Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-11-19

Capstone 3.0
Posted Nov 19, 2014
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: This release isa stable version with major changes on the core and bindings.
tags | tool
systems | linux, unix
MD5 | b62dd7e8cb0651964f8221e8830f2bd1
Clam AntiVirus Toolkit 0.98.5
Posted Nov 19, 2014
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Adjusted the logic surrounding adjusting the PE section sizes with a crash. Added support for XDP PDF file format. Various updates and fixes.
tags | tool, virus
systems | unix
MD5 | abb5c7efaff3394c0a49ff970841a2ac
Dolibarr ERP And CRM 3.5.3 SQL Injection
Posted Nov 19, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Dolibarr ERP and CRM version 3.5.3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-7137
MD5 | ccc3e00af24dabe06d7109a7d9bb49b2
Compaq/Hewlett Packard Glance 11.00 Privilege Escalation
Posted Nov 19, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected.

tags | exploit
systems | linux
advisories | CVE-2014-2630
MD5 | f281541bcce04bc302e057281caa162c
IO Slaves KDE Insufficient Input Validation
Posted Nov 19, 2014
Authored by D. Burton, T. Brown | Site portcullis-security.com

It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.

tags | exploit, javascript, protocol
advisories | CVE-2014-8600
MD5 | 36248d1b9a357a4aabeb1f26abe80403
Faronics Deep Freeze Arbitrary Code Execution
Posted Nov 19, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-2382
MD5 | 3bd8a034d285c2f3bef972f16de36799
Joomla Simple Email Form 1.8.5 Cross Site Scripting
Posted Nov 19, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla Simple Email Form version 1.8.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-8539
MD5 | 76b4b4d7e4604fbb7f34f01cd0e9196d
Android Privilege Escalation
Posted Nov 19, 2014
Authored by Jann Horn

In Android versions prior to 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. Proof of concept code included.

tags | exploit, java, arbitrary, proof of concept
MD5 | a10b87e74671949b21111b5b65291122
Mandriva Linux Security Advisory 2014-215
Posted Nov 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-215 - An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8564
MD5 | 79a9935d9db7ee9a27842646bb66d102
Debian Security Advisory 3074-1
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-1 - Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service, php
systems | linux, redhat, debian
advisories | CVE-2014-3710
MD5 | 9f595bde9498f9a62044af263152f44e
Debian Security Advisory 3074-2
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-2 - The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy.

tags | advisory
systems | linux, debian
MD5 | e11e6b6614dcc60525c269310854d10b
ExploitRemotingService .NET Tool
Posted Nov 19, 2014
Authored by James Forshaw

This is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.

tags | exploit
systems | windows
advisories | CVE-2014-1806, CVE-2014-4149
MD5 | 2f08afabb6a71899af115848864f91b0
Snowfox CMS 1.0 Cross Site Request Forgery
Posted Nov 19, 2014
Authored by LiquidWorm | Site zeroscience.mk

Snowfox CMS version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 366e05a08b476d41ca5bba36adeb95f9
Apple Security Advisory 2014-11-17-3
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-3 - Apple TV 7.0.2 is now available and addresses arbitrary code execution and unsigned code execution security issues.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
MD5 | 7dae31e90afdf47dc4cae9e5a59fb552
Snowfox CMS 1.0 Open Redirect
Posted Nov 19, 2014
Authored by LiquidWorm | Site zeroscience.mk

Snowfox CMS version 1.0 suffers from an open redirection vulnerability.

tags | exploit
MD5 | eed1994257b52e84e60c66e6946f25be
Apple Security Advisory 2014-11-17-2
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-2 - OS X 10.10.1 is now available and addresses a privacy issue, arbitrary code execution, and various other security issues.

tags | advisory, code execution
systems | apple, osx
advisories | CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
MD5 | abe867d0c4edab24ce041ca8be40de90
Apple Security Advisory 2014-11-17-1
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-1 - iOS 8.1.1 is now available and addresses code execution and various other security flaws.

tags | advisory, code execution
systems | apple
advisories | CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4455, CVE-2014-4457, CVE-2014-4460, CVE-2014-4461, CVE-2014-4462, CVE-2014-4463
MD5 | 6be6e54ae5290c662923b7384a556455
tcpdump 4.6.2 AOVD Unreliable Output
Posted Nov 19, 2014
Authored by Steffen Bauch

It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behavior if verbose output of tcpdump monitoring the network is used. Affected versions are 3.8 through 4.6.2.

tags | exploit
advisories | CVE-2014-8769
MD5 | d5a2abd7730459ab4c0f43a3bfb24e7c
tcpdump 4.6.2 Geonet Denial Of Service
Posted Nov 19, 2014
Authored by Steffen Bauch

tcpdump versions 4.5.0 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed Geonet payload.

tags | exploit, denial of service
advisories | CVE-2014-8768
MD5 | 03579669f0dc56b0dada067c167c6789
tcpdump 4.6.2 OSLR Denial Of Service
Posted Nov 19, 2014
Authored by Steffen Bauch

tcpdump versions 3.9.6 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed OLSR payload.

tags | exploit, denial of service
advisories | CVE-2014-8767
MD5 | 47fd4d5a6cafa3e38b04b96334e1d293
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close