what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-29

EspoCRM 2.5.2 XSS / LFI / Access Control
Posted Oct 29, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2014-7985, CVE-2014-7986, CVE-2014-7987
SHA-256 | e33c9615c15deaf2aa5c5430c759697723b1f421e626c0389de5967685e1929a
Confluence RefinedWiki Original Theme Cross Site Scripting
Posted Oct 29, 2014
Authored by Manuel Hofer | Site sec-consult.com

Confluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f917e1fa23a7e5c921a521ba75b0eacfb0097970bf2bf78cc985cbf2ace18001
Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection
Posted Oct 29, 2014
Authored by Alexander Antukh, A. Baranov | Site sec-consult.com

Vizensoft admin panel suffers from authentication bypass, cross site scripting, remote shell upload, source code disclosure, missing password policy, and remote SQL injection vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss, sql injection
SHA-256 | 86c3d3136a47777dab5048f2131cfc777d265bca2bea04ee8b5d79dbaa6551d9
Joomla RD Download SQL Injection
Posted Oct 29, 2014
Authored by Claudio Viviani

Joomla RD Download component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f9d63dd2aa36dce348509d77140267a331a149cfa6a084b1c13b9c8fc1a423a9
Nuevolabs Nuevoplayer For Clipshare SQL Injection
Posted Oct 29, 2014
Authored by Cory Marsh

Nuevolabs Nuevoplayer for Clipshare suffer from privilege escalation and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-8339
SHA-256 | 6c44c70bde9d3e5c36c90b6ce3442b7c08e038b7b9f03afecb1fc03ded77a914
Mandriva Linux Security Advisory 2014-212
Posted Oct 29, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-212 - Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-4877
SHA-256 | bf0915948536e4eaf028020281ada0528221b6ad662a3169b50ade6d2b53bef7
ASUS Router Man-In-The-Middle
Posted Oct 29, 2014
Authored by David Longenecker

ASUS wireless router updates are vulnerable to a man-in-the-middle attack.

tags | advisory
advisories | CVE-2014-2718
SHA-256 | c1093c4d9e185b2da2cb611ca0367c395f6f46eb72eb2b177a6f7525b498c7d3
HP Security Bulletin HPSBUX03159 SSRT101785
Posted Oct 29, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03159 SSRT101785 - A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 1 of this advisory.

tags | advisory, denial of service, kernel, local
systems | hpux
advisories | CVE-2014-7877
SHA-256 | 7073fbb2e757fa637f62761488163b44a40ec047d44d0ecfe57f718f96ecacc3
Red Hat Security Advisory 2014-1728-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1728-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
SHA-256 | e2b3241999dec897f338bc0770e036f184abcc4c7a5b9d6473bd31baf45a1189
Red Hat Security Advisory 2014-1727-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1727-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Web Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for this update to take effect.

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
SHA-256 | 15815da67895245be3e60bd573a67f7aeab5d6b55d3bc7c5c19f31d5b000eeef
Red Hat Security Advisory 2014-1726-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1726-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
SHA-256 | 0237b57e863d67d1b8b7dec975e647ac269fb1ee78a854b030cf8bf8d4de8c2a
Red Hat Security Advisory 2014-1724-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1724-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

tags | advisory, remote, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-4653, CVE-2014-5077
SHA-256 | 85cc9187134cdbdffbc7fa557fe4ab543e024f48904dfc8d40361c7f5f430513
Google.lk Mapping Addition To /etc/hosts Shellcode
Posted Oct 29, 2014
Authored by Osanda Malith

110 byte shellcode that adds an entry for google.lk to /etc/hosts.

tags | shellcode
SHA-256 | 2a29f118b2f3d44252f36a47223954660e1741b17e76194ef86d6c3da1d82e4d
Debian Security Advisory 3050-2
Posted Oct 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3050-2 - DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of Firefox. In that version the xulrunner library is no longer included. This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate source package to ensure that packages build-depending on xulrunner remain buildable.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586
SHA-256 | 5ec2bfe89d0562b87530359b9b406a29b6a855d99713f0efbeda8f8776d79ced
Red Hat Security Advisory 2014-1725-01
Posted Oct 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1725-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. All users of Red Hat JBoss Enterprise Application Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for this update to take effect.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
SHA-256 | 1cbfb0360f124aa833830bb75c99434a7de7adc9ee4199ceb6bcb2b87b7fcd2e
Mandriva Linux Security Advisory 2014-211
Posted Oct 29, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-211 - A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases. Using the wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.

tags | advisory, remote, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-3686
SHA-256 | 8619ba2bae6b067797e91bc86b72d26d9bce9183aca7bbedd6fa6eb909629efb
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close