exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-11-19

Capstone 3.0
Posted Nov 19, 2014
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: This release isa stable version with major changes on the core and bindings.
tags | tool
systems | linux, unix
SHA-256 | 9d7219376ce801e95b4c148dd9464098836a6d209c2396f8ee283a7a6aa16544
Clam AntiVirus Toolkit 0.98.5
Posted Nov 19, 2014
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Adjusted the logic surrounding adjusting the PE section sizes with a crash. Added support for XDP PDF file format. Various updates and fixes.
tags | tool, virus
systems | unix
SHA-256 | 9c2f37d5fa9033936468237f6f4b29289f30791caa84765ef510acb56c8daa4d
Dolibarr ERP And CRM 3.5.3 SQL Injection
Posted Nov 19, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Dolibarr ERP and CRM version 3.5.3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-7137
SHA-256 | 28d80b9fc01de763573e26f6295737377269e9e8ba336e578aabd6a7d3558bc6
Compaq/Hewlett Packard Glance 11.00 Privilege Escalation
Posted Nov 19, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected.

tags | exploit
systems | linux
advisories | CVE-2014-2630
SHA-256 | a66fb0a451a7f6dcc806352c69ac659b9668b544cb151ad815fc0f41f27c3245
IO Slaves KDE Insufficient Input Validation
Posted Nov 19, 2014
Authored by D. Burton, T. Brown | Site portcullis-security.com

It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.

tags | exploit, javascript, protocol
advisories | CVE-2014-8600
SHA-256 | e347068492c2b02155919e28caab949adb5a3b0bc7cde80b54669e096dfe6353
Faronics Deep Freeze Arbitrary Code Execution
Posted Nov 19, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-2382
SHA-256 | 27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885
Joomla Simple Email Form 1.8.5 Cross Site Scripting
Posted Nov 19, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla Simple Email Form version 1.8.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-8539
SHA-256 | bdbf6b422078d438cc5d2cb5bad7c4962ce78742be7e3d0a971d871344bb0b35
Android Privilege Escalation
Posted Nov 19, 2014
Authored by Jann Horn

In Android versions prior to 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. Proof of concept code included.

tags | exploit, java, arbitrary, proof of concept
SHA-256 | bf793047e29e52365bf15acd8cb03662f3e6f03b41a8867b4fb9c604a91808d4
Mandriva Linux Security Advisory 2014-215
Posted Nov 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-215 - An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8564
SHA-256 | 09deb94573db19c2095367b2e4855204d2d7f1f688124b59ab0810ec5e393e7a
Debian Security Advisory 3074-1
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-1 - Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service, php
systems | linux, redhat, debian
advisories | CVE-2014-3710
SHA-256 | c3c7f83fc8677e848b0cf6cde29652f956a6c07f2e420aedcf4eb8bc70533181
Debian Security Advisory 3074-2
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-2 - The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy.

tags | advisory
systems | linux, debian
SHA-256 | eb5ca3638356ab944b043dc1e88c1b86cc5025738f16872711478b87772079b4
ExploitRemotingService .NET Tool
Posted Nov 19, 2014
Authored by James Forshaw

This is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.

tags | exploit
systems | windows
advisories | CVE-2014-1806, CVE-2014-4149
SHA-256 | 74ce7c60139cd6b2a713355e1eaa5162b32c8741cbee7e9e2d418a32d899e82e
Snowfox CMS 1.0 Cross Site Request Forgery
Posted Nov 19, 2014
Authored by LiquidWorm | Site zeroscience.mk

Snowfox CMS version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a04e1dba9655d630abb9e1a307314178219b1886d0b33c4c47ecf48ac5e68f72
Apple Security Advisory 2014-11-17-3
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-3 - Apple TV 7.0.2 is now available and addresses arbitrary code execution and unsigned code execution security issues.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
SHA-256 | 64ff89b095ba26114a75a346f55bdedfd3112739360aef178b40c75924a28897
Snowfox CMS 1.0 Open Redirect
Posted Nov 19, 2014
Authored by LiquidWorm | Site zeroscience.mk

Snowfox CMS version 1.0 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 30be02c518b17b6f7eea2722ad431efc1006f27b4352c635aa289b2c3cb86fa6
Apple Security Advisory 2014-11-17-2
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-2 - OS X 10.10.1 is now available and addresses a privacy issue, arbitrary code execution, and various other security issues.

tags | advisory, code execution
systems | apple, osx
advisories | CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
SHA-256 | 0070a836f0e45939ac86a47d278a19667a9d9d6640d8631bc2fbfc89036c0713
Apple Security Advisory 2014-11-17-1
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-1 - iOS 8.1.1 is now available and addresses code execution and various other security flaws.

tags | advisory, code execution
systems | apple
advisories | CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4455, CVE-2014-4457, CVE-2014-4460, CVE-2014-4461, CVE-2014-4462, CVE-2014-4463
SHA-256 | 602e9d605f73315efc5efaf9ac7b45623e8729c43897fd8782af5548bf6439e1
tcpdump 4.6.2 AOVD Unreliable Output
Posted Nov 19, 2014
Authored by Steffen Bauch

It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behavior if verbose output of tcpdump monitoring the network is used. Affected versions are 3.8 through 4.6.2.

tags | exploit
advisories | CVE-2014-8769
SHA-256 | a85471c18f98a1639c42f4f8a5c4ac76bfadbcf018487d3c509fec2e23a05a65
tcpdump 4.6.2 Geonet Denial Of Service
Posted Nov 19, 2014
Authored by Steffen Bauch

tcpdump versions 4.5.0 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed Geonet payload.

tags | exploit, denial of service
advisories | CVE-2014-8768
SHA-256 | 9af8da699aaaed3f582d3ce2e3473186609cabab6d354ae5b7877ecb392ab0fa
tcpdump 4.6.2 OSLR Denial Of Service
Posted Nov 19, 2014
Authored by Steffen Bauch

tcpdump versions 3.9.6 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed OLSR payload.

tags | exploit, denial of service
advisories | CVE-2014-8767
SHA-256 | 4fc3ca635ddbe8ed7f884ff465b5688613dbce31cfea61e0e73891ed5e27c574
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close