exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-11-26

Pandora FMS SQL Injection Remote Code Execution
Posted Nov 26, 2014
Authored by Jason Kratzer, Lincoln | Site metasploit.com

This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the "Auto Login" password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.

tags | exploit, remote, code execution, sql injection
MD5 | d879b2c710bcfc29da92c8253b550c36
xEpan 1.0.1 Cross Site Request Forgery
Posted Nov 26, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

xEpan version 1.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-8429
MD5 | c3382b74a1102f2a0d52556b93f634ce
Android WAPPushManager SQL Injection
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager.

tags | exploit, remote, sql injection
advisories | CVE-2014-8507
MD5 | 5a102c9595a8170289122969255e08d4
Android SMS Resend
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone.

tags | exploit
advisories | CVE-2014-8610
MD5 | 9f5ebc82ec4837d35e7ffff8981a2ab1
Android Settings Pendingintent Leak
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

tags | exploit
advisories | CVE-2014-8609
MD5 | b7ba70229b21bd94751929637627477f
Device42 Embedded Credentials
Posted Nov 26, 2014
Authored by Brandon Perry

Device42 DCIM Appliance Manager versions 5.10 and 6.0 have hardcoded credentials and also suffer from remote command injection vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 970d75c3fd1cf02517ca875a7dfb7097
Device42 Traceroute Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute.

tags | exploit, remote
MD5 | 29dea352245e10c3a4a7588e05342cc0
Device42 Ping Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping.

tags | exploit, remote
MD5 | 6b6c3329dff12b38c51a77d1df5e5d00
Red Hat Security Advisory 2014-1906-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1906-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. In a previous update, OpenShift Enterprise 2.2 introduced the oo-gear-firewall command, which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3602, CVE-2014-3674
MD5 | 283d8d14cfcd831376e1a7333c0943fb
Red Hat Security Advisory 2014-1905-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1905-01 - In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 1.2 to the latest version of Red Hat OpenShift Enterprise. To upgrade to Red Hat OpenShift Enterprise, see Chapter "Upgrading from Previous Versions" in the Deployment Guide document linked to in the References section.

tags | advisory
systems | linux, redhat
MD5 | 7b2bd42db5e036fb37ca7842c8ba3e61
Ubuntu Security Notice USN-2422-1
Posted Nov 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2422-1 - Sebastian Krahmer discovered that the Squid pinger incorrectly handled certain malformed ICMP packets. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-7141, CVE-2014-7142
MD5 | d1f2fdaaa88f46cc61a812006fbef81b
Red Hat Security Advisory 2014-1904-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1904-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.0 release serves as a replacement for JBoss Operations Network 3.2.3, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2035, CVE-2014-0059, CVE-2014-3481, CVE-2014-3490, CVE-2014-3577
MD5 | 48133e96975007cd2f25111fd8c8ffe7
Mandriva Linux Security Advisory 2014-228
Posted Nov 26, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-228 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin including cross site scripting, local file inclusion, and more. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, local, vulnerability, xss, file inclusion
systems | linux, mandriva
advisories | CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961
MD5 | 1f9fd04d274d5f648764b010245d5e48
Debian Security Advisory 3076-1
Posted Nov 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3076-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714
MD5 | 2dfbaf94d6bd79fc10f2f82a4fcbd589
HP Security Bulletin HPSBUX03166 SSRT101489 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03166 SSRT101489 1 - A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions. Revision 1 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2014-7879
MD5 | 15677332ad33c9cea0f0739cce899160
HP Security Bulletin HPSBGN03203 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03203 1 - A potential security vulnerability has been identified with HP CMS: UCMDB Browser running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | db082137cafe6fa17081c41763e31005
HP Security Bulletin HPSBGN03201 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03201 1 - A potential security vulnerability has been identified with HP Asset Manager running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | be33fab141dc1673643e3c1ccb066176
HP Security Bulletin HPSBST03148 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03148 1 - A potential security vulnerability has been identified with certain HP StoreOnce Gen 2 Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Gen 2 Backup software prior to 2.3.02 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Gen 2 Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | fe5f6090052de76ea683bf6bb6bf4ff4
HP Security Bulletin HPSBMU03214 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03214 1 - A potential security vulnerability has been identified with HP Systinet running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 231967075a33cbb6348b0ef5c6083189
CCH Wolters Kluwer PFX Engagement 7.1 Privilege Escalation
Posted Nov 26, 2014
Authored by singularitysec

CCH Wolters Kluwer PFX Engagement versions 7.1 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2014-9113
MD5 | 6f603f041b2a459e6c6fffb9a771fea4
MyBB 1.8.2 unset_globals() Bypass / Remote Code Execution
Posted Nov 26, 2014
Authored by Taoguang Chen

MyBB versions 1.8.2 and below suffer from an unset_globals() function bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
MD5 | 2db89ccf55f105aebb8916ab28acff84
phpBB 3.1.1 deregister_globals() Bypass
Posted Nov 26, 2014
Authored by Taoguang Chen

phpBB versions 3.1.1 and below suffer from a deregister_globals() bypass vulnerability.

tags | exploit, bypass
MD5 | 81da95da009a459c377573cf804f75a0
Slider Revolution/Showbiz Pro Shell Upload
Posted Nov 26, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Slider Revolution versions 3.0.95 and below and Showbiz Pro versions 1.7.1 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 8e7f33830730cefac23bf4df2b47c4ae
WordPress Sexy Squeeze Pages Cross Site Scripting
Posted Nov 26, 2014
Authored by KnocKout

WordPress Sexy Squeeze Pages plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 98633baceec400054a7d0d46590b1abe
Apadana CMS SQL Injection
Posted Nov 26, 2014
Authored by SeRaVo.BlackHat

Apadana CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 2843b7e430cb99de25577c49f51348ab
Page 1 of 2
Back12Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close