what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-12-01

Tincd Post-Authentication Remote TCP Stack Buffer Overflow
Posted Dec 1, 2014
Authored by Martin Schobert, Tobias Ospelt | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Tinc's tincd service. After authentication, a specially crafted tcp packet (default port 655) leads to a buffer overflow and allows to execute arbitrary code. This Metasploit module has been tested with tinc-1.1pre6 on Windows XP (custom calc payload) and Windows 7 (windows/meterpreter/reverse_tcp), and tinc version 1.0.19 from the ports of FreeBSD 9.1-RELEASE # 0 and various other OS, see targets. The exploit probably works for all versions <= 1.1pre6. A manually compiled version (1.1.pre6) on Ubuntu 12.10 with gcc 4.7.2 seems to be a non-exploitable crash due to calls to __memcpy_chk depending on how tincd was compiled. Bug got fixed in version 1.0.21/1.1pre7. While writing this module it was recommended to the maintainer to start using DEP/ASLR and other protection mechanisms.

tags | exploit, overflow, arbitrary, tcp
systems | linux, windows, freebsd, ubuntu
advisories | CVE-2013-1428, OSVDB-92653
SHA-256 | d3e4999fe9325d233a3d46dbd61a259a73d7923e103b6f723b1d8b52ff1b7126
EntryPass N5200 Credential Disclosure
Posted Dec 1, 2014
Site redteam-pentesting.de

EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password.

tags | exploit
advisories | CVE-2014-8868
SHA-256 | 95972964bbc742ac4c38212126c9f75123187a80142bc0be775e001524803d2e
TYPO3 Extension ke_dompdf 0.0.3 Remote Code Execution
Posted Dec 1, 2014
Site redteam-pentesting.de

The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to be rendered by the webserver using dompdf. dompdf also supports rendering of PHP files and the examples page also accepts PHP code tags, which are then executed and rendered into a PDF on the server. Since those files are not protected in the TYPO3 extension directory, anyone can access this URL and execute arbitrary PHP code on the system. This behavior was already fixed in the dompdf library, but the typo3 extension ke_dompdf supplies an old version of the library that still allows the execution of arbitrary PHP code. Versions 0.0.3 and below are affected.

tags | exploit, arbitrary, php
advisories | CVE-2014-6235
SHA-256 | 3ab99d29dcbdc8c3cd497ad47d028ac734705efac716b5c6713f1c00c41352b5
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
Posted Dec 1, 2014
Site redteam-pentesting.de

The TYPO3 extension ke_questionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected.

tags | exploit
advisories | CVE-2014-8874
SHA-256 | 3e3bbfd6986ae9575ca39092c83c53d3007704cdcaacf2ddb4e6429a02d9a751
1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting
Posted Dec 1, 2014
Authored by Stephan Rickauer

Swisscom CSIRT discovered a security flaw in the management interface of the Alcatel Lucent 1830 Photonic Service Switch series that allows for cross site scripting attacks. Versions 6.0 and below are affected.

tags | exploit, xss
advisories | CVE-2014-3809
SHA-256 | b3dc59711192975fd9682478699dd5632003dc1de58769902ecfb06b88bff1ad
I2P 0.9.17
Posted Dec 1, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 6ad5ba79eb3e9b7434ecc4e739d691ca9e012e9cd9bb20d39c780d44b64d37db
ManageEngine Netflow Analyzer / IT360 File Download
Posted Dec 1, 2014
Authored by Pedro Ribeiro

ManageEngine Netflow Analyzer and IT360 suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-5445, CVE-2014-5446
SHA-256 | f28c12e2709e29fe58c181837e6106a9c54c5b1f2469324aa04db88e1e55be7f
Drupal / WordPress Memory Exhaustion
Posted Dec 1, 2014
Authored by Javer Nieto, Andres Rojas

A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

tags | exploit, denial of service
advisories | CVE-2014-9016, CVE-2014-9034
SHA-256 | 691c983b834cd1c1cc4abb9e799af2e45516125311bba33d60aa227a917ea11b
Red Hat Security Advisory 2014-1920-01
Posted Dec 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1920-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, java, web, protocol
systems | linux, redhat
SHA-256 | e7bf4c10ef4456b2cc699ef15bc3e26d330de6d51ae87d02396f0851acd6e2fd
Ubuntu Security Notice USN-2429-1
Posted Dec 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2429-1 - It was discovered that ppp incorrectly handled certain options files. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3158
SHA-256 | d05fe8636e08f6dfb0df567b509bcd006b04eeec63bc35aed3f09aaaa79b61a7
Debian Security Advisory 3083-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3083-1 - A flaw was discovered in mutt, a text-based mailreader. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-9116
SHA-256 | e5f5ea5eb5148a3a3369b1628aebfd84733d4bafa7840574291b29fb96c21847
Debian Security Advisory 3082-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3082-1 - Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free file, an attacker could execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat, debian
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 45d3a8394a88d20061257f331bda5c3542c5c1c71131c449ab431afc09e78a4b
Debian Security Advisory 3081-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3081-1 - Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
SHA-256 | 0435333bb4a1bb2c642dcc3af7f4b1286f123096c23431478f84f155d7cf6085
Debian Security Advisory 3080-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3080-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
SHA-256 | c4e7cdd0bd1e5a071af57287aa0313a992085bc58105154e911275c7c49ee5ee
Debian Security Advisory 3079-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3079-1 - A vulnerability was discovered in ppp, an implementation of the responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2014-3158
SHA-256 | ed1ede6b9055ca30a5f27bd99cfb95991ce416c2151f3dfff1e7eba069f078d0
Page 1 of 1

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By