what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2014-08-25

ntopng 1.2.0 Cross Site Scripting
Posted Aug 25, 2014
Authored by Steffen Bauch

ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic.

tags | exploit, xss
advisories | CVE-2014-5464
SHA-256 | 416f680eca8af567594e8b6d180dbb890b3878af0da9c1fadbc83a8c0321e8d1
Dragonfly 1.0.5 Remote Code Execution
Posted Aug 25, 2014
Authored by coco, leex

Dragonfly gem version 1.0.5 that is used for image processing suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 73d1691babfa29eb6acc63825a9b9c11c898fc71bcf13f71d6edd27512467136
VTLS-Virtua SQL Injection
Posted Aug 25, 2014
Authored by Jose Tozo

VTLS-Virtua versions under 2014.X and all of 2013.2.X suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-2081
SHA-256 | 0ed68a92acb71c2b4782d8ca3eae4b92903781f036fd18f10eded456952c6dfb
Barracuda Networks Web Security Flex Appliance 4.x XSS
Posted Aug 25, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Networks Web Security Flex Appliance application version 4.x suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | f9fbb5dd5944a82fd180aaec52a36c4c69a4e909cf944956e674721c4399c8b0
Debian Security Advisory 3011-1
Posted Aug 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-5241, CVE-2014-5243
SHA-256 | c093fa7246682f73827de1c6b9f5ff7e4aee631748170883f9576b67e222827d
Debian Security Advisory 3010-1
Posted Aug 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3010-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483
SHA-256 | a870a2e3f43337f13da823b837e2b2a580c7b425c4bcfb883aa8dcf8c3bf1b98
Red Hat Security Advisory 2014-1091-01
Posted Aug 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1091-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.

tags | advisory, web, local, python
systems | linux, redhat
advisories | CVE-2014-0240
SHA-256 | bfba8c9afe97c836d18408e65e0458e1d5ab5d3cbd7bdfc6b98648846082f02a
Ubuntu Security Notice USN-2139-2
Posted Aug 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2139-2 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-4223, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264
SHA-256 | 41cf4ca7d03378db0d0120613ed712544cf621b6acd20be946b090c7634922e0
Barracuda Networks Web Security Flex 4.1 XSS
Posted Aug 25, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Networks Web Security Flex version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | ece2c59c8d74f20072a1679a21750291f342d6dd646304a909824b4550e4fc97
Bypass Antivirus Dynamic Analysis
Posted Aug 25, 2014
Authored by Emeric Nasi

In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.

tags | paper, virus
SHA-256 | ac72453c0063b45b72cc8060aab4c417bf781a5eebbe61cae50fb5c93dc9c3c7
SSDP Amplification Scanner
Posted Aug 25, 2014

SSDP amplification scanner written in Python. Makes use of Scapy.

tags | exploit, tool, python
SHA-256 | faa957efd4fa5aa13163e90e0aad0e3bc11900ced7ecb7b093daae7820f92053
Air Transfer Iphone 1.3.9 Arbitrary File Download
Posted Aug 25, 2014
Authored by SaMaN

Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.

tags | exploit, remote, denial of service, vulnerability
systems | apple, iphone
SHA-256 | b8c61362492344b22533cf0c29ae89e1126382231a1db7c063c8dfffc085a1da
MEHR Automation System Arbitrary File Download
Posted Aug 25, 2014
Authored by alieye

MEHR Automation System suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 43237482bf048fe3e4d3a8426312aff9c448c4522aee0f9855cc51af36bee3d7
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close