seeing is believing
Showing 1 - 25 of 27 RSS Feed

Files Date: 2014-09-08

ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
Posted Sep 8, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.

tags | exploit, java, web, arbitrary, root, code execution, file upload
advisories | CVE-2014-5005
MD5 | 6a182343895b95d2d844bea2c618d723
GDB Server Remote Payload Execution
Posted Sep 8, 2014
Authored by joev | Site metasploit.com

This Metasploit module attempts to execute an arbitrary payload on a loose gdbserver service.

tags | exploit, arbitrary
MD5 | e25640b7bb4226ee00bd92549eaa2fee
JobScheduler Path Traversal
Posted Sep 8, 2014
Authored by Christian Schneider | Site christian-schneider.net

JobScheduler versions prior to 1.7.4241 suffer from a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-5393
MD5 | 34080ff21bf053dc1e85c99115898399
Alcasar 2.8 Remote Root Command Execution
Posted Sep 8, 2014
Authored by EF

Alcasar versions 2.8 and below remote root command execution exploit.

tags | exploit, remote, root
MD5 | 996d379a441234336feceee7ef044f7b
Joomla Spider Calendar 3.2.6 SQL Injection
Posted Sep 8, 2014
Authored by Claudio Viviani

Joomla Spider Calendar component versions 3.2.6 and below suffer from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4442d2c288fd1401c9a80f18f13f47b9
JobScheduler XML eXternal Entity Injection
Posted Sep 8, 2014
Authored by Christian Schneider | Site christian-schneider.net

JobScheduler versions prior to 1.7.4241 suffer from an XML external entity injection vulnerability.

tags | advisory
advisories | CVE-2014-5392
MD5 | dfd86a4e6f0c80ccc4dc2a3adee67123
JobScheduler Cross Site Scripting
Posted Sep 8, 2014
Authored by Christian Schneider | Site christian-schneider.net

JobScheduler versions prior to 1.7.4241 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-5391
MD5 | d61216d32dba0ee1ed9648788c139ece
Red Hat Security Advisory 2014-1166-01
Posted Sep 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1166-01 - Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2014-3577
MD5 | 21429884ecda56558552eec24586cae3
Ubuntu Security Notice USN-2342-1
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2342-1 - Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0182
MD5 | f1e0dd59595249ad59c73dd752dd8fb7
HP Security Bulletin HPSBUX03102 SSRT101681
Posted Sep 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03102 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, php, vulnerability
systems | hpux
advisories | CVE-2013-6438, CVE-2014-0075, CVE-2014-0096, CVE-2014-0098, CVE-2014-0099, CVE-2014-0119, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049
MD5 | 45cebe124d50f17a878fc7d00bff8370
Ubuntu Security Notice USN-2341-1
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2341-1 - Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
MD5 | a81d7ba66f35e1958e669ba0d6776a0d
Red Hat Security Advisory 2014-1165-01
Posted Sep 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1165-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
MD5 | 42f38bdca69917248c2579ee3032e12b
Slackware Security Advisory - php Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120
MD5 | f88a8d0c7f47f10e69fa24ed54f7a66f
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | b10f0c2aa01c89679007c2dc163d33ae
Ubuntu Security Notice USN-2306-3
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-3 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, osx, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
MD5 | 7ee5d196174da9ef3887b78945a08eef
Slackware Security Advisory - mozilla-firefox Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 97c7f18fb3745d42a13c226d1d92eecc
Mandriva Linux Security Advisory 2014-179
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-179 - Updated python-django packages fix security vulnerabilities. These releases address an issue with reverse() generating external URLs, a denial of service involving file uploads, a potential session hijacking issue in the remote-user middleware, and a data leak in the administrative interface.

tags | advisory, remote, denial of service, vulnerability, python, file upload
systems | linux, mandriva
advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483
MD5 | 249e8c06b3476b9231440d07f0cd3d22
Mandriva Linux Security Advisory 2014-178
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-178 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3158
MD5 | c29147731f90bc6f87559a120dbbeb73
Mandriva Linux Security Advisory 2014-177
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-177 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-3609
MD5 | 75390b45816aa74aa20f5ae5f4e56dd3
Mandriva Linux Security Advisory 2014-176
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-176 - The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5270
MD5 | 4657405c319444b46b77ea0b3b2f2d07
Mandriva Linux Security Advisory 2014-175
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-6656, CVE-2014-5119, CVE-2014-6040
MD5 | 6b23eaab5d0d579ec8102690c465ceea
Debian Security Advisory 3019-1
Posted Sep 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3019-1 - Boris 'pi' Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail's formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-3618
MD5 | 699538a223f11976586a820bc568e4b6
Loaded Commerce 7 Shopping Cart SQL Injection
Posted Sep 8, 2014
Authored by Breaking Technology Research Labs

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection.

tags | exploit, remote, sql injection
advisories | CVE-2014-5140
MD5 | 48273cfe87b878c206a2d9e73d1e94e8
WordPress Antioch Arbitrary File Download
Posted Sep 8, 2014
Authored by ACC3SS

WordPress Antioch theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.

tags | exploit, arbitrary
MD5 | 0ecf7578425fe1e730ca7ff5c1927cb1
WordPress Authentic Arbitrary File Download
Posted Sep 8, 2014
Authored by ACC3SS

WordPress Authentic theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.

tags | exploit, arbitrary
MD5 | bf32268eb9fc667bbefff942eeaa3f9a
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close