exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-13

DNS Reverse Lookup Shellshock
Posted Oct 13, 2014
Authored by Dirk-Willem van Gulik, Stephane Chazelas

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.

tags | exploit, bash
advisories | CVE-2014-3671, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 6385a3fffc56c9fb074a8644a4532ebf
Red Hat Security Advisory 2014-1400-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1400-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2014-3529, CVE-2014-3574
MD5 | 4b89cf173c1a2948495d7ac4b7aee285
Red Hat Security Advisory 2014-1399-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1399-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2014-3529, CVE-2014-3574
MD5 | 1fc7d1c47f294d4cf57ed44d58b91342
Red Hat Security Advisory 2014-1398-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1398-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2014-3529, CVE-2014-3574
MD5 | bc6726e26feab46461943a79ccf66da1
Red Hat Security Advisory 2014-1397-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1397-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.

tags | advisory, remote, arbitrary, local, tcp
systems | linux, redhat
advisories | CVE-2014-3634
MD5 | e5fc38b46449219c724001cea39135d8
CMS Subkarma Cross Site Scripting / SQL Injection
Posted Oct 13, 2014
Authored by Renzi

CMS Subkarma suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6c781b5928b133c48446121edd2d658a
Pagekit 0.8.7 Cross Site Scripting / Open Redirect
Posted Oct 13, 2014
Authored by Mahendra

Pagekit version 0.8.7 suffers from cross site scripting and open redirect vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8069, CVE-2014-8070
MD5 | fe0e2002042f88b0e9cebd5bb5f65c79
Croogo 2.0.0 Arbitrary PHP Code Execution
Posted Oct 13, 2014
Authored by LiquidWorm | Site zeroscience.mk

Croogo version 2.0.0 remote arbitrary PHP code execution exploit.

tags | exploit, remote, arbitrary, php, code execution
MD5 | 45e5fb690c91a6792aab921095e0f332
Croogo 2.0.0 Cross Site Scripting
Posted Oct 13, 2014
Authored by LiquidWorm | Site zeroscience.mk

Croogo version 2.0.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c6b37d04dc76fee0eab90e7808691b2f
Android Browser CSP Bypass
Posted Oct 13, 2014
Authored by Evan Johns

Android browser versions prior to 4.4 suffer from a content security policy bypass vulnerability.

tags | exploit, bypass
MD5 | 9ac4eda7c41b0a6e1b2468075ce4f890
Gentoo Linux Security Advisory 201410-02
Posted Oct 13, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201410-2 - Multiple vulnerabilities have been found in Perl Locale-Maketext module, allowing remote attackers to inject and execute arbitrary Perl code. Versions prior to 1.230.0 are affected.

tags | advisory, remote, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6329
MD5 | e65faf0ade818c9256ca3a7b56e696ad
HP Security Bulletin HPSBMU02895 SSRT101253 4
Posted Oct 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 4 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 4 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | 3f22da634343a78196e2f38177606169
vBulletin 4.x SQL Injection
Posted Oct 13, 2014
Authored by oststrom

vBulletin version 4.x suffers from a remote SQL injection vulnerability via the xmlrpc API.

tags | exploit, remote, sql injection
advisories | CVE-2014-2022
MD5 | e6bdda4ab56e04055a0d60917518e24a
Paypal Community Help Forums Cross Site Scripting
Posted Oct 13, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Paypal Community Help Forums suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bd7437fb776321d278ebf6b6d482aab3
Etiko CMS Cross Site Scripting / SQL Injection
Posted Oct 13, 2014
Authored by Renzi

Etiko CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4b2823e354c4ef1b1a154cd0c75b5cf7
MVO - Maquina Vendas Online SQL Injection
Posted Oct 13, 2014
Authored by Renzi

Sites powered by MVO - Maquina Vendas suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | b37f70fe6721d82828dbdfa84749586a
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close