exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-09-15

ALCASAR 2.8.1 Remote Root Code Execution
Posted Sep 15, 2014
Authored by EF

ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 3cf87003470b57edc11142b0a2423bf4
Open-Xchange 7.6.0 XSS / SSRF / Traversal
Posted Sep 15, 2014
Authored by Martin Heiland

Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, file inclusion, xxe
advisories | CVE-2014-5234, CVE-2014-5235, CVE-2014-5236, CVE-2014-5237, CVE-2014-5238
MD5 | b1b8a9129b770331b8428b9bd44bff0d
Briefcase 4.0 Code Execution / Local File Inclusion
Posted Sep 15, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Briefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion
MD5 | 5c0fb7edceb28c5668735124f4cfdbbe
PASSWORDS'14 Norway Call For Papers
Posted Sep 15, 2014
Authored by Per Thorsheim

The PASSWORDS'14 Norway Call For Papers has been announced. It will take place December 8th through the 10th, 2014 in Trondheim, Norway.

tags | paper, conference
MD5 | 045e321cfe8f9714c8c1cad9a7f7d515
Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management
Posted Sep 15, 2014
Authored by Federick Joe P Fajardo

Aztech DSL5018EN, DSL705E, and DSL705EU ADSL modems/routers suffer from broken session management, denial of service, file exposure, and parameter tampering vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2014-6435, CVE-2014-6436, CVE-2014-6437
MD5 | e31e579373367ba7f124194a3d19fd17
Maligno 1.3
Posted Sep 15, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: New adversary replication profile, python meterpreter support added, output coloring (Metasploit notation) added, update check mechanism added, client generation automation improvements, code housekeeping, stability improvements, minor bug fixes.
tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | dc8468c8783218d5bb811ed2b07d621e
HP Security Bulletin HPSBOV03099
Posted Sep 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03099 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
MD5 | ae4428563e08f37f8996c44d6d1910e0
Red Hat Security Advisory 2014-1187-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1187-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as Glance and Nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0222, CVE-2014-0223
MD5 | b0494150cf3421a3ee098ec79a9fbd11
Red Hat Security Advisory 2014-1188-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594
MD5 | 0d1ed19626d86a78387c717d6a31453c
Red Hat Security Advisory 2014-1193-01
Posted Sep 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1193-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2014-3596
MD5 | 16858cd33f9c44d7ccf433c26a682e7d
Ubuntu Security Notice USN-2346-1
Posted Sep 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2346-1 - Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-3613, CVE-2014-3620
MD5 | 0868530b1890de122e31eacd0fb01909
WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass
Posted Sep 15, 2014
Authored by Voxel

WordPress Wordfence version 5.2.3 suffers from bypass, insufficient logging, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass
MD5 | b0d1c140ce12e3947bbe6e1fd42c13c9
SingleClick Connect CSRF / XSS / SQL Injection
Posted Sep 15, 2014
Authored by Rob Fuller

SingleClick Connect installs a vulnerable web application, unpassworded MySQL instance, and handles set up of VNC poorly amongst various other issues.

tags | advisory, web
MD5 | fd4f362802e926bf468055adb8e42a31
DVWA Cross Site Request Forgery
Posted Sep 15, 2014
Authored by Paulos Yibelo

Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.

tags | exploit, web, code execution, csrf
MD5 | 0b363f1fdc45ecfbf33d0391bd239c05
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    2 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close