exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-09-17

Nokia Asha 501 Lock Bypass
Posted Sep 17, 2014
Authored by Hammad Shamsi

The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.

tags | exploit, bypass
SHA-256 | c3690f476187bf4b7bceed617052bbbc1450f4932dead991db1083b0707d5e1e
MODX Revolution 2.3.1-pl Cross Site Scripting
Posted Sep 17, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5451
SHA-256 | 896e235037a75dfd399a6f028da7f8f942cfe7ede4331bb0775a05c0e3064ee2
webEdition 6.3.8.0 Path Traversal
Posted Sep 17, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

webEdition version 6.3.8.0 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2014-5258
SHA-256 | ec005fe83de7331a8a07d62daabf90f9ab9273ce575f1297e75142a6f7bfd2ae
DAWIN - Distributed Audit and Wireless Intrustion Notification
Posted Sep 17, 2014
Authored by Mark Osborne | Site loud-fat-bloke.co.uk

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

tags | tool, wireless
systems | linux
SHA-256 | 900a69552ae4f2e1b99cd5231bc485c4e70297254407c0b371ac96a0d19853b9
Apple Security Advisory 2014-09-17-2
Posted Sep 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-2 - Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2011-2391, CVE-2013-6663, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-4357, CVE-2014-4364, CVE-2014-4369, CVE-2014-4371, CVE-2014-4372, CVE-2014-4373, CVE-2014-4375, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4380, CVE-2014-4381, CVE-2014-4383, CVE-2014-4388, CVE-2014-4389, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4410, CVE-2014-4411
SHA-256 | c7b02c75d378a545f8aa6249ce72817c0d53275ba9408b5e1c074ffa5b986f5a
Apple Security Advisory 2014-09-17-1
Posted Sep 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-1 - iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-2391, CVE-2013-5227, CVE-2013-6663, CVE-2013-6835, CVE-2014-1348, CVE-2014-1360, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-4352, CVE-2014-4353, CVE-2014-4354, CVE-2014-4356, CVE-2014-4357, CVE-2014-4361, CVE-2014-4362, CVE-2014-4363, CVE-2014-4364, CVE-2014-4366, CVE-2014-4367, CVE-2014-4368, CVE-2014-4369, CVE-2014-4371, CVE-2014-4372, CVE-2014-4373, CVE-2014-4374
SHA-256 | 9aea82d38a9a0bbd2a4dc19603d0bb6cbf3c4bc828f5ec2b4416c139ceb66db7
Red Hat Security Advisory 2014-1256-01
Posted Sep 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
SHA-256 | 0a42be4979149e6e258283d7685446461846950dbaf2939b187cc377e0d4ae30
ClassApps SelectSurvey.net 4.124.004 SQL Injection
Posted Sep 17, 2014
Authored by BillV

ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-6030
SHA-256 | a1a0d60bd1a776a335c6c68257966aad56e2df9f4539b06ada46bc128f8763ac
Livefyre LiveComments 3.0 Cross Site Scripting
Posted Sep 17, 2014
Authored by Brij Kishore Mishra

Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6eccdbf0d02ef4c32c64da9928ac0666d213e0a528332a271898fa571fbd3865
WordPress WP-Ban 1.62 Bypass
Posted Sep 17, 2014
Authored by Tom Adams

WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.

tags | exploit, bypass
advisories | CVE-2014-6230
SHA-256 | 993efa6dd07b224e9bb5b8fdab33d68bb547334c234e6e0ca083f1086bcc1733
WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS
Posted Sep 17, 2014
Authored by Tom Adams

WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 53f460ac91c7d419b8bcb368ddda31921d0dbe302556c55c904f552f999c5396
OsClass 3.4.1 Cross Site Scripting
Posted Sep 17, 2014
Authored by Omar Kurt | Site netsparker.com

OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7ce8f234f3fc7d597b6dee841a59a83f9c72744d959a65c980de8c3c542ca5da
OsClass 3.4.1 Local File Inclusion
Posted Sep 17, 2014
Authored by Omar Kurt | Site netsparker.com

OsClass version 3.4.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b57ade7f6829462047ddce456aabe66c7c6b4e59dec82158f58d6561c00f9dfb
FreeBSD Security Advisory - TCP Denial Of Service
Posted Sep 17, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.

tags | advisory, spoof, tcp, protocol
systems | freebsd
advisories | CVE-2014-0230
SHA-256 | 02d0df3d2b5a7093f57c850f50146352b4357f62fca2e1ebd401a0c679d05939
Ubuntu Security Notice USN-2319-3
Posted Sep 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2319-3 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-4223, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264
SHA-256 | aefc793776a903cdbda6cd3bfc0f722696015d3319433e46ed16467a11e6e4f7
Ubuntu Security Notice USN-2349-1
Posted Sep 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2349-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
SHA-256 | 3a375c20af9de0288313f16d71a607d209b4175308d50cf64a4dd4f633c37214
Red Hat Security Advisory 2014-1255-01
Posted Sep 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1255-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-4345
SHA-256 | 4b3a553590ae1cd575bd1c4417f87311c2d3268da73d593b7fe4ba259f7a3468
Debian Security Advisory 3026-1
Posted Sep 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3026-1 - Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639
SHA-256 | 33bf84d9f10ca8350a51545c2b108e19d75aedf8a3c9887089bcbb7f0eca8d72
Debian Security Advisory 3025-1
Posted Sep 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3025-1 - It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).

tags | advisory
systems | linux, debian
advisories | CVE-2014-0487, CVE-2014-0488, CVE-2014-0489, CVE-2014-0490
SHA-256 | 7f48d15735dbc2babefb54aa8fa778108712207ca8eced88de418fa6d0860882
seafile-server 3.1.5 Denial Of Service
Posted Sep 17, 2014
Authored by retset

seafile-server version 3.1.5 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 292d4506d9d6653341024ec2cafc303a777f6ba126e5032e2a14512b6d41a1b4
MIUI Torch Enable
Posted Sep 17, 2014
Site nipc.org.cn

MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable the torch.

tags | advisory
SHA-256 | d6921a18ffdaa38904d1331a1ef5ae95a6b488e9904853327611e542c0edc883
Android Bluetooth Enable
Posted Sep 17, 2014
Site nipc.org.cn

A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.

tags | advisory
SHA-256 | 4daa646bde5895fbdd88288d9c9cd55da7cba639eaae92baee8ddd3f6afda65f
MIUI Wifi Connection Message Wireless Enable
Posted Sep 17, 2014
Site nipc.org.cn

MIUI versions 4.1.17 and 5.30 have a flaw where NFC can be used to enable wifi.

tags | advisory
SHA-256 | 8f0385e79db656d96c679b780cecef8edc53320f2104c9d1fe56d10ff1f6cc51
Project Kakilles 0.3
Posted Sep 17, 2014
Authored by Doddy Hackman

Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.

tags | tool, web, perl
SHA-256 | d2e2153f6e4d656992f7440b3cb89926277a075073424d269287da5e78c20038
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close