what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2014-09-08

ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
Posted Sep 8, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.

tags | exploit, java, web, arbitrary, root, code execution, file upload
advisories | CVE-2014-5005
SHA-256 | 3f00913148c06a584d92ce2a97c94e9b52e8665ae0cc5ea1934eb1b11d43053a
GDB Server Remote Payload Execution
Posted Sep 8, 2014
Authored by joev | Site metasploit.com

This Metasploit module attempts to execute an arbitrary payload on a loose gdbserver service.

tags | exploit, arbitrary
SHA-256 | 22f9dfcd1753eef9d08e04be2668d3d18e028c7c2608acca1cfc555f0e9e7004
JobScheduler Path Traversal
Posted Sep 8, 2014
Authored by Christian Schneider | Site christian-schneider.net

JobScheduler versions prior to 1.7.4241 suffer from a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-5393
SHA-256 | 8061e2d48ba7588b59baa0247bf4a32a7434e94277b215a0f44545aab25075b6
Alcasar 2.8 Remote Root Command Execution
Posted Sep 8, 2014
Authored by EF

Alcasar versions 2.8 and below remote root command execution exploit.

tags | exploit, remote, root
SHA-256 | d1c8179bd9e01b76a237b47bd35f1178f37edcdb81f143fa85e1be5913be2872
Joomla Spider Calendar 3.2.6 SQL Injection
Posted Sep 8, 2014
Authored by Claudio Viviani

Joomla Spider Calendar component versions 3.2.6 and below suffer from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b2f23c07b9823a2b8e3c2c8f67c97ec1a0c328ca5c972a2d9a04edf32244055c
JobScheduler XML eXternal Entity Injection
Posted Sep 8, 2014
Authored by Christian Schneider | Site christian-schneider.net

JobScheduler versions prior to 1.7.4241 suffer from an XML external entity injection vulnerability.

tags | advisory, xxe
advisories | CVE-2014-5392
SHA-256 | 40fe0246e1c67d5e7933e033572c8b33f807c11ecad0185a3406b997503ac03f
JobScheduler Cross Site Scripting
Posted Sep 8, 2014
Authored by Christian Schneider | Site christian-schneider.net

JobScheduler versions prior to 1.7.4241 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-5391
SHA-256 | b8f7ba1908fd8a2a3b68876a926b4d43c65ca0b14233f30dceea2748e06f264a
Red Hat Security Advisory 2014-1166-01
Posted Sep 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1166-01 - Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2014-3577
SHA-256 | 02e4ef7dbc33e50a64d3276088cff23aa33095d071c28cf5ce48616d0ade075e
Ubuntu Security Notice USN-2342-1
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2342-1 - Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0182
SHA-256 | 5ffa3505d05ee8e3c4c8b580434d263c33d6ac7e8f2b62913fb8732e725391cb
HP Security Bulletin HPSBUX03102 SSRT101681
Posted Sep 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03102 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, php, vulnerability
systems | hpux
advisories | CVE-2013-6438, CVE-2014-0075, CVE-2014-0096, CVE-2014-0098, CVE-2014-0099, CVE-2014-0119, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049
SHA-256 | af8b2d2dc4651b5c40e03e7712d4122b482e686ce4b4e96895b3bb04d657963a
Ubuntu Security Notice USN-2341-1
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2341-1 - Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
SHA-256 | f57044e3821a7f70ab5ef00b54419a5243bf8be708be9a4544a2ce036435c480
Red Hat Security Advisory 2014-1165-01
Posted Sep 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1165-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
SHA-256 | 17495d25b74a610055ad319f9414d23d636d412aedd43cae87e12606b7e9f6e4
Slackware Security Advisory - php Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120
SHA-256 | 02a242f346c66836938ed50a1c8e27f5239fd74fc226b5cb1a8e7f016a55d129
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | a4b22cf5c3bd569cf9a685c8c845c5ff6ecaed31c485bb2e09c3465c061431e2
Ubuntu Security Notice USN-2306-3
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-3 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, osx, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
SHA-256 | f2603aa7d9226b9f4831dcb8df5250b85e04ad8455ad6664e7dbbc9ad9a8c435
Slackware Security Advisory - mozilla-firefox Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 5a1499556333dd7bb9cbe13e1db04d5621958e68d1945f85fc1346145dd7ed91
Mandriva Linux Security Advisory 2014-179
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-179 - Updated python-django packages fix security vulnerabilities. These releases address an issue with reverse() generating external URLs, a denial of service involving file uploads, a potential session hijacking issue in the remote-user middleware, and a data leak in the administrative interface.

tags | advisory, remote, denial of service, vulnerability, python, file upload
systems | linux, mandriva
advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483
SHA-256 | 6c6ad9e0a3a6bafcc98db8f311aef9fa1f50f5df6bd7c716ee23a99b64a4d279
Mandriva Linux Security Advisory 2014-178
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-178 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3158
SHA-256 | a3a3e36971b73655a25cc167f503705376e2ea9b80654a9606fb89facd82aa6c
Mandriva Linux Security Advisory 2014-177
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-177 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-3609
SHA-256 | b82575a60b78927a2527d7d736bd33e786fdb5722f3d6b19aae93004a8044b8f
Mandriva Linux Security Advisory 2014-176
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-176 - The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5270
SHA-256 | 0780b50c1589fe65cc42af17ea0e1cc15443e3fde984ecaad141d58f82502a23
Mandriva Linux Security Advisory 2014-175
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-6656, CVE-2014-5119, CVE-2014-6040
SHA-256 | f3306f4d40c605cd5282642a6815dd2da169dca7f32fb2e4796c7ec5dcb10aa7
Debian Security Advisory 3019-1
Posted Sep 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3019-1 - Boris 'pi' Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail's formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-3618
SHA-256 | 43468ef1ed6db6521e8f82e69ce0b41d1cb6ee9c4335b5d7df059a1903fd547a
Loaded Commerce 7 Shopping Cart SQL Injection
Posted Sep 8, 2014
Authored by Breaking Technology Research Labs

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection.

tags | exploit, remote, sql injection
advisories | CVE-2014-5140
SHA-256 | bc6c0793f0b1ad0e2f4281bcd1c2cc29d75921c3c2de9a5a7d02ed243ff40765
WordPress Antioch Arbitrary File Download
Posted Sep 8, 2014
Authored by ACC3SS

WordPress Antioch theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.

tags | exploit, arbitrary
SHA-256 | 2b12727a6b9750cf997f7294938d75876289238f5c437e1c5bbe279593a9373e
WordPress Authentic Arbitrary File Download
Posted Sep 8, 2014
Authored by ACC3SS

WordPress Authentic theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.

tags | exploit, arbitrary
SHA-256 | 3fb05a1ff5059197a68b63f8a42972fadb202c1f37a2eb251656ffd7ab5ba15f
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close