what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-10-08

Rejetto HttpFileServer Remote Command Execution
Posted Oct 8, 2014
Authored by Muhamad Fadzil Ramli, Daniele Linguaglossa | Site metasploit.com

Rejetto HttpFileServer (HFS) is vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas. This Metasploit module exploit the HFS scripting commands by using '%00' to bypass the filtering. This Metasploit module has been tested successfully on HFS 2.3b over Windows XP SP3, Windows 7 SP1 and Windows 8.

tags | exploit, remote
systems | windows, xp, 7
advisories | CVE-2014-6287
MD5 | d2b0168c3b694f4b981bd6356506dd8d
HP Security Bulletin HPSBGN03108
Posted Oct 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03108 - A potential security vulnerability has been identified with HP Records Manager. The vulnerability could be remotely exploited to allow cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2014-4661
MD5 | c352ddae73e048eeea61babbc7693711
HP Security Bulletin HPSBMU03118 2
Posted Oct 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03118 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 2 of this advisory.

tags | advisory, remote, vulnerability, xss
systems | linux, windows
advisories | CVE-2014-2643, CVE-2014-2644, CVE-2014-2645
MD5 | 719b6df8f339cadea95bd47e3a328437
Ubuntu Security Notice USN-2371-1
Posted Oct 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2371-1 - It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-7204
MD5 | ba54fc9ddccf3fd7df59de24205cb69e
Ubuntu Security Notice USN-2370-1
Posted Oct 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2370-1 - Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7206
MD5 | 5de95afc498c921af957579928f012e9
F5 iControl Remote Root Command Execution
Posted Oct 8, 2014
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices).

tags | exploit, remote
advisories | CVE-2014-2928
MD5 | 3e4e7b6e22d76579984514ab11233c5a
SAP Business Warehouse Missing Authorization Check
Posted Oct 8, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' in SAP NetWeaver Business Warehouse does not perform any authorization check prior to retrieving the profile parameter value.

tags | advisory
MD5 | 842fb4679d40fb25a9706e7aad8081bb
Linux Kernel 3.16.1 FUSE Privilege Escalation
Posted Oct 8, 2014
Authored by Andy Lutomirski, Miklos Szeredi

FUSE-based exploit that leverages a flaw in fs/namespace.c where it does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges. Linux kernels through 3.16.1 are affected.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2014-5207
MD5 | 2d853c126733d902bc132b8919d54b29
SAP HANA Web-based Development Workbench Code Injection
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - HANA Developer Edition contains a command injection vulnerability. Specifically, the page /sap/hana/ide/core/base/server/net.xsjs contains an eval call that is vulnerable to code injection. This allows an attacker to run arbitrary XSJS code in the context of the user logged in.

tags | advisory, arbitrary
MD5 | 5a47bb76847a50dd5cdd30e7d5abbdd7
OpenSSH 6.6 SFTP Misconfiguration Proof Of Concept
Posted Oct 8, 2014
Authored by Jann Horn

OpenSSH versions 6.6 and below SFTP misconfiguration proof of concept remote code execution exploit for 64bit Linux.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | d8b60d096999c8be772fdee0c91b2ef8
SAP BusinessObjects Persistent Cross Site Scripting
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - BusinessObjects BI "Send to Inbox" functionality can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
MD5 | 10ab60b94fd37b4023935eafe12b957f
SAP Business Objects Information Disclosure Via CORBA
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - Business Objects CORBA listeners include the ability to run unauthenticated InfoStore queries via CORBA. Although some authorization is enforced, it is possible to obtain a considerable amount of information by making requests to the InfoStore via CORBA.

tags | advisory
MD5 | ba882788502b22c57eff9cb0f2ca500e
SAP HANA Reflective Cross Site Scripting
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA Developer Edition contains multiple reflected cross site scripting vulnerabilities (XSS) in the democontent area.

tags | advisory, vulnerability, xss
MD5 | 86c7316c9c5e0f6a125c56cf1e796e1e
BMC Track-it! Remote Code Execution / SQL Injection
Posted Oct 8, 2014
Authored by Pedro Ribeiro

BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, sql injection
advisories | CVE-2014-4872, CVE-2014-4873, CVE-2014-4874
MD5 | 2dfac2c5de790adacdf358cd01f16a10
SAP Business Objects Denial Of Service Via CORBA
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The CMS CORBA listener includes functions in the OSCAFactory::Session ORB that allows any user to remotely turn off that Business Objects server without authentication.

tags | advisory
MD5 | 661d132dcd28a8177d67dae68090e9d1
SAP Business Objects Information Disclosure
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This information could be used to allow the malicious user to specialize their attacks against the system.

tags | advisory
MD5 | c2cc5fa350134e17fd42dd52026f210f
DrayTek VigorACS SI 1.3.0 File Write / LFI / File Upload
Posted Oct 8, 2014
Authored by Erik-Paul Dittmer, Victor van der Veen

DrayTek VigorACS SI versions 1.3.0 and below suffer from local file inclusion, remote file upload, file write, and default login vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | 0bc2eb7151b49cee3c4b5aef74b61cb9
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close