exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-08-12

VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
Posted Aug 12, 2014
Authored by Matt Bergin, Jay Smith | Site metasploit.com

A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.

tags | exploit, arbitrary
systems | windows, xp
advisories | CVE-2014-2477
MD5 | 03e1b6293b3c09bb09b951d2e27b18ca
Ubuntu Security Notice USN-2312-1
Posted Aug 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2312-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266, CVE-2014-4268
MD5 | 2f1d2061b3c036683663592ca47f0d1b
CS-Cart 4.2.0 Session Hijacking
Posted Aug 12, 2014
Authored by Nik Cubrilovic

CS-Cart version 4.2.0 suffers from a session hijacking vulnerability due to weakly minted session identifiers.

tags | exploit
MD5 | 53277f8bf84136bb8fccd5d5bbf5fcf5
GEL CMS 4.0 SQL Injection
Posted Aug 12, 2014
Authored by Guillermo Garcia Marcos

GEL CMS version 4.0 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
MD5 | 656b91b991c1a9820ed6c8a31349c160
Opendaylight 1.0 Local File Inclusion / Remote File Inclusion
Posted Aug 12, 2014
Authored by Gregory Pickett | Site hellfiresecurity.com

Opendaylight version 1.0 suffers from local file inclusion and remote file inclusion vulnerabilities in the Netconf (TCP) service.

tags | advisory, remote, local, tcp, vulnerability, code execution, file inclusion
advisories | CVE-2014-5035
MD5 | a4cfdf36820f04c7f8af2da792632ecd
Apache Cordova 3.5.0 Data Leak
Posted Aug 12, 2014
Authored by Roee Hay, David Kaplan

Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.

tags | advisory, arbitrary, javascript
advisories | CVE-2014-3502
MD5 | 11bd1a4ff480650cd4d04188db43facf
HP Security Bulletin HPSBMU03089
Posted Aug 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
MD5 | 815091302c2735025ef38a270df07936
Debian Security Advisory 2984-2
Posted Aug 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2984-2 - It was discovered that the acpi-support update for DSA-2984-1 would make a laptop's power button forcibly shut the system down, instead of triggering the configured action (usually suspend to RAM). This only affects systems using the gnome-settings-daemon.

tags | advisory
systems | linux, debian
MD5 | 39ba4ca97c7bf0d5f0e9eefa3fef0977
Gentoo Linux Security Advisory 201408-03
Posted Aug 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-3 - A vulnerability in LibSSH can result in leakage of private key information. Versions less than 0.6.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2014-0017
MD5 | 749678d91484134569b1a62ae27874cb
WordPress Disqus 2.7.5 CSRF / Cross Site Scripting
Posted Aug 12, 2014
Authored by Nik Cubrilovic

WordPress Disqus versions 2.7.5 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 6fcc314c8a0032af33fb995ccf41c070
Flawfinder 1.31
Posted Aug 12, 2014
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 27f534e527db3eeef827c9a1b0d755c2
WordPress CK-And-SyntaxHighLighter Arbitrary File Upload
Posted Aug 12, 2014
Authored by Hekt0r

WordPress CK-And-SyntaxHighLighter plugin suffers from a remote file upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, file upload
MD5 | 569a21a1fb3b8b9de965598bb6a100c1
Posted Aug 12, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Fixed i2psnark add torrent form, iptunnel custom options form, and update download buttons. Various other additions.
tags | tool
systems | unix
MD5 | 07c920e5e198f7f81a0f108ca5874d2b
Suricata IDPE 2.0.3
Posted Aug 12, 2014
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Various bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | b7373e6c56c06f94546b96abf4fd8252
Page 1 of 1

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By