exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2014-11-07

Visual Mining NetCharts Server Remote Code Execution
Posted Nov 7, 2014
Authored by juan vazquez, sghctoma | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.

tags | exploit, web, arbitrary, vulnerability
advisories | CVE-2014-8516
SHA-256 | 8a3b765845b48b56bd638e90b38b71b9b937f492e8f972a8b7552ad9f1f4c4ec
PayPal MultiOrder Shipping Cross Site Scripting
Posted Nov 7, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5a555cb13c0843865e07033eaedb436a8099f4e34444c8759e1631d75586f410
BookFresh Persistent Cross Site Scripting
Posted Nov 7, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

BookFresh suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 91e749731d9d6e88e3a23f12ded9479d506b87d60cf3ea412ed286b913acf976
OX App Suite 7.6.0 SQL Injection
Posted Nov 7, 2014
Authored by Martin Heiland

OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-7871
SHA-256 | e90b305cda305ae3ab8aaa3cf59b529eb43f81db98e02e577ac0b8865f49f4a4
SeasonApps iTransfer 1.1 Script Insertion
Posted Nov 7, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SeasonApps iTransfer version 1.1 suffers from a persistent script insertion vulnerability.

tags | exploit
SHA-256 | 6de3ff0e2130dc46614a1f6f6ef6b0c725033d8a51f2fcc96c206afc0f31338a
CA Cloud Service Management Replay / XXE / Token Verification
Posted Nov 7, 2014
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a remote attacker to access user sessions, gain sensitive information, or cause a denial of service condition. CA Technologies fixed these vulnerabilities in all production environments as part of the Cloud Service Management Summer 2014 Upgrade.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-8471, CVE-2014-8472, CVE-2014-8473, CVE-2014-8474
SHA-256 | 6465c1444ccccd81a603a3afa6eb48fd40271ac3b5769ccef772beba4287b337
ZTE ZXDSL 831 Cross Site Scripting
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9021, CVE-2014-9020
SHA-256 | fea9ea0557fdb4cf4949d6b661ca6949f9f891e48e62dfa0a42fcc32b6ace91e
ZTE 831CII Hardcoded Credential / XSS / CSRF
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9020, CVE-2014-9019, CVE-2014-9183
SHA-256 | 71cb47b2c17ef7f0dfffab54cfb391823034e3c990567867983eacd51e01d6ca
ZTE ZXDSL 831CII Insecure Direct Object Reference
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.

tags | exploit
advisories | CVE-2014-9184
SHA-256 | 1f03cc0b111dd69b400b5bc45c9417e5af28680d6acb649fecfb52fffe14bd19
Debian Security Advisory 3067-1
Posted Nov 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3067-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2014-3689, CVE-2014-7815
SHA-256 | bae8184d28773efc0a9ada0165192aed9ed93505d36ada9b6e91c8e8e62d0d99
Debian Security Advisory 3068-1
Posted Nov 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3068-1 - It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption.

tags | advisory
systems | linux, debian
advisories | CVE-2014-8483
SHA-256 | 77c8aad5769ad1c0e6cb3fcce95d3006aa1daa05d1cc23b4acfa72eff2075c29
Debian Security Advisory 3066-1
Posted Nov 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3066-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3689, CVE-2014-7815
SHA-256 | cc7e4bf973603b22929a3001501a664de8cea19fff8e2e523e37a0b84ec81030
Hesperbot Detection Scanner 1.0
Posted Nov 7, 2014
Authored by Mert SARICA | Site mertsarica.com

Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.

tags | tool, trojan
systems | windows
SHA-256 | 6d299a549ca5dfd7255b3510e21d39e614b9f59e815d2497bf301a3162f3c0e6
MINIX 3.3.0 Local Denial Of Service
Posted Nov 7, 2014
Authored by nitr0us

MINIX version 3.3.0 suffers from multiple local denial of service vulnerabilities.

tags | exploit, denial of service, local, vulnerability
systems | linux, minix
SHA-256 | 40086fc74c8599d4596dfbb864da460b250c6d49623833b63a455feef026b081
Digital Whisper Electronic Magazine #55
Posted Nov 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 55. Written in Hebrew.

tags | magazine
SHA-256 | d96939b872736d2145fdd67588089e648316f8ce307b3b2370b43769c8bd9dfb
Digital Whisper Electronic Magazine #54
Posted Nov 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 54. Written in Hebrew.

tags | magazine
SHA-256 | a63a4d1f636877790985da449b5314681c51bc611baa9188d40627a53760d425
Digital Whisper Electronic Magazine #53
Posted Nov 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 53. Written in Hebrew.

tags | magazine
SHA-256 | 797f3fbd84093184846efcaa39778f793c612163f0d32bc69255de1c18fd579b
Joomla/WordPress XCloner Command Execution / Password Disclosure
Posted Nov 7, 2014
Authored by Larry W. Cashdollar

XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, bypass, info disclosure
advisories | CVE-2014-8603, CVE-2014-8604, CVE-2014-8605, CVE-2014-8606, CVE-2014-8607
SHA-256 | e7e9c754e4fa53a92070a86a3d88269734cc1335edab813113e839335bc770af
JExperts Tecnologia / Channel Software Privilege Escalation
Posted Nov 7, 2014
Authored by Luciano Pedreira

JExperts Tecnologia / Channel software version 5.0.33_CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request.

tags | exploit
advisories | CVE-2014-8558
SHA-256 | 7aff36e4cf741bb7db715ed818be9b22aed7fa287558b072d0b73a42928a7fc7
JExperts Tecnologia / Channel Software Cross Site Scripting
Posted Nov 7, 2014
Authored by Luciano Pedreira

JExperts Tecnologia / Channel software version 5.0.33_CCB suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-8557
SHA-256 | 45de1500267e2c3e2ec64b5ed5fd34967f1303d4012b683380d0bd45838b6353
PicsArt Photo Studio For Android Insecure Management
Posted Nov 7, 2014
Authored by Will Dormann, Joaquin Manuel Rinaudo

PicsArt Photo Studio for Android fails to properly validate SSL certificates from the server.

tags | exploit
advisories | CVE-2014-5674
SHA-256 | 1bf0140231dd801b791db063a9b62942dddc247abd91aa4eb0d822492a0ab76e
Red Hat Security Advisory 2014-1821-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1821-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.2 Downloads page on the Customer Portal.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-4002
SHA-256 | f2609e89f58dfa7bbcdc107660ad255b12dca128ff5fc1564498d7cdd236a511
Red Hat Security Advisory 2014-1825-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1825-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-8626
SHA-256 | af4d6677626c40cb17a5ade0ef2b7c4ef73254b2c9ac2b56e06ae9da44f8d41f
Red Hat Security Advisory 2014-1824-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1824-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3669, CVE-2014-3670, CVE-2014-8626
SHA-256 | afb923d69c257b65afa46f53daa961594d16f5573cecfb0010d771070312d295
Red Hat Security Advisory 2014-1822-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1822-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.2 Downloads page on the Customer Portal.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-4002
SHA-256 | 8ca822e87268f9242ff2279c20b05b30ff7f3407f35ee3cd1316a671c01ac234
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close