exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2014-10-10

SAP BusinessObjects Explorer 14.0.5 XXE Injection
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer version 14.0.5 is vulnerable to XML External Entity (XXE) attacks. This vulnerability could be triggered by an unauthenticated user, as the login request uses vulnerable XML processing as well.

tags | exploit, xxe
MD5 | b30595e8d6c7a08fb6721d72d226bfff
neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure
Posted Oct 10, 2014
Authored by Philipp Promeuschel

neuroML version 1.8.1 suffers from cross site scripting, local file inclusion, XXE injection, and path disclosure vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion, xxe
MD5 | e7ec84df8e0f06093e62ccecbe771abd
Red Hat Security Advisory 2014-1371-01
Posted Oct 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1371-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-1568
MD5 | 33e0cf418ab06560de4630dacf276e48
SAP BusinessObjects Explorer 14.0.5 Information Disclosure
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer version 14.0.5 does not validate the user defined inputs of parameter CMS name, which consists of a host name and port number. This can be used to perform a port scan within the network range where the BusinessObject Explorer server is located. This vulnerability could be triggered as unauthenticated user.

tags | exploit, info disclosure
MD5 | c6ca785e4c1bfaea37b329f3cec146f0
SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer 14.0.5 suffers from a cross site flashing vulnerability. It is possible to directly load and display the com_businessobjects_polestar_bootstrap.swf Flash file and specify a configUrl. This requires the victim to be logged and the attacker needs to know the /webres/ URL, which is known as soon as the attacker is in possession of valid credentials. The configuration file specified in the configURL parameter may reside on a foreign host. The configuration file itself may contain URLs of further Flash files residing on a foreign domain. If successful, the victim loads foreign Flash files, which leads to Cross Site Flashing.

tags | exploit
MD5 | da891f95df0c07e7c3e6e7325ba29d52
Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation
Posted Oct 10, 2014
Authored by LiquidWorm | Site zeroscience.mk

The O2 Connection Manager's service suffers from an unquoted search path issue impacting the Import WiFi 'TGCM_ImportWiFiSvc' service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | 81b82e6ff0c16b43b4e87e78b4d57923
Telefonica O2 Connection Manager 3.4 Local Privilege Escalation
Posted Oct 10, 2014
Authored by LiquidWorm | Site zeroscience.mk

O2 Connection Manager suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable files with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'O2 Connection Manager' and its files and sub-dirs world-writable.

tags | exploit
MD5 | 4d033bd9ea18075264665e2c94456f52
WordPress Google Calendar Events 2.0.1 Cross Site Scripting
Posted Oct 10, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Google Calendar Events plugin version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7138
MD5 | 95118b045e6add7313796d1391bed47b
WordPress Contact Form DB 2.8.13 Cross Site Scripting
Posted Oct 10, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Contact Form DB plugin version 2.8.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7139
MD5 | cf4fe085fd044fb52226477f8f5ca213
Microsoft Security Bulletin Summary For October, 2014
Posted Oct 10, 2014
Site microsoft.com

This bulletin summary lists nine released Microsoft security bulletins for October, 2014.

tags | advisory
MD5 | b6153774719efcc9d4e20a5a8d29eac1
Twiki Perl Code Execution
Posted Oct 10, 2014
Authored by Peter Thoeny

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution.

tags | exploit, arbitrary, perl, code execution
advisories | CVE-2014-7236
MD5 | f6bd86cf1ce91b013111856c03894bcf
Twiki Upload Bypass
Posted Oct 10, 2014
Authored by Peter Thoeny

Twiki versions 4.x, 5.x, and 6.0.0 suffer from a file upload bypass vulnerability.

tags | exploit, bypass, file upload
advisories | CVE-2014-7237
MD5 | dceceb045eb6c46fa6ac570dc8bde33c
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close