exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

Files Date: 2014-08-27

Firefox WebIDL Privileged Javascript Injection
Posted Aug 27, 2014
Authored by joev, Marius Mlynski | Site metasploit.com

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2014-1510, CVE-2014-1511
MD5 | cd3bc27615aee1fe6d9023c93754e0ee
Microsoft Security Bulletin Re-Release For August, 2014
Posted Aug 27, 2014
Site microsoft.com

This bulletin summary notes that MS14-045 has undergone a major revision increment as of August 27, 2014.

tags | advisory
MD5 | 3cd68d921c3a3941f7a7d605dd27fb89
ManageEngine DeviceExpert 5.9 Credential Disclosure
Posted Aug 27, 2014
Authored by Pedro Ribeiro

ManageEngine DeviceExpert version 5.9 suffers from a user credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | e6fc466b67f24a9a196f74543cad86b1
ICETC2014 Call For Papers
Posted Aug 27, 2014

The International Conference on Education Technologies and Computers (ICETC2014) will be held at Lodz University of Technology, Lodz, Poland on September 22-24, 2014.

tags | paper, conference
MD5 | 50c3e27127b08a9a148f0d7091cc04b4
ManageEngine EventLog Analyzer 7 Cross Site Scripting
Posted Aug 27, 2014
Authored by Rodrigo Contarino

ManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-4930
MD5 | b875bbcf8a71f0adf9610370162bd4a6
Debian Security Advisory 3012-1
Posted Aug 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-5119
MD5 | 6363b2297ea55963096a77dd08e30b72
Red Hat Security Advisory 2014-1102-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1102-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2014-3514
MD5 | bf6fb7c8d38b8139a9d171a89de31754
Red Hat Security Advisory 2014-1101-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
MD5 | d833b20ba0b8d3beffdd49cfb456405f
WooCommerce Store Exporter 1.7.5 Cross Site Scripting
Posted Aug 27, 2014
Authored by Mike Manzotti

WooCommerce Store Exporter version 1.7.5 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | beb5e0712cc1cf553e26750bb6be869c
RedHat Checklist Script
Posted Aug 27, 2014
Authored by Marcos M Garcia

This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author's workplace would comply with specific policies. As this tool was designed specifically for this purpose, "lynis" was not used for the task.

tags | tool
systems | linux, redhat
MD5 | 2ce7d7258bc37945637a8704a1ca0188
Encore Discovery Solution 4.3 Open Redirect / Session Token In URL
Posted Aug 27, 2014
Authored by CAaNES

Encore Discovery Solution version 4.3 suffers from an open redirect vulnerability. It also passes the session token in the URL.

tags | advisory, info disclosure
advisories | CVE-2014-5127, CVE-2014-5128
MD5 | 40fd62a4c37b237f946ca9716e9ce304
RFC7359 - Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages In Dual-Stack Hosts/Networks
Posted Aug 27, 2014
Authored by Fernando Gont

The subtle way in which the IPv6 and IPv4 protocols coexist in typical networks, together with the lack of proper IPv6 support in popular Virtual Private Network (VPN) tunnel products, may inadvertently result in VPN tunnel traffic leakages. That is, traffic meant to be transferred over an encrypted and integrity- protected VPN tunnel may leak out of such a tunnel and be sent in the clear on the local network towards the final destination. This document discusses some scenarios in which such VPN tunnel traffic leakages may occur as a result of employing IPv6-unaware VPN software. Additionally, this document offers possible mitigations for this issue.

tags | paper, local, protocol
MD5 | 23b96b2e0c0f6f3f0381dc2d3096094c
Furniture Site Manager SQL Injection
Posted Aug 27, 2014
Authored by KnocKout

Furniture Site Manager suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 4381e13813da1876a4b595817e07016c
Page 1 of 1

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By