exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-10-17

Drupal 7.x SQL Injection
Posted Oct 17, 2014
Authored by Milan Kragujevic

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.

tags | exploit, remote, php, sql injection
advisories | CVE-2014-3704
MD5 | 4374a49993ddf148ef027f0be432f32c
Fonality Trixbox CE 2.8.0.4 Command Execution
Posted Oct 17, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Fonality Trixbox CE version 2.8.0.4 remote root command execution exploit.

tags | exploit, remote, root
MD5 | 0efe032f6515514560d84d21da95eda8
Elastix 2.4.0 Stable XSS / CSRF / Command Execution
Posted Oct 17, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Elastix version 2.4.0 stable suffers from cross site request forgery, remote command execution, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
MD5 | 436cc831ab6baf8d50bf136fcfb7a699
Apple Security Advisory 2014-10-16-6
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-6 - iTunes 12.0.1 is now available and addresses 83 vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2909, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6635, CVE-2013-6663, CVE-2014-1268, CVE-2014-1269, CVE-2014-1270, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300
MD5 | 6bde2ad0eb4952e70784b33e32489a6e
Apple Security Advisory 2014-10-16-5
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-5 - OS X Server 2.2.5 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

tags | advisory
systems | apple, osx
advisories | CVE-2014-3566
MD5 | 73d7e20938fe0ef06beb7dfb15928912
Apple Security Advisory 2014-10-16-4
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-4 - OS X Server 3.2.2 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

tags | advisory
systems | apple, osx
advisories | CVE-2014-3566
MD5 | d4d3718bd2e79f4a19d808d3f1114c28
Apple Security Advisory 2014-10-16-3
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3919, CVE-2013-4164, CVE-2013-4854, CVE-2013-6393, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0591, CVE-2014-3566, CVE-2014-4406, CVE-2014-4424, CVE-2014-4446, CVE-2014-4447
MD5 | 12ebf98ae908c3acd7969b382f431f2e
Apple Security Advisory 2014-10-16-2
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-2 - Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

tags | advisory
systems | apple, osx
advisories | CVE-2014-3566
MD5 | 148e71da6a1ffdfa92c4982173517818
Apple Security Advisory 2014-10-16-1
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2391, CVE-2013-5150, CVE-2013-6438, CVE-2014-0098, CVE-2014-3537, CVE-2014-3566, CVE-2014-4351, CVE-2014-4364, CVE-2014-4371, CVE-2014-4373, CVE-2014-4375, CVE-2014-4380, CVE-2014-4388, CVE-2014-4391, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4417, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4425, CVE-2014-4426, CVE-2014-4427, CVE-2014-4428
MD5 | 2adae302e4ef7f6a5c226916830e3b3c
Debian Security Advisory 3053-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
MD5 | 17d1be55d6a98f064c9af263d3816592
Ubuntu Security Notice USN-2386-1
Posted Oct 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2386-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. CVE-2014-6531) Various other issues were also addressed.

tags | advisory, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | 26e5c86b01767cb2e462ceeb31f27625
Drupal Core 7.32 SQL Injection
Posted Oct 17, 2014
Authored by fyukyuk

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.

tags | exploit, remote, sql injection, python
advisories | CVE-2014-3704
MD5 | 1e5dc71fd7b0abe1041c10cd3b5d6936
Red Hat Security Advisory 2014-1658-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1658-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
MD5 | 0a0cbf44002ae8acbc45983999787596
Red Hat Security Advisory 2014-1657-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1657-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
MD5 | 05d6d5ed183c3a396d564794cbe55f40
Red Hat Security Advisory 2014-1654-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1654-01 - The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.

tags | advisory, remote, arbitrary, local, tcp
systems | linux, redhat
advisories | CVE-2014-3634
MD5 | c4c0860439553cf3c8feeb9033102525
Red Hat Security Advisory 2014-1655-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1655-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-3660
MD5 | 2e0eee60e21fe59474a70c6675e21f59
Ubuntu Security Notice USN-2385-1
Posted Oct 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2385-1 - It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3513, CVE-2014-3567
MD5 | 578d4694fc9a0d6e8b935665b23dac68
Red Hat Security Advisory 2014-1653-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1653-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat
MD5 | 014798a2058343cbb615028a2073cc51
Red Hat Security Advisory 2014-1652-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1652-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-3513, CVE-2014-3567
MD5 | dcd7717ed99576618ae2ecf41cb58bfd
Debian Security Advisory 3052-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3052-1 - Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.

tags | advisory, remote, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-3686
MD5 | d1081b371591f181ee47f45796310ec8
Slackware Security Advisory - openssl Updates
Posted Oct 17, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
MD5 | e79d76d4b1e205f85b719cb16a4bbd50
Debian Security Advisory 3051-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

tags | advisory, sql injection
systems | linux, debian
advisories | CVE-2014-3704
MD5 | 699b6ce677aa0c81fbfe82879530da48
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close