what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2014-08-22

OpenOffice Targeted Data Exposure Using Crafted OLE Objects
Posted Aug 22, 2014

OpenOffice suffers from a targeted data exposure vulnerability that can be performed using crafted OLE objects. Apache OpenOffice versions 4.1.0 and older on Windows and OpenOffice versions may be affected.

tags | advisory
systems | windows
advisories | CVE-2014-3575
MD5 | 68325aeba2d703ca798fa807a5da5659
Innovaphone PBX Cross Site Request Forgery
Posted Aug 22, 2014
Authored by Rainer Giedat

Innovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface.

tags | exploit, vulnerability, csrf
advisories | CVE-2014-5335
MD5 | a30531a12f71c50df617d6e6f627bf44
Fatt Free CRM Cross Site Scripting
Posted Aug 22, 2014
Authored by Provensec

Fatt Free CRM suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 892029ab19d8c227661db2d1706ebea6
HP Security Bulletin HPSBST03098
Posted Aug 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03098 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running OpenSSL. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 281dfaca84e63b03d2aaca9824fbeced
OpenOffice 4.1.0 Calc Command Injection
Posted Aug 22, 2014
Authored by James Kettle, Rohan Durve

Apache OpenOffice versions 4.1.0 and below on Windows suffers from a command injection vulnerability when loading calc spreadsheets. OpenOffice.org versions may also be affected.

tags | advisory
systems | windows
advisories | CVE-2014-3524
MD5 | 52153d0f9b6f03f458e36fc45c3685c0
IPv6 Extension Headers In The Real World
Posted Aug 22, 2014
Authored by Fernando Gont

This is a draft of IPv6 Extension Headers in the Real World. IPv6 Extension Headers allow for the extension of the IPv6 protocol, and provide support for some core functionality such as IPv6 fragmentation. However, IPv6 Extension Headers are deemed to present a challenge to IPv6 implementations and networks, and are known to be intentionally filtered in some existing IPv6 deployments. This summarizes the issues associated with IPv6 extension headers, and presents real-world data regarding the extent to which packets with IPv6 extension headers are filtered in the public Internet, and where in the network such filtering occurs. Additionally, it provides some guidance to operators in troubleshooting IPv6 blackholes resulting from the use of IPv6 extension headers. Finally, this document provides some advice to protocol designers, and discusses areas where further work might be needed.

tags | paper, protocol
MD5 | d82bab036020d2be2c57fd94ad014d8c
ManageEngine Password Manager MetadataServlet.dat SQL Injection
Posted Aug 22, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.

tags | exploit, remote, web, root, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-3996
MD5 | 63a879bf8e782df6aba1dcfa748fa6bc
Debian Security Advisory 3009-1
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3009-1 - Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2014-3589
MD5 | e35a6404c50214ee762b1e5b789a271d
Debian Security Advisory 3008-2
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-2 - This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced.

tags | advisory
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
MD5 | 94ccce36e4523c5d83481c2b39de22e2
MyBB 1.6.15 Cross Site Request Forgery
Posted Aug 22, 2014
Authored by Vagineer

MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | eacbff03051dae9280872950231d2c7f
CMS Agencija O2 Cross Site Scripting / SQL Injection
Posted Aug 22, 2014
Authored by Renzi

CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6918fb979a4ad9cd53d0bfc524b38ea2
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    1 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close