what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2014-10-31

Xerox Multifunction Printers (MFP) "Patch" DLM Escalation
Posted Oct 31, 2014
Authored by Deral Heiland, Pete Bokojan Arzamendi | Site metasploit.com

This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.

tags | exploit, arbitrary, root
SHA-256 | f0660a3d09fcdb1e977b7a2ed03e9bcc85467482907cf22be2c2ec5a6986def7
Scalix Web Access 11.4.6.12377 / 12.2.0.14697 XXE Injection / XSS
Posted Oct 31, 2014
Authored by A. Kolmann, R. Giruckas | Site sec-consult.com

Scalix Web Access versions 11.4.6.12377 and 12.2.0.14697 suffer from cross site scripting and XXE injection vulnerabilities.

tags | advisory, web, vulnerability, xss, xxe
SHA-256 | 06005f4468db5341e14d28b6675844085a2d7dcf7832f80cd854ed5ae0b5f8e6
McAfee EEFF / FRP Predictable Salt
Posted Oct 31, 2014
Authored by Matthias Deeg | Site syss.de

The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).

tags | exploit
advisories | CVE-2014-8565
SHA-256 | 8261951c34c305270d9eea3e7893a1426d99695fcb894956108ffdb81005bff3
HP Security Bulletin HPSBUX03162 SSRT101767
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 6652a13d7c69ae6a2897c9474ac902a1366196ab08a094e82c693ce4abdb973b
HP Security Bulletin HPSBPI03147
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03147 - A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-7875
SHA-256 | 3253f74b9dfbfd88385a7efd4013942b78451133375742ae039538ac8dc7514b
HumHub Modules Mail 0.5.8 Cross Site Scripting
Posted Oct 31, 2014
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

HumHub Modules Mail version 0.5.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5d486d924cef38f35b58c66507a77a11c4516b8ab01de348c10b1725d2d00229
Ubuntu Security Notice USN-2396-1
Posted Oct 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2396-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647
SHA-256 | 1d4a66fe54824b3a2195cd038c40ef51592bd26fe3b58cb42617177ebcf73bf4
Debian Security Advisory 3060-1
Posted Oct 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3060-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-7207
SHA-256 | 0afeb11e0e11425c8fc0a72b1d9c7150c102cb8b37d56b7e26245c2aa0015544
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close