exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-10-17

Drupal 7.x SQL Injection
Posted Oct 17, 2014
Authored by Milan Kragujevic

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.

tags | exploit, remote, php, sql injection
advisories | CVE-2014-3704
SHA-256 | 6a679975d4aedf7fae60ac5967b6a7a0f2df824c655818737129b9469834931c
Fonality Trixbox CE 2.8.0.4 Command Execution
Posted Oct 17, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Fonality Trixbox CE version 2.8.0.4 remote root command execution exploit.

tags | exploit, remote, root
SHA-256 | 37be986cf876ccaeeff113b8575da5c0d9a70d6ad2253355f5082b862e78427e
Elastix 2.4.0 Stable XSS / CSRF / Command Execution
Posted Oct 17, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Elastix version 2.4.0 stable suffers from cross site request forgery, remote command execution, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | 8b5108f6111986793120f2a9ec3c7cb7deb711b87ffc01d8c642ebe1b8a84788
Apple Security Advisory 2014-10-16-6
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-6 - iTunes 12.0.1 is now available and addresses 83 vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2909, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6635, CVE-2013-6663, CVE-2014-1268, CVE-2014-1269, CVE-2014-1270, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300
SHA-256 | 7e4d7dae770b07ddc94042deda015ef003c365191451010b3a4c97cff9ce09c1
Apple Security Advisory 2014-10-16-5
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-5 - OS X Server 2.2.5 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

tags | advisory
systems | apple, osx
advisories | CVE-2014-3566
SHA-256 | 5af3c877f1c0f7d56b5fe70975205827cf0ded076d78c6619f9d8839c352a4e2
Apple Security Advisory 2014-10-16-4
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-4 - OS X Server 3.2.2 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

tags | advisory
systems | apple, osx
advisories | CVE-2014-3566
SHA-256 | 46ba22480de002e7aed6c88a776898ea8e7ee920e853511780e2c3865417a2af
Apple Security Advisory 2014-10-16-3
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3919, CVE-2013-4164, CVE-2013-4854, CVE-2013-6393, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0591, CVE-2014-3566, CVE-2014-4406, CVE-2014-4424, CVE-2014-4446, CVE-2014-4447
SHA-256 | 1dbaa2d9e56d6c022558d94920c0f6e967f065a4281ff33a22add0e19be6d2f7
Apple Security Advisory 2014-10-16-2
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-2 - Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

tags | advisory
systems | apple, osx
advisories | CVE-2014-3566
SHA-256 | 0b9d9a49021e62db5c8e59801aa541c3c5172c5054a36da24cf3d99dcb08789a
Apple Security Advisory 2014-10-16-1
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2391, CVE-2013-5150, CVE-2013-6438, CVE-2014-0098, CVE-2014-3537, CVE-2014-3566, CVE-2014-4351, CVE-2014-4364, CVE-2014-4371, CVE-2014-4373, CVE-2014-4375, CVE-2014-4380, CVE-2014-4388, CVE-2014-4391, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4417, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4425, CVE-2014-4426, CVE-2014-4427, CVE-2014-4428
SHA-256 | e17fe6daa6716a8bb996f53f3b9274ff95d249dbc94abe68b17bc7bb23482ad5
Debian Security Advisory 3053-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | be5632a50e45f3cb615e3418c715bac89d088636f75a6a4d5e8803d38f0c311a
Ubuntu Security Notice USN-2386-1
Posted Oct 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2386-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. CVE-2014-6531) Various other issues were also addressed.

tags | advisory, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
SHA-256 | 27516fbfd3750f2c8ef45e526f6e9b25fa9a981360faaca853fc7f641418c225
Drupal Core 7.32 SQL Injection
Posted Oct 17, 2014
Authored by fyukyuk

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.

tags | exploit, remote, sql injection, python
advisories | CVE-2014-3704
SHA-256 | f2134892d4d8b5b802d94df2c65358a4666289ce2461ddd91028b87140992ab9
Red Hat Security Advisory 2014-1658-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1658-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 74b34328e206bb3ad082c05fff6d4e9b00b70ae5ff34acd205d0fe4dab6419bb
Red Hat Security Advisory 2014-1657-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1657-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 28be6a9b543d73b1ba4ad3c71920043df3d3709d7b4226afe1d43d157a769f7f
Red Hat Security Advisory 2014-1654-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1654-01 - The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.

tags | advisory, remote, arbitrary, local, tcp
systems | linux, redhat
advisories | CVE-2014-3634
SHA-256 | 87bba9d1f39138957704d3a4f521e4a6b01131482af912c7930d56c972a3f1dd
Red Hat Security Advisory 2014-1655-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1655-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-3660
SHA-256 | 4038436fb1347453ca94b8107b527a57e5053e1cf0610a20dce061db372601dd
Ubuntu Security Notice USN-2385-1
Posted Oct 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2385-1 - It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3513, CVE-2014-3567
SHA-256 | 3610dab117a43a7b9293af9e167e8bb4af5e8135c2525ce5ca35b38b19320408
Red Hat Security Advisory 2014-1653-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1653-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat
SHA-256 | a790a29bfcef0c25940281bfcea5357db81f4157e9e72d1c827710ad3b781364
Red Hat Security Advisory 2014-1652-01
Posted Oct 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1652-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-3513, CVE-2014-3567
SHA-256 | 1ea510abd5c281438bbcbb59438daf1e162e8b1f81ee81f34c73370873c4fe7d
Debian Security Advisory 3052-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3052-1 - Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.

tags | advisory, remote, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-3686
SHA-256 | 753b9e912256fa78da742abe670ee67537c6c4abcae01ccf1d07b62619d1837f
Slackware Security Advisory - openssl Updates
Posted Oct 17, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 0cadf5356b8ab0e92a415510de66dc400ae0d423de69ab42a4d1237f20e2785c
Debian Security Advisory 3051-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

tags | advisory, sql injection
systems | linux, debian
advisories | CVE-2014-3704
SHA-256 | b58ac7fafe37dea51b8061aebe0fc05e4f3aa3ce9d45c41142522595831636d3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close