what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files Date: 2014-10-10

SAP BusinessObjects Explorer 14.0.5 XXE Injection
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer version 14.0.5 is vulnerable to XML External Entity (XXE) attacks. This vulnerability could be triggered by an unauthenticated user, as the login request uses vulnerable XML processing as well.

tags | exploit, xxe
MD5 | b30595e8d6c7a08fb6721d72d226bfff
neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure
Posted Oct 10, 2014
Authored by Philipp Promeuschel

neuroML version 1.8.1 suffers from cross site scripting, local file inclusion, XXE injection, and path disclosure vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion, xxe
MD5 | e7ec84df8e0f06093e62ccecbe771abd
Red Hat Security Advisory 2014-1371-01
Posted Oct 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1371-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-1568
MD5 | 33e0cf418ab06560de4630dacf276e48
SAP BusinessObjects Explorer 14.0.5 Information Disclosure
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer version 14.0.5 does not validate the user defined inputs of parameter CMS name, which consists of a host name and port number. This can be used to perform a port scan within the network range where the BusinessObject Explorer server is located. This vulnerability could be triggered as unauthenticated user.

tags | exploit, info disclosure
MD5 | c6ca785e4c1bfaea37b329f3cec146f0
SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer 14.0.5 suffers from a cross site flashing vulnerability. It is possible to directly load and display the com_businessobjects_polestar_bootstrap.swf Flash file and specify a configUrl. This requires the victim to be logged and the attacker needs to know the /webres/ URL, which is known as soon as the attacker is in possession of valid credentials. The configuration file specified in the configURL parameter may reside on a foreign host. The configuration file itself may contain URLs of further Flash files residing on a foreign domain. If successful, the victim loads foreign Flash files, which leads to Cross Site Flashing.

tags | exploit
MD5 | da891f95df0c07e7c3e6e7325ba29d52
Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation
Posted Oct 10, 2014
Authored by LiquidWorm | Site zeroscience.mk

The O2 Connection Manager's service suffers from an unquoted search path issue impacting the Import WiFi 'TGCM_ImportWiFiSvc' service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | 81b82e6ff0c16b43b4e87e78b4d57923
Telefonica O2 Connection Manager 3.4 Local Privilege Escalation
Posted Oct 10, 2014
Authored by LiquidWorm | Site zeroscience.mk

O2 Connection Manager suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable files with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'O2 Connection Manager' and its files and sub-dirs world-writable.

tags | exploit
MD5 | 4d033bd9ea18075264665e2c94456f52
WordPress Google Calendar Events 2.0.1 Cross Site Scripting
Posted Oct 10, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Google Calendar Events plugin version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7138
MD5 | 95118b045e6add7313796d1391bed47b
WordPress Contact Form DB 2.8.13 Cross Site Scripting
Posted Oct 10, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Contact Form DB plugin version 2.8.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7139
MD5 | cf4fe085fd044fb52226477f8f5ca213
Microsoft Security Bulletin Summary For October, 2014
Posted Oct 10, 2014
Site microsoft.com

This bulletin summary lists nine released Microsoft security bulletins for October, 2014.

tags | advisory
MD5 | b6153774719efcc9d4e20a5a8d29eac1
Twiki Perl Code Execution
Posted Oct 10, 2014
Authored by Peter Thoeny

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution.

tags | exploit, arbitrary, perl, code execution
advisories | CVE-2014-7236
MD5 | f6bd86cf1ce91b013111856c03894bcf
Twiki Upload Bypass
Posted Oct 10, 2014
Authored by Peter Thoeny

Twiki versions 4.x, 5.x, and 6.0.0 suffer from a file upload bypass vulnerability.

tags | exploit, bypass, file upload
advisories | CVE-2014-7237
MD5 | dceceb045eb6c46fa6ac570dc8bde33c
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close