seeing is believing
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-09-03

wtmpclean 0.8.1
Posted Sep 3, 2014
Authored by Davide Madrisan | Site davide.madrisan.googlepages.com

wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Changes: Modularized the source code. Various bug fixes and improvements.
tags | tool, rootkit
systems | unix
MD5 | 40e00074e6c02e1062fca4cfb87b7e24
BlackCat CMS 1.0.3 Cross Site Scripting
Posted Sep 3, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

BlackCat CMS version 1.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5259
MD5 | 2b8c89599dcf1e906c09067dbbb815d2
MyWebSQL 3.4 Cross Site Scripting
Posted Sep 3, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

MyWebSQL version 3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4735
MD5 | f56dde0cb83e8dd51c765417c7d55f65
WordPress Advanced Access Manager 2.8.2 File Write / Code Execution
Posted Sep 3, 2014
Authored by Tom Adams

WordPress Advanced Access Manager plugin version 2.8.2 suffers from arbitrary file write and code execution vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution
advisories | CVE-2014-6059
MD5 | f12eef062128d0f94117b656f45950c2
Mpay24 Payment Module 1.5 Information Disclosure / SQL Injection
Posted Sep 3, 2014
Authored by Eldar Marcussen

Mpay24 Payment Module versions 1.5 and below suffer from information disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
advisories | CVE-2014-2008, CVE-2014-2009
MD5 | d91cc4e0bea733e9fd33f4bedc70a421
Jenkins 1.578 Cross Site Request Forgery / Command Execution
Posted Sep 3, 2014
Authored by Vadodil Joel Varghese

Jenkins version 1.578 suffers from cross site request forgery and command execution vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 108809237391b47f63ea6995601f2699
HP Security Bulletin HPSBGN03099
Posted Sep 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03099 - A potential security vulnerability has been identified with HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3508
MD5 | 95c3e39501f058e88b098532b0089c97
Mandriva Linux Security Advisory 2014-172
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.

tags | advisory, remote, denial of service, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-5120
MD5 | 233ab8bdca7744b6ef82e432fd9e42ad
Mandriva Linux Security Advisory 2014-173
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-173 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. Busybox bundles part of the liblzo code, containing the lzo1x_decompress_safe function, which is affected by this issue.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
MD5 | 20869bb2d1ac107c3a40a75173043b66
Ubuntu Security Notice USN-2339-2
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2339-2 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5270
MD5 | 4710cf1e69b599211ae202ccb51ea568
Ubuntu Security Notice USN-2339-1
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2339-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5270
MD5 | 7bc20392fda02ee584727cdf4a0e769e
Gentoo Linux Security Advisory 201409-03
Posted Sep 3, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-3 - A vulnerability in dhcpcd can lead to a Denial of Service condition. Versions less than 6.4.3 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-6060
MD5 | 31b0897c3169d55151e126070247bda3
Ubuntu Security Notice USN-2338-1
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2338-1 - It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5461
MD5 | 5b6535f399294088c3022fb75b343267
Debian Security Advisory 3018-1
Posted Sep 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3018-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-1562, CVE-2014-1567
MD5 | 59983e9f3e4f82730e9af8a2b5f976ca
vBulletin 4.1.2 SQL Injection
Posted Sep 3, 2014
Authored by D35m0nd142

Automated SQL injection exploit for vBulletin versions 4.0.x through 4.1.2 that makes use of a vulnerability originally disclosed in May of 2011.

tags | exploit, sql injection
MD5 | 0be5ac6c9a1b2855a08e9d27a7aabe03
vtiger.com Cross Site Scripting
Posted Sep 3, 2014
Authored by Provensec

vtiger.com suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d70db9d69882b38ec09e5e7ba069c73a
Mozilla Firefox Secret Leak
Posted Sep 3, 2014
Authored by Michal Zalewski

The recent release of Firefox 32 fixes another interesting image parsing issue found by afl. Following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with a simple <canvas> + toDataURL() harness that examines all the fuzzer-generated test cases. Depending on a variety of factors, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. This code is a proof of concept for versions prior to 32.

tags | exploit, web, proof of concept, fuzzer
advisories | CVE-2014-1564
MD5 | 2235bb65ae6abe2af194f34a079a0f08
Olat Stored Cross Site Scripting
Posted Sep 3, 2014
Authored by Provensec, Ankit Bharathan

Olat suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a8d32256e34f6cc6436f48a083bcc382
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close