seeing is believing
Showing 1 - 25 of 27 RSS Feed

Files Date: 2014-11-07

Visual Mining NetCharts Server Remote Code Execution
Posted Nov 7, 2014
Authored by juan vazquez, sghctoma | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.

tags | exploit, web, arbitrary, vulnerability
advisories | CVE-2014-8516
MD5 | 9adc01164300d04c73c3df932cac291b
PayPal MultiOrder Shipping Cross Site Scripting
Posted Nov 7, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

PayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6c75fc81cad362ea781fefc3b957da78
BookFresh Persistent Cross Site Scripting
Posted Nov 7, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

BookFresh suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 966a2812c3254acfc7af4d5da588d6f0
OX App Suite 7.6.0 SQL Injection
Posted Nov 7, 2014
Authored by Martin Heiland

OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-7871
MD5 | 688e3e9eb49ee93380a01d210c91dbc5
SeasonApps iTransfer 1.1 Script Insertion
Posted Nov 7, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SeasonApps iTransfer version 1.1 suffers from a persistent script insertion vulnerability.

tags | exploit
MD5 | ec969ab213f1beb76652abbf15858684
CA Cloud Service Management Replay / XXE / Token Verification
Posted Nov 7, 2014
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a remote attacker to access user sessions, gain sensitive information, or cause a denial of service condition. CA Technologies fixed these vulnerabilities in all production environments as part of the Cloud Service Management Summer 2014 Upgrade.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-8471, CVE-2014-8472, CVE-2014-8473, CVE-2014-8474
MD5 | 7f90b23d1d5c4571487da03c4e2f0d98
ZTE ZXDSL 831 Cross Site Scripting
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9021, CVE-2014-9020
MD5 | 9ad305c0da6a5583fd4d4369ae2e4d5e
ZTE 831CII Hardcoded Credential / XSS / CSRF
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9020, CVE-2014-9019, CVE-2014-9183
MD5 | df8f43f4159d318dcf19e40ea73398e0
ZTE ZXDSL 831CII Insecure Direct Object Reference
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.

tags | exploit
advisories | CVE-2014-9184
MD5 | 86a0b0892af7534612c8be4f2ce5105c
Debian Security Advisory 3067-1
Posted Nov 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3067-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2014-3689, CVE-2014-7815
MD5 | 67d54bac24b12ffa451248774773ecf0
Debian Security Advisory 3068-1
Posted Nov 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3068-1 - It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption.

tags | advisory
systems | linux, debian
advisories | CVE-2014-8483
MD5 | d8987045dd0af8abd1dd26109a3ef93f
Debian Security Advisory 3066-1
Posted Nov 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3066-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3689, CVE-2014-7815
MD5 | 5a3294b6284e6df5bd90ccdf5807dfa0
Hesperbot Detection Scanner 1.0
Posted Nov 7, 2014
Authored by Mert SARICA | Site mertsarica.com

Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.

tags | tool, trojan
systems | windows
MD5 | 6e50932089aaee64f33c7521af785baa
MINIX 3.3.0 Local Denial Of Service
Posted Nov 7, 2014
Authored by nitr0us

MINIX version 3.3.0 suffers from multiple local denial of service vulnerabilities.

tags | exploit, denial of service, local, vulnerability
systems | linux, minix
MD5 | db9a2a45cd595357a906b021b8f72576
Digital Whisper Electronic Magazine #55
Posted Nov 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 55. Written in Hebrew.

tags | magazine
MD5 | ab4784118e7acf3a4b1843c4de9e0660
Digital Whisper Electronic Magazine #54
Posted Nov 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 54. Written in Hebrew.

tags | magazine
MD5 | 10fa5a295748f4754781dd139e9c2383
Digital Whisper Electronic Magazine #53
Posted Nov 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 53. Written in Hebrew.

tags | magazine
MD5 | 7bbb0c8e4286e89cca1403196874f58b
Joomla/WordPress XCloner Command Execution / Password Disclosure
Posted Nov 7, 2014
Authored by Larry W. Cashdollar

XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, bypass, info disclosure
advisories | CVE-2014-8603, CVE-2014-8604, CVE-2014-8605, CVE-2014-8606, CVE-2014-8607
MD5 | 98cbc5d41945852cbbd4c755d5e27c98
JExperts Tecnologia / Channel Software Privilege Escalation
Posted Nov 7, 2014
Authored by Luciano Pedreira

JExperts Tecnologia / Channel software version 5.0.33_CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request.

tags | exploit
advisories | CVE-2014-8558
MD5 | 9d8d3235629147b5fe596bca7ebfda41
JExperts Tecnologia / Channel Software Cross Site Scripting
Posted Nov 7, 2014
Authored by Luciano Pedreira

JExperts Tecnologia / Channel software version 5.0.33_CCB suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-8557
MD5 | 8a64645c19fd63cc6298a3df431e2a92
PicsArt Photo Studio For Android Insecure Management
Posted Nov 7, 2014
Authored by Will Dormann, Joaquin Manuel Rinaudo

PicsArt Photo Studio for Android fails to properly validate SSL certificates from the server.

tags | exploit
advisories | CVE-2014-5674
MD5 | a0fee6b13effd17282e386ea6768b9ec
Red Hat Security Advisory 2014-1821-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1821-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.2 Downloads page on the Customer Portal.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-4002
MD5 | baa89865ebf7e161fe682dab4109233d
Red Hat Security Advisory 2014-1825-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1825-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-8626
MD5 | 2906602a3fb2784fbe17986a0ec8b630
Red Hat Security Advisory 2014-1824-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1824-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3669, CVE-2014-3670, CVE-2014-8626
MD5 | 676830ad34b2e52446a0e6f79b36c437
Red Hat Security Advisory 2014-1822-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1822-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.2 Downloads page on the Customer Portal.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-4002
MD5 | 039800e356177dac6482baf5a8147f9a
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close