what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-08-28

In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux
Posted Aug 28, 2014
Authored by Andrew Case, Golden G. Richard III

Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.

tags | paper, forensics
systems | linux, apple, osx
MD5 | fac4b2bf6db6bfdea8da11c5c3607f7d
NRPE 2.15 Remote Command Execution
Posted Aug 28, 2014
Authored by Dawid Golunski, Claudio Viviani

NRPE version 2.15 remote command execution exploit written in Python.

tags | exploit, remote, python
advisories | CVE-2014-2913
MD5 | 4b0b57ab99b65f8ef2ab1855d3a61cbd
DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS
Posted Aug 28, 2014
Authored by Haider Mahmood

DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7327c89ee1f75ee1b3df7335da2449a5
Jappix Cross Site Scripting
Posted Aug 28, 2014
Authored by Provensec

Jappix suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 93fbb0ecd176a2ff77362057c52b9bba
Lynis Auditing Tool 1.6.0
Posted Aug 28, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added several new plugins to default profile. HostID detection for AIX added. Improvements for log file added and the GetHostID function improved. Various other updates.
tags | tool, scanner
systems | unix
MD5 | 8cc7325f7f4e8cc1f4e1396fca428124
F5 BIG-IP 11.5.1 Cross Site Scripting
Posted Aug 28, 2014
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4023
MD5 | 1edf12bed5c1cdadc32d85e80675f569
Aerohive Hive Manager / Hive OS Complete Fail
Posted Aug 28, 2014
Authored by Nick Freeman, Thomas Hibbert, Denis Andzakovic, Carl Purvis, Pedro Worcel, Scott Bell | Site security-assessment.com

Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.

tags | advisory, arbitrary, local, vulnerability, code execution, xss, file inclusion, file upload
MD5 | 0e50cec8ee468c9b9a606da101ef597a
ActualAnalyzer Remote Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

ActualAnalyzer remote command execution exploit that leverages an eval.

tags | exploit, remote
MD5 | 3df62c9ba5621917a524f1632b1ad4b2
PhpWiki Ploticus Command Injection
Posted Aug 28, 2014
Authored by Benjamin Harris

Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.

tags | exploit, remote, proof of concept
MD5 | 208372d3a805a6d5bc13de70fcdfadad
XRMS Blind SQL Injection / Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

XRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.

tags | exploit, remote, sql injection
MD5 | a8201810d4fe781c5a5600f3a57aaac9
Debian Security Advisory 3014-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.

tags | advisory, remote, web, denial of service
systems | linux, debian
advisories | CVE-2014-3609
MD5 | 803c58279cce2f414c42d06ed9a15a5c
Red Hat Security Advisory 2014-1103-01
Posted Aug 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
MD5 | 6d62d2c44b8a92d9875cee714c8d6e3a
Debian Security Advisory 3013-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3013-1 - Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

tags | advisory, arbitrary, python
systems | linux, debian
advisories | CVE-2014-0485
MD5 | fdede3657cbd33e95ed55a4452b59dd7
Ubuntu Security Notice USN-2327-1
Posted Aug 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3609
MD5 | a330841c3221fdfce29ea6d40ba9024f
Plogger Authenticated Arbitrary File Upload
Posted Aug 28, 2014
Authored by b0z

Plogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2014-2223
MD5 | a47fe11fe297628978abb90f66b405fc
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close