what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-09-15

ALCASAR 2.8.1 Remote Root Code Execution
Posted Sep 15, 2014
Authored by EF

ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 50969539e307aa3836b82e6e37ce5621a9257c22e78102c9e7849b899b4f8b8f
Open-Xchange 7.6.0 XSS / SSRF / Traversal
Posted Sep 15, 2014
Authored by Martin Heiland

Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, file inclusion, xxe
advisories | CVE-2014-5234, CVE-2014-5235, CVE-2014-5236, CVE-2014-5237, CVE-2014-5238
SHA-256 | a67a92350a6eb49fcfcd83bb5f4009ea48632c5c129805bdc644ed7b80ed0a6b
Briefcase 4.0 Code Execution / Local File Inclusion
Posted Sep 15, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Briefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion
SHA-256 | ee4769ddc3ccb478d6f4b3846b15011421dba91117c82dee9377af11ba04b175
PASSWORDS'14 Norway Call For Papers
Posted Sep 15, 2014
Authored by Per Thorsheim

The PASSWORDS'14 Norway Call For Papers has been announced. It will take place December 8th through the 10th, 2014 in Trondheim, Norway.

tags | paper, conference
SHA-256 | a270ae5136e49e09f525068c54f96fe43d036add98f294ae63d3bfe720c708fa
Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management
Posted Sep 15, 2014
Authored by Federick Joe P Fajardo

Aztech DSL5018EN, DSL705E, and DSL705EU ADSL modems/routers suffer from broken session management, denial of service, file exposure, and parameter tampering vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2014-6435, CVE-2014-6436, CVE-2014-6437
SHA-256 | f6d378232da2f6443ab2049ec99245e887f6a80eb6f0844fa10661d9cbd6ca5d
Maligno 1.3
Posted Sep 15, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: New adversary replication profile, python meterpreter support added, output coloring (Metasploit notation) added, update check mechanism added, client generation automation improvements, code housekeeping, stability improvements, minor bug fixes.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | fe2122fa4c8903c6f94454c7940fbe1d8bc432820eaa3829a22a22f7ac9ff938
HP Security Bulletin HPSBOV03099
Posted Sep 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03099 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
SHA-256 | aae3e2a1d333eb054bbbacfd312875f79f591047aa6e4a71ea420ee9f8f26a54
Red Hat Security Advisory 2014-1187-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1187-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as Glance and Nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0222, CVE-2014-0223
SHA-256 | 9c0df0a65b9932b94391bd604c5ef39b8c0c257126ec2cb11ae9e065c3c02c92
Red Hat Security Advisory 2014-1188-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594
SHA-256 | 06a9c4363ca80ae7ee73bcafdc3503c6698bbfff7d64fb4ec71efe94fc24c35d
Red Hat Security Advisory 2014-1193-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1193-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2014-3596
SHA-256 | 19e657455acf991df2d00feb9250321dbe674862f71eba14f81135c0e2dec851
Ubuntu Security Notice USN-2346-1
Posted Sep 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2346-1 - Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-3613, CVE-2014-3620
SHA-256 | 569add75b7a86ea622af485c4086142e1e91cb1b462d2168fa594424e1de799c
WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass
Posted Sep 15, 2014
Authored by Voxel

WordPress Wordfence version 5.2.3 suffers from bypass, insufficient logging, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass
SHA-256 | a79b5eed16cbe3a5519923c18144c38d29237501b95a7b4288d52f305e3b4539
SingleClick Connect CSRF / XSS / SQL Injection
Posted Sep 15, 2014
Authored by Rob Fuller

SingleClick Connect installs a vulnerable web application, unpassworded MySQL instance, and handles set up of VNC poorly amongst various other issues.

tags | advisory, web
SHA-256 | e3202fce8e302bd9f029650fbff05b5533d1086d2690e0533030aa3c37fd383d
DVWA Cross Site Request Forgery
Posted Sep 15, 2014
Authored by Paulos Yibelo

Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.

tags | exploit, web, code execution, csrf
SHA-256 | 75399c599af8214d734313a75983c0648c16b80932511c55319919111ea07883
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close