what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-29

EspoCRM 2.5.2 XSS / LFI / Access Control
Posted Oct 29, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2014-7985, CVE-2014-7986, CVE-2014-7987
MD5 | 6d3526d415f07821621503e79ba586d0
Confluence RefinedWiki Original Theme Cross Site Scripting
Posted Oct 29, 2014
Authored by Manuel Hofer | Site sec-consult.com

Confluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 41ef09eddf4a336af9a4729f9a2db14b
Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection
Posted Oct 29, 2014
Authored by Alexander Antukh, A. Baranov | Site sec-consult.com

Vizensoft admin panel suffers from authentication bypass, cross site scripting, remote shell upload, source code disclosure, missing password policy, and remote SQL injection vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss, sql injection
MD5 | 3dab7cf90e72889148baffe86c7a36ff
Joomla RD Download SQL Injection
Posted Oct 29, 2014
Authored by Claudio Viviani

Joomla RD Download component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3fdcf85c29196d21ef907436b776b5e8
Nuevolabs Nuevoplayer For Clipshare SQL Injection
Posted Oct 29, 2014
Authored by Cory Marsh

Nuevolabs Nuevoplayer for Clipshare suffer from privilege escalation and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-8339
MD5 | bd94d7ea9b8d81bedd2772b675062f88
Mandriva Linux Security Advisory 2014-212
Posted Oct 29, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-212 - Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-4877
MD5 | 931fda509d7a38df653d0ca7a16927b7
ASUS Router Man-In-The-Middle
Posted Oct 29, 2014
Authored by David Longenecker

ASUS wireless router updates are vulnerable to a man-in-the-middle attack.

tags | advisory
advisories | CVE-2014-2718
MD5 | 3345812c5ddbe70df581e6006c087749
HP Security Bulletin HPSBUX03159 SSRT101785
Posted Oct 29, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03159 SSRT101785 - A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 1 of this advisory.

tags | advisory, denial of service, kernel, local
systems | hpux
advisories | CVE-2014-7877
MD5 | 0eea398cf103f810f07b2e214b615c49
Red Hat Security Advisory 2014-1728-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1728-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
MD5 | 51d9331b054b38a04f0cb58012bea662
Red Hat Security Advisory 2014-1727-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1727-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Web Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for this update to take effect.

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
MD5 | 108b58b4580825a446f80b58a869e2e5
Red Hat Security Advisory 2014-1726-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1726-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
MD5 | e2741e3fc4d80b0016552b1503e391ed
Red Hat Security Advisory 2014-1724-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1724-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

tags | advisory, remote, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-4653, CVE-2014-5077
MD5 | 72cca11780df14996eb4458d26accc97
Google.lk Mapping Addition To /etc/hosts Shellcode
Posted Oct 29, 2014
Authored by Osanda Malith

110 byte shellcode that adds an entry for google.lk to /etc/hosts.

tags | shellcode
MD5 | 85e4f105321ffc287c48abd2f572fa33
Debian Security Advisory 3050-2
Posted Oct 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3050-2 - DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of Firefox. In that version the xulrunner library is no longer included. This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate source package to ensure that packages build-depending on xulrunner remain buildable.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586
MD5 | 3b9c7cd028e57f12b7dbe42812e5c243
Red Hat Security Advisory 2014-1725-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1725-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Application Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for this update to take effect.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
MD5 | 43c1fe5ac0e0a7d15a61111ea88d5876
Mandriva Linux Security Advisory 2014-211
Posted Oct 29, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-211 - A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases. Using the wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.

tags | advisory, remote, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-3686
MD5 | 9b6d5cc1853814b6d1e0b40dfb96c0f7
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close