what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-11-06

Citrix NetScaler SOAP Handler Remote Code Execution
Posted Nov 6, 2014
Authored by juan vazquez, Bradley Austin | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config server can send a specially crafted response in order to trigger a memory corruption and overwrite data in the stack, to finally execute arbitrary code with the privileges of the web server running the SOAP handler. This Metasploit module has been tested successfully on the NetScaler Virtual Appliance 450010.

tags | exploit, web, arbitrary
SHA-256 | bbd94c2938c7acadc669fd040b87af734ca8b8359c12bfca9b43d24c4a997c1d
Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write
Posted Nov 6, 2014
Authored by S. Viehbock | Site sec-consult.com

Symantec Endpoint Protection version 12.1.4023.4080 suffers from XXE injection, cross site scripting, and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, xxe
advisories | CVE-2014-3437, CVE-2014-3438, CVE-2014-3439
SHA-256 | 8dac04a3f8aa31944840699e39fc5cb46e42c335bda4f13704749fd690e88f91
ManageEngine EventLog Analyzer SQL / Credential Disclosure
Posted Nov 6, 2014
Authored by Pedro Ribeiro

ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2014-6038, CVE-2014-6039
SHA-256 | ae0902d2d1251e6a705e5a528c9450f71f486b0f84a93f3094c7c09f8e7737f8
Gentoo Linux Security Advisory 201411-03
Posted Nov 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-3 - A buffer overflow in TigerVNC could result in execution of arbitrary code or Denial of Service. Versions less than 1.3.1 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0011
SHA-256 | b073aee4551bd72c8c4bbf7ee9d7c42615f3c8a969ea10af0a9391988833aa27
Gentoo Linux Security Advisory 201411-02
Posted Nov 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-2 - Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact. Versions less than 5.5.40 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-6464, CVE-2014-6469, CVE-2014-6491, CVE-2014-6494, CVE-2014-6496, CVE-2014-6500, CVE-2014-6507, CVE-2014-6555, CVE-2014-6559
SHA-256 | 5f251e50b878174d7bc4568d3ff14b1bcab1874c8fb5cf08f449d6b1e385516f
Debian Security Advisory 3065-1
Posted Nov 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3065-1 - James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.

tags | advisory, java, arbitrary, spoof
systems | linux, debian
advisories | CVE-2013-2172
SHA-256 | 6e89175532485730458cb520d71d4b1db3edc265c80ec17d9f05f7cc7139ac15
Cisco Security Advisory 20141105-rv
Posted Nov 6, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected command injection, file upload, and HTTP Referer header vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, web, vulnerability, file upload
systems | cisco
SHA-256 | 074c5244c703eb706e792432e8736563183ab1183dbd8911bff53a4484edeb24
RSA Web Threat Detection SQL Injection
Posted Nov 6, 2014
Site emc.com

RSA Web Threat Detection 4.x versions 4.6.1.1 and later contain a fix for SQL injection vulnerability that could be potentially exploited by a malicious user to compromise the affected system.

tags | advisory, web, sql injection
advisories | CVE-2014-4627
SHA-256 | 1e32f5d6f291e57ecd586c69517340eb2c45d4eecf5641798bbf4008f787e27d
Cisco RV Overwrite / CSRF / Command Execution
Posted Nov 6, 2014
Authored by Yorick Koster

The Cisco RV series suffers from arbitrary file overwrite, arbitrary command execution, and cross site request forgery vulnerabilities.

tags | advisory, arbitrary, vulnerability, csrf
systems | cisco
advisories | CVE-2014-2177, CVE-2014-2178, CVE-2014-2179
SHA-256 | ab1cc7e024746d65f1cc4a6bf8683bd942b18bb262e9cd877a1b315a168cf955
Drupal 7 Videowhisper Cross Site Scripting
Posted Nov 6, 2014
Authored by Mahmoud Ghorbanzadeh

The Videowhisper module for Drupal 7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-8338
SHA-256 | 55a4861f40bc38c6000abe600f7ee9ed4eaa6cd89d223aadc33cbc3a11d9369e
i.Mage 1.11 Local Crash Proof Of Concept
Posted Nov 6, 2014
Authored by metacom

i.Mage version 1.11 local crash proof of concept exploit.

tags | exploit, local, proof of concept
SHA-256 | 86c765b9b4c7493cc65a4f4d4296a2de0d3424f1b7c6325cb4ed015dcfdea687
i-Ftp 2.20 Buffer Overflow
Posted Nov 6, 2014
Authored by metacom

i-Ftp version 2.2.0 SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | f7332d1ce10e41508fcb2fe9005e87b836e9bf62dc75119737fe6e9ddc96d0f9
i.Hex 0.98 Local Crash Proof Of Concept
Posted Nov 6, 2014
Authored by metacom

i.Hex version 0.98 local crash proof of concept exploit.

tags | exploit, local, proof of concept
SHA-256 | b6538cb584c67bc25846bab1b7d3964fcf00e51a6b5f44d7ff51536b5bcdb80f
GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libmemusage.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
SHA-256 | b0f0cc6fe6c822efac1097b42f5743176fc7620d8aed638fb40cc3cbfc95d1e5
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libpcprofile.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
SHA-256 | 11997246f78036a9735342aed99ef6bbde5fdf224f85ba7703ee81308de43bad
DAVOSET 1.2.2
Posted Nov 6, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added support of https URL for target sites. Removed non-working services from full list of zombies.
tags | tool, denial of service
SHA-256 | d782a39561977125bdd2c55947528d4192d83bff98d8ce422dfff9b166ade699
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close