what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-09-03

wtmpclean 0.8.1
Posted Sep 3, 2014
Authored by Davide Madrisan | Site davide.madrisan.googlepages.com

wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Changes: Modularized the source code. Various bug fixes and improvements.
tags | tool, rootkit
systems | unix
SHA-256 | 10f1c941b82e5c32941825b7f59e6704592032f477faeac4c08b3c40729717cb
BlackCat CMS 1.0.3 Cross Site Scripting
Posted Sep 3, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

BlackCat CMS version 1.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5259
SHA-256 | fafc7f992e0efbd75e5e5533c4fb06f99f20b956f59f1d75cf78cda120736a55
MyWebSQL 3.4 Cross Site Scripting
Posted Sep 3, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

MyWebSQL version 3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4735
SHA-256 | c326b1b1c6e29b10557668743504e265316bd636ca6c9186e0599a9ec5f36b8b
WordPress Advanced Access Manager 2.8.2 File Write / Code Execution
Posted Sep 3, 2014
Authored by Tom Adams

WordPress Advanced Access Manager plugin version 2.8.2 suffers from arbitrary file write and code execution vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution
advisories | CVE-2014-6059
SHA-256 | 003e5940849ab6a302ac199a8b2d726fb390bc112f79728c3bd20e043f321df8
Mpay24 Payment Module 1.5 Information Disclosure / SQL Injection
Posted Sep 3, 2014
Authored by Eldar Marcussen

Mpay24 Payment Module versions 1.5 and below suffer from information disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
advisories | CVE-2014-2008, CVE-2014-2009
SHA-256 | d66f449493790a1e98ef90672f5ab7b9b5deff6e10cb67a05b35be7af45b6a95
Jenkins 1.578 Cross Site Request Forgery / Command Execution
Posted Sep 3, 2014
Authored by Vadodil Joel Varghese

Jenkins version 1.578 suffers from cross site request forgery and command execution vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 6363635fc4f8f8d1c6bf9fa96800d6fbc994b86e1aa1c70cb35bf5039f8becd3
HP Security Bulletin HPSBGN03099
Posted Sep 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03099 - A potential security vulnerability has been identified with HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3508
SHA-256 | 1db2c455fdf69b059f5b562b7718ecf7c607a40347a536b4ca82d10b18abfb32
Mandriva Linux Security Advisory 2014-172
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.

tags | advisory, remote, denial of service, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-5120
SHA-256 | b9ec681569fac685bfa6d31a9d2c25e37d33a1ade655ac8cb434db2d31a3b86d
Mandriva Linux Security Advisory 2014-173
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-173 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. Busybox bundles part of the liblzo code, containing the lzo1x_decompress_safe function, which is affected by this issue.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | fcc34020e34e26f76b502247b86cf085a924a4ece4f9f27fb43b914bf781dc0b
Ubuntu Security Notice USN-2339-2
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2339-2 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5270
SHA-256 | af710e3a425b8f1c589dca591ed48217ca6b1b8d1215d50f09cc6edcc8c3e10e
Ubuntu Security Notice USN-2339-1
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2339-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5270
SHA-256 | 4e60bdc46e0904e8a9e4971ee29d0296c4c6e8a01e589be8af695bfcee0875ba
Gentoo Linux Security Advisory 201409-03
Posted Sep 3, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-3 - A vulnerability in dhcpcd can lead to a Denial of Service condition. Versions less than 6.4.3 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-6060
SHA-256 | 9f8b7f79c1b29c58f8e5a9236074b6a2d86cc261cc470e1909ab69421f55a638
Ubuntu Security Notice USN-2338-1
Posted Sep 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2338-1 - It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5461
SHA-256 | 742386c70e5001c109ed1b9fd23764fe2289037eeb35b4ae341694d1484682de
Debian Security Advisory 3018-1
Posted Sep 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3018-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-1562, CVE-2014-1567
SHA-256 | 5e18bc92d20bfd76066eb3563739f7d1aff2f7637b2c0014c4bd952fd7436099
vBulletin 4.1.2 SQL Injection
Posted Sep 3, 2014
Authored by D35m0nd142

Automated SQL injection exploit for vBulletin versions 4.0.x through 4.1.2 that makes use of a vulnerability originally disclosed in May of 2011.

tags | exploit, sql injection
SHA-256 | 691b034516fcf7b0dc620cf1bbe0d96a66eb11f10db88c4bdbdcd15c897165c9
vtiger.com Cross Site Scripting
Posted Sep 3, 2014
Authored by Provensec

vtiger.com suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1b9a321cd6f74e699037983b2c238616b8c4bb11438d63766de2df5e758a9107
Mozilla Firefox Secret Leak
Posted Sep 3, 2014
Authored by Michal Zalewski

The recent release of Firefox 32 fixes another interesting image parsing issue found by afl. Following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with a simple <canvas> + toDataURL() harness that examines all the fuzzer-generated test cases. Depending on a variety of factors, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. This code is a proof of concept for versions prior to 32.

tags | exploit, web, proof of concept, fuzzer
advisories | CVE-2014-1564
SHA-256 | 7c5c90b2004b180e2ba9b417077aadeb4d76b33775e460d93cce1e056c3e1b29
Olat Stored Cross Site Scripting
Posted Sep 3, 2014
Authored by Provensec, Ankit Bharathan

Olat suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a476d049a0c6d30f4f69fbe42db9b48cb8ad35e811be5397349505a7b9f6aacb
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close