what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-11-12

Lantronix xPrintServer Remote Command Execution / CSRF
Posted Nov 12, 2014
Authored by Jim Bauwens

Lantronix xPrintServer suffers from remote command execution and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, csrf
MD5 | 7958573fdf10f5cb0982815993697533
PHPMemcachedAdmin 1.2.2 Remote Code Execution
Posted Nov 12, 2014

PHPMemcachedAdmin versions 1.2.2 and below suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2014-8731
MD5 | 2a1cd6af83e6916e34ad603fd2040515
CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption
Posted Nov 12, 2014
Authored by LiquidWorm | Site zeroscience.mk

CorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions. Affected versions include 17.1.0.572 (X7) - 32bit/64bit (EN) and 15.0.0.486 (X5) - 32bit (EN).

tags | exploit, arbitrary
systems | linux
MD5 | 752cfdfa2aec66a59e07f8732745b76b
F5 BIG-IP 10.1.0 Directory Traversal
Posted Nov 12, 2014
Authored by Anastasios Monachos

F5 BIG-IP version 10.1.0 suffers from a directory traversal vulnerability that can allow an authenticated user the ability to delete any system file and enumerate their existence.

tags | exploit
advisories | CVE-2014-8727
MD5 | ca79e6515f511f71def0bf42d3b119a4
SAP GRC Bypass / Privilege Escalation / Program Execution
Posted Nov 12, 2014
Authored by Ertunga Arsal, Mert Suoglu | Site esnc.de

SAP Governance, Risk and Compliance (SAP GRC) suffers from SoD bypass, privilege escalation, and remote arbitrary program execution vulnerabilities.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2013-3678
MD5 | a9968a540a813366a761e50fc0785e23
Monstra 3.0.1 Bruteforce Mitigation Bypass
Posted Nov 12, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.

tags | exploit, bypass
advisories | CVE-2014-9006
MD5 | 51f5aa47c152b41dc76733f929955cb1
HP Security Bulletin HPSBUX03188 SSRT101487 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability
systems | hpux
advisories | CVE-2013-4548, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653
MD5 | 60b082836fa9890c5a6a480b8d91b420
Debian Security Advisory 3071-1
Posted Nov 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3071-1 - In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2014-1544
MD5 | 32756b0750a241d599b3629ec0c91486
HP Security Bulletin HPSBGN03191 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.

tags | advisory, remote, web, denial of service, vulnerability
advisories | CVE-2012-5533, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324, CVE-2014-3566
MD5 | b0685edc01ab39cde7c28639fcbebd1d
HP Security Bulletin HPSBGN03117 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03117 2 - A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: The vCAS product is vulnerable only if DHCP is enabled. Revision 2 of this advisory.

tags | advisory, remote, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169
MD5 | 8cd197ae0bc08b73f1a3d28afc1e8b48
HP Security Bulletin HPSBST03155 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03155 1 - A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | cee9e866dfa14f72f35220bfb59dc115
Debian Security Advisory 3072-1
Posted Nov 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3072-1 - Francisco Alonso of Red Hat Product Security found an issue in the file thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service
systems | linux, redhat, debian
advisories | CVE-2014-3710
MD5 | 2f17b84200b916462c4f8907046f0979
HP Security Bulletin HPSBGN03164 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03164 1 - A potential security vulnerability has been identified with HP IceWall SSO Dfw , SSO Certd, and MCRP running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 99d1a64051f6fea63cc67bebb7138a6f
HP Security Bulletin HPSBST03154 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 1 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 391ed1bc0adafb58425b1de7b062ea2c
HP Security Bulletin HPSBST03181 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03181 1 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 6fde430e8bafb4371955f484d34826e0
HP Security Bulletin HPSBHF03124 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03124 2 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | ec6d6034152d962e6ffbdc9d84e140a5
HP Security Bulletin HPSBMU03165 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03165 1 - A potential security vulnerability has been identified with HP Propel. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | fcec6b2014de89d2c078219011a562a0
Red Hat Security Advisory 2014-1846-01
Posted Nov 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1846-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS, could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-8564
MD5 | 4ca60d6b4ddb83e3efe5663b6fec6aa8
HP Security Bulletin HPSBMU03184 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03184 1 - A potential security vulnerability has been identified with HP SiteScope running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 01daaf5ff4f411628682379175dfca29
HP Security Bulletin HPSBMU03190 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03190 1 - A potential security vulnerability has been identified with HP Helion Cloud Development Platform Community Edition and HP Helion Cloud Development Platform Commercial Edition. The vulnerability could be exploited remotely to allow Unauthenticated access. Note: On October 28, 2014, HP identified a critical security vulnerability in the v1.0 release of the HP Helion Development Platform. The vulnerability is in our Application Lifecycle Service (ALS) and requires immediate attention. Vulnerability background: During the development process, valid user and host security keys were unintentionally left on the ALS Seed Node image. These keys are thus universal on all virtual machines created using the ALS Seed Node image. If an attacker has a virtual machine (VM) created from the ALS seed node image, they could potentially use that VM to connect (without giving a password) to any other VM in any ALS cluster (including ones the attacker does not own) if the attacker obtains a valid cluster VM IP address and the cluster was created with an ALS seed node image containing the vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-7878
MD5 | 2e451fe325b3fbe71ae1a9302e584982
PayPal Arbitrary Code Execution
Posted Nov 12, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal suffered from an arbitrary code execution vulnerability. A filter bypass and persistent bug was also discovered during the testing of the same vulnerable parameter location.

tags | exploit, arbitrary, code execution
MD5 | 3b4d13942993e0bf7c78047d6bb54c66
Microsoft Office 2007 / 2010 OLE Arbitrary Command Execution
Posted Nov 12, 2014
Authored by Abhishek Lyall

Microsoft Office 2007 and 2010 OLE arbitrary command execution exploit. This exploit will not give a UAC warning. No .inf file is required in this exploit. The size of the executable payload should be less than 400kb. Python 2.7 is required.

tags | exploit, arbitrary
advisories | CVE-2014-6352
MD5 | 9b8ffe52665f95c74eecc7e0ba55fe8c
Piwigo 2.6.0 SQL Injection
Posted Nov 12, 2014
Authored by Manuel Garcia Cardenas

Piwigo versions 2.6.0 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3a794c0cb2107b811446f868d534e649
PHPMemcachedAdmin 1.2.2 Cross Site Scripting
Posted Nov 12, 2014

PHPMemcachedAdmin versions 1.2.2 and below suffer from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-8732
MD5 | 388ad001bf6cfe2399e8e8f60eced472
Eleanor CMS Open Redirect
Posted Nov 12, 2014
Authored by Renzi

Eleanor CMS suffers from an open redirection vulnerability.

tags | exploit
MD5 | c656e4507cce12eaf12945979e4ce121
Page 1 of 2
Back12Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close