what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-12-01

Tincd Post-Authentication Remote TCP Stack Buffer Overflow
Posted Dec 1, 2014
Authored by Martin Schobert, Tobias Ospelt | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Tinc's tincd service. After authentication, a specially crafted tcp packet (default port 655) leads to a buffer overflow and allows to execute arbitrary code. This Metasploit module has been tested with tinc-1.1pre6 on Windows XP (custom calc payload) and Windows 7 (windows/meterpreter/reverse_tcp), and tinc version 1.0.19 from the ports of FreeBSD 9.1-RELEASE # 0 and various other OS, see targets. The exploit probably works for all versions <= 1.1pre6. A manually compiled version (1.1.pre6) on Ubuntu 12.10 with gcc 4.7.2 seems to be a non-exploitable crash due to calls to __memcpy_chk depending on how tincd was compiled. Bug got fixed in version 1.0.21/1.1pre7. While writing this module it was recommended to the maintainer to start using DEP/ASLR and other protection mechanisms.

tags | exploit, overflow, arbitrary, tcp
systems | linux, windows, freebsd, xp, ubuntu, 7
advisories | CVE-2013-1428, OSVDB-92653
MD5 | 84e2aa0f31859b0a33b4eb4b57cf52eb
EntryPass N5200 Credential Disclosure
Posted Dec 1, 2014
Site redteam-pentesting.de

EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password.

tags | exploit
advisories | CVE-2014-8868
MD5 | f0b45998078ed24b11d844ee15822d30
TYPO3 Extension ke_dompdf 0.0.3 Remote Code Execution
Posted Dec 1, 2014
Site redteam-pentesting.de

The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to be rendered by the webserver using dompdf. dompdf also supports rendering of PHP files and the examples page also accepts PHP code tags, which are then executed and rendered into a PDF on the server. Since those files are not protected in the TYPO3 extension directory, anyone can access this URL and execute arbitrary PHP code on the system. This behavior was already fixed in the dompdf library, but the typo3 extension ke_dompdf supplies an old version of the library that still allows the execution of arbitrary PHP code. Versions 0.0.3 and below are affected.

tags | exploit, arbitrary, php
advisories | CVE-2014-6235
MD5 | 92fa8ac9a104d07d9dd68d6295bd5fff
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
Posted Dec 1, 2014
Site redteam-pentesting.de

The TYPO3 extension ke_questionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected.

tags | exploit
advisories | CVE-2014-8874
MD5 | b9c81ac6ac5955639bca35ab43fcefa6
1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting
Posted Dec 1, 2014
Authored by Stephan Rickauer

Swisscom CSIRT discovered a security flaw in the management interface of the Alcatel Lucent 1830 Photonic Service Switch series that allows for cross site scripting attacks. Versions 6.0 and below are affected.

tags | exploit, xss
advisories | CVE-2014-3809
MD5 | 706f736a374525d8e2a7f918de304c0b
I2P 0.9.17
Posted Dec 1, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 7c3d22cba3b3184b153bc2bbc54d6503
ManageEngine Netflow Analyzer / IT360 File Download
Posted Dec 1, 2014
Authored by Pedro Ribeiro

ManageEngine Netflow Analyzer and IT360 suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-5445, CVE-2014-5446
MD5 | 310d724b3820fc0603b09eb7b0dc7fee
Drupal / WordPress Memory Exhaustion
Posted Dec 1, 2014
Authored by Javer Nieto, Andres Rojas

A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

tags | exploit, denial of service
advisories | CVE-2014-9016, CVE-2014-9034
MD5 | fc9b6e85c8203a7598177102a91f7f1d
Red Hat Security Advisory 2014-1920-01
Posted Dec 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1920-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, java, web, protocol
systems | linux, redhat
MD5 | 8385589b83360eb933d1918dbc27649f
Ubuntu Security Notice USN-2429-1
Posted Dec 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2429-1 - It was discovered that ppp incorrectly handled certain options files. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3158
MD5 | e58186992707ca1850e0642beb13a4a1
Debian Security Advisory 3083-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3083-1 - A flaw was discovered in mutt, a text-based mailreader. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-9116
MD5 | 6b9036b602ff2745f4bd30df0114297f
Debian Security Advisory 3082-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3082-1 - Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free file, an attacker could execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat, debian
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | b2ec39908bbb4ab52558f18370eada87
Debian Security Advisory 3081-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3081-1 - Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
MD5 | 28d8bed564a4550641c939b791a61441
Debian Security Advisory 3080-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3080-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | 6f46c6d163a2de928f68709617925c28
Debian Security Advisory 3079-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3079-1 - A vulnerability was discovered in ppp, an implementation of the responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2014-3158
MD5 | c0d1d0492105b2b6a6ad87ef9cfea205
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    11 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close