exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-07-29

TOR Virtual Network Tunneling Tool 0.2.4.23
Posted Jul 29, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.4.23 brings us a big step closer to slowing down the risk from guard rotation, and also backports several important fixes from the Tor 0.2.5 alpha release series.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 9e39928e310612c3bffee727f554c63f
SAP Netweaver Business Warehouse Missing Authorization
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.

tags | advisory, remote
MD5 | e6120198a501de2772eebced4b6a0641
SAP HANA XS Administration Tool Cross Site Scripting
Posted Jul 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
MD5 | d55578250933bc28bd2b24d13ab2e889
SAP FI Manager Self-Service Hardcoded Username
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.

tags | advisory
MD5 | c242b388e948bf5b57b395005c6e963c
SAP_JTECHS HTTP Verb Tampering
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.

tags | advisory, remote, web
MD5 | 5fec465828338309c90177042deed4d4
SAP HANA IU5 SDK Authentication Bypass
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.

tags | advisory
MD5 | 96b6592cde4b1fce8b27bb274cb2f2b2
SAP HANA XS Missing Encryption
Posted Jul 29, 2014
Authored by Manuel Muradas, Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.

tags | advisory
MD5 | 3fb4a6ff0191c8149fcdadc2d5ad03bf
Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri, Ebrahim Hegazy | Site vulnerability-lab.com

Barracuda Networks Web Application Firewall version 6.1.5 and LoadBalancer version 4.2.2 suffer from filter bypass and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 674d34f52c6c157302b8d4df7574a644
WiFi HD 7.3.0 LFI / Traversal / Command Injection / CSRF
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WiFi HD version 7.3.0 suffers from local file inclusion, directory traversal, command injection, and cross site request forgery vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 9e4780dc833a39f51d28dcbf857df7b6
DEScrypt Ztex Bruteforcer
Posted Jul 29, 2014
Authored by GiftsUngiven

Proof of concept project that demonstrates how old FPGA boards can be reused for hash cracking purposes.

tags | tool, cracker, proof of concept
MD5 | 105735710e85cafe9afb48a06e9f5a78
Siemens SIMATIC WinCC Privilege Escalation
Posted Jul 29, 2014
Authored by Siemens ProductCERT | Site siemens.com

Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2014-4682, CVE-2014-4683, CVE-2014-4684, CVE-2014-4685, CVE-2014-4686
MD5 | 3310252074fd2b614a4d8a0497bbd17b
Lyris ListManagerWeb 8.95a Cross Site Scripting
Posted Jul 29, 2014
Authored by 1N3

Lyris ListManagerWeb version 8.95a suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f75d88b929c037f0415bd16d30c424c6
Red Hat Security Advisory 2014-0981-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0981-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145
MD5 | 406d9d95aa0c6d16ab6277500d72283d
Red Hat Security Advisory 2014-0979-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0979-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange parameters. This could possibly lead to weak encryption being used in communication between the client and the server.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-1491
MD5 | 50e5848446efeb6f778d73b9cf9b7e9b
Red Hat Security Advisory 2014-0982-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0982-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429
MD5 | 75e398ae4ad7e9361e6550bd62722454
LinkedIn User Account Handling
Posted Jul 29, 2014
Authored by Kishor Sonawane

LinkedIn suffered from a user account handling vulnerability.

tags | exploit, csrf
MD5 | 0f506810937697f765f95d3f52c94d14
SQLMap ile CSRF Bypass
Posted Jul 29, 2014
Authored by Ibrahim Balic

This whitepaper discusses hacking with sqlmap and leveraging cross site request forgery vulnerabilities. Written in Turkish.

tags | paper, vulnerability, csrf
MD5 | 68418b19f3a809183774a45c6a6e5099
WordPress WhyDoWork AdSense 1.2 XSS / CSRF
Posted Jul 29, 2014
Authored by Dylan Irzi

WordPress WhyDoWork AdSense plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | e9fe6f3e636f300a1f6d349e686f482b
J&W Communications SQL Injection
Posted Jul 29, 2014
Authored by Hekt0r

Sites created by J&W Communications appear to suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
MD5 | 7f71d91d36927653ffeceb61b8db6a05
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close