension (WEE) suffers from an authentication bypass vulnerability.

tags | advisory, web, bypass
SHA-256 | d5595fa91a8fa0538252e28f43e88473d0efbfa67e816fb5451770506195f0b3
ZeroCMS 1.0 Cross Site Scripting
Posted Jul 28, 2014
Authored by Mayuresh Dani

ZeroCMS version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4710
SHA-256 | 909ebd6b36ef74dee3a5d9bdee2d1d0b598e85a27c2cf26579452bf3c12b75af
Red Hat Security Advisory 2014-0949-01
Posted Jul 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0949-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699
SHA-256 | f9777ca1631aa2e4c1e414fb55781fb71e7081b5f670f58256119195823e51da
Debian Security Advisory 2991-1
Posted Jul 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2991-1 - Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.

tags | advisory, remote, web
systems | linux, debian
advisories | CVE-2013-5705
SHA-256 | 0825c96504b99d210fe961acdb714473b46a1f7fcddf8251e31b0490e8e42c0c
Debian Security Advisory 2990-1
Posted Jul 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2990-1 - It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, unix, debian
advisories | CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
SHA-256 | cc938fc7d54d51a015c06e68ed74d219f09c0baf6016e28dce18fb4e2629a93b
Gentoo Linux Security Advisory 201407-05
Posted Jul 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-5 - Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Versions less than 1.0.1h-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 058715fbe6887e5fa7531493f741e2281a8b6fbd10beffa54560903e427c61b1
DirPHP 1.0 Local File Inclusion
Posted Jul 28, 2014
Authored by -Chosen-

DirPHP version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f922f10049cb2b15a1b16614078725aebb5d95d2cdee5216b779aaa91992d8b9
Barracuda Networks Spam / Virus Firewall 5.1.3 XSS
Posted Jul 28, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Networks Spam and Virus Firewall version 5.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, virus, xss
SHA-256 | fd6bc76304668027f8977a257f29b78b7d5fd39378c30f51b54a32ea8719b644
Android SDK SQL Injection
Posted Jul 28, 2014
Authored by ms

Android's SDK suffers from a SQL injection vulnerability in the delete() method.

tags | advisory, sql injection
advisories | CVE-2014-4959
SHA-256 | 046033dbaaf5bdd27428cd7cdb0cfd8935c69d769ad6e6b0e0901db8c882e245
CMSimple 4.4.4 RFI / Code Execution / Default Password
Posted Jul 28, 2014
Authored by Govind Singh

CMSimple version 4.4.4 suffers from code execution, default credential, and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 546f3b040627c929621993bc0ed2e5a06d948532cc8351e131db507ae36d5b75
MasterCard Open Redirect
Posted Jul 28, 2014
Authored by Anastasios Monachos

MasterCard.com.au suffers from an open redirect vulnerability.

tags | exploit
SHA-256 | 17091aa154924d37cfd73e3daf265786342f19af4f9ee46ad81527ff34d612aa
WordPress Slider Revolution Responsive 4.1.4 File Download
Posted Jul 28, 2014
Authored by Claudio Viviani

WordPress Slider Revolution Responsive plugin versions 4.1.4 and below suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 5741a1911337aab8b63be960a0944a5df6cd526dcc7be9097e32d2f40cfaa290
Sagem F@st 3304-V1 Denial Of Service
Posted Jul 28, 2014
Authored by Z3ro0ne

Sagem F@st 3304-V1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 089e8d0a65adc5f8eab0b71bb5f705b88968a278bc59b169bca15e150f1b2b50
dtSearch Desktop Untrusted Library Loading Execution
Posted Jul 28, 2014
Authored by Ivan Sanchez

Some products from dtSearch Corporation suffer from DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | 87e83a726c488205e1c94f35efd7cb24908ceba7d6b5cee6a82f172f67229fee
WordPress Lead Octopus Power SQL Injection
Posted Jul 28, 2014
Authored by Amirh03in

WordPress Lead Octopus plugin versions prior to 1.1.1 suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. NOTE: The author of this plugin has contacted Packet Storm and claims they have fixed this issue as of 2014/12/07. The fixed version is 1.1.1.

tags | exploit, remote, sql injection
SHA-256 | e229e4737c7358e8d3d774eb912c332444859671ff6cfb1f926797bc8f4fcf09
WordPress FBGorilla SQL Injection
Posted Jul 28, 2014
Authored by Amirh03in

WordPress FBGorilla plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | f89f508dfe6ffe796d290addc918b30d1491a26d310f6cc72ac228fda1c72c98
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close