Exploit the possiblities
Showing 1 - 11 of 11 RSS Feed

Files Date: 2014-08-22

OpenOffice Targeted Data Exposure Using Crafted OLE Objects
Posted Aug 22, 2014

OpenOffice suffers from a targeted data exposure vulnerability that can be performed using crafted OLE objects. Apache OpenOffice versions 4.1.0 and older on Windows and OpenOffice versions may be affected.

tags | advisory
systems | windows
advisories | CVE-2014-3575
MD5 | 68325aeba2d703ca798fa807a5da5659
Innovaphone PBX Cross Site Request Forgery
Posted Aug 22, 2014
Authored by Rainer Giedat

Innovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface.

tags | exploit, vulnerability, csrf
advisories | CVE-2014-5335
MD5 | a30531a12f71c50df617d6e6f627bf44
Fatt Free CRM Cross Site Scripting
Posted Aug 22, 2014
Authored by Provensec

Fatt Free CRM suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 892029ab19d8c227661db2d1706ebea6
HP Security Bulletin HPSBST03098
Posted Aug 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03098 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running OpenSSL. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 281dfaca84e63b03d2aaca9824fbeced
OpenOffice 4.1.0 Calc Command Injection
Posted Aug 22, 2014
Authored by James Kettle, Rohan Durve

Apache OpenOffice versions 4.1.0 and below on Windows suffers from a command injection vulnerability when loading calc spreadsheets. OpenOffice.org versions may also be affected.

tags | advisory
systems | windows
advisories | CVE-2014-3524
MD5 | 52153d0f9b6f03f458e36fc45c3685c0
IPv6 Extension Headers In The Real World
Posted Aug 22, 2014
Authored by Fernando Gont

This is a draft of IPv6 Extension Headers in the Real World. IPv6 Extension Headers allow for the extension of the IPv6 protocol, and provide support for some core functionality such as IPv6 fragmentation. However, IPv6 Extension Headers are deemed to present a challenge to IPv6 implementations and networks, and are known to be intentionally filtered in some existing IPv6 deployments. This summarizes the issues associated with IPv6 extension headers, and presents real-world data regarding the extent to which packets with IPv6 extension headers are filtered in the public Internet, and where in the network such filtering occurs. Additionally, it provides some guidance to operators in troubleshooting IPv6 blackholes resulting from the use of IPv6 extension headers. Finally, this document provides some advice to protocol designers, and discusses areas where further work might be needed.

tags | paper, protocol
MD5 | d82bab036020d2be2c57fd94ad014d8c
ManageEngine Password Manager MetadataServlet.dat SQL Injection
Posted Aug 22, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.

tags | exploit, remote, web, root, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-3996
MD5 | 63a879bf8e782df6aba1dcfa748fa6bc
Debian Security Advisory 3009-1
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3009-1 - Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2014-3589
MD5 | e35a6404c50214ee762b1e5b789a271d
Debian Security Advisory 3008-2
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-2 - This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced.

tags | advisory
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
MD5 | 94ccce36e4523c5d83481c2b39de22e2
MyBB 1.6.15 Cross Site Request Forgery
Posted Aug 22, 2014
Authored by Vagineer

MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | eacbff03051dae9280872950231d2c7f
CMS Agencija O2 Cross Site Scripting / SQL Injection
Posted Aug 22, 2014
Authored by Renzi

CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6918fb979a4ad9cd53d0bfc524b38ea2
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By