exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-11-06

Citrix NetScaler SOAP Handler Remote Code Execution
Posted Nov 6, 2014
Authored by juan vazquez, Bradley Austin | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config server can send a specially crafted response in order to trigger a memory corruption and overwrite data in the stack, to finally execute arbitrary code with the privileges of the web server running the SOAP handler. This Metasploit module has been tested successfully on the NetScaler Virtual Appliance 450010.

tags | exploit, web, arbitrary
MD5 | 50fd5418314c956c3c5642d8a9222485
Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write
Posted Nov 6, 2014
Authored by S. Viehbock | Site sec-consult.com

Symantec Endpoint Protection version 12.1.4023.4080 suffers from XXE injection, cross site scripting, and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, xxe
advisories | CVE-2014-3437, CVE-2014-3438, CVE-2014-3439
MD5 | f6fb226d1e2212ecf7f04c4de57782a7
ManageEngine EventLog Analyzer SQL / Credential Disclosure
Posted Nov 6, 2014
Authored by Pedro Ribeiro

ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2014-6038, CVE-2014-6039
MD5 | 36da78db6740e5b1b7920277a849d522
Gentoo Linux Security Advisory 201411-03
Posted Nov 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-3 - A buffer overflow in TigerVNC could result in execution of arbitrary code or Denial of Service. Versions less than 1.3.1 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0011
MD5 | 16a2be5f506174d750208b285dcde1d3
Gentoo Linux Security Advisory 201411-02
Posted Nov 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-2 - Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact. Versions less than 5.5.40 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-6464, CVE-2014-6469, CVE-2014-6491, CVE-2014-6494, CVE-2014-6496, CVE-2014-6500, CVE-2014-6507, CVE-2014-6555, CVE-2014-6559
MD5 | 722e78d85152a6def249af6dd4e236cd
Debian Security Advisory 3065-1
Posted Nov 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3065-1 - James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.

tags | advisory, java, arbitrary, spoof
systems | linux, debian
advisories | CVE-2013-2172
MD5 | 59f2186114c0c9af25b2e0bee20904e8
Cisco Security Advisory 20141105-rv
Posted Nov 6, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected command injection, file upload, and HTTP Referer header vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, web, vulnerability, file upload
systems | cisco
MD5 | 9a226a9d213390f0e37feb4758fcb180
RSA Web Threat Detection SQL Injection
Posted Nov 6, 2014
Site emc.com

RSA Web Threat Detection 4.x versions 4.6.1.1 and later contain a fix for SQL injection vulnerability that could be potentially exploited by a malicious user to compromise the affected system.

tags | advisory, web, sql injection
advisories | CVE-2014-4627
MD5 | a1056fcf58dee938932e1f07b6ca83df
Cisco RV Overwrite / CSRF / Command Execution
Posted Nov 6, 2014
Authored by Yorick Koster

The Cisco RV series suffers from arbitrary file overwrite, arbitrary command execution, and cross site request forgery vulnerabilities.

tags | advisory, arbitrary, vulnerability, csrf
systems | cisco
advisories | CVE-2014-2177, CVE-2014-2178, CVE-2014-2179
MD5 | 9d2b70d42c9ecf3d8eebcc624ffa0ece
Drupal 7 Videowhisper Cross Site Scripting
Posted Nov 6, 2014
Authored by Mahmoud Ghorbanzadeh

The Videowhisper module for Drupal 7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-8338
MD5 | 4a5eedcb13883f1e06160790a8e81537
i.Mage 1.11 Local Crash Proof Of Concept
Posted Nov 6, 2014
Authored by metacom

i.Mage version 1.11 local crash proof of concept exploit.

tags | exploit, local, proof of concept
MD5 | 17200c05bc3e61a1332e7d14581341cb
i-Ftp 2.20 Buffer Overflow
Posted Nov 6, 2014
Authored by metacom

i-Ftp version 2.2.0 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | 22c8c95e8afed919ecc9906fe01d0cdb
i.Hex 0.98 Local Crash Proof Of Concept
Posted Nov 6, 2014
Authored by metacom

i.Hex version 0.98 local crash proof of concept exploit.

tags | exploit, local, proof of concept
MD5 | 3398efbfd03e86d9a8d5a1bf55892f25
GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libmemusage.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
MD5 | 5bfa019bccab1a1cbfe528ca1cfd9fb9
GNU libc 2.12.1 LD_AUDIT libpcprofile.so Local Root
Posted Nov 6, 2014
Authored by Saeid Bostandoust

GNU libc versions 2.12.1 and below LD_AUDIT libpcprofile.so local root exploit.

tags | exploit, local, root
advisories | CVE-2010-3856
MD5 | cb2175ff5a52d9a12f33f318ce9d2286
DAVOSET 1.2.2
Posted Nov 6, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added support of https URL for target sites. Removed non-working services from full list of zombies.
tags | tool, denial of service
MD5 | fe20e0e0a4d5d8f686d12a72a76fea10
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close