exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-12-02

Facebook Graph Search Brute Force
Posted Dec 2, 2014
Authored by rapper crazy

Facebook Graph Search allows you to leverage private phone numbers to mine real users that map to that number.

tags | exploit, info disclosure
systems | linux
SHA-256 | d474bc1c2e55cc01ed9d34ec459688c66513646f9c4660362bde861195ca8928
Ubuntu Security Notice USN-2424-1
Posted Dec 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2424-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Cody Crews discovered a way to trigger chrome-level XBL bindings from web content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
SHA-256 | bd64f6deeda37a74febafdf00c9dfcb38d1e411fb9b1ca87dc69dce474b713c5
WordPress CM Download Manager 2.0.6 XSS / CSRF
Posted Dec 2, 2014
Authored by Henri Salo

WordPress CM Download Manager plugin versions 2.0.6 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9129
SHA-256 | 70e27f9cec6ff9a962db96c3898b3ab97efd67d4af24cff458c83462c4e2e1cc
IBM Endpoint Manager For Mobile Devices Code Execution
Posted Dec 2, 2014
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secret_token values. With these values, attackers can create valid session cookies containing marshalled objects of their choosing. This can be leveraged to execute arbitrary code when the Ruby on Rails application unmarshals the cookie. Versions prior to 9.0.60100 are affected.

tags | exploit, arbitrary, ruby
advisories | CVE-2014-6140
SHA-256 | afaa34caa4d6d89b6d93e473052895cb376f07a94438794f11e039bc4696f497
Ubuntu Security Notice USN-2430-1
Posted Dec 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2430-1 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-8104
SHA-256 | deb1172a40a0518bceab35a578d15ddd317f30fd5b32d1649db2762b7a99cf09
Debian Security Advisory 3084-1
Posted Dec 2, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3084-1 - Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload.

tags | advisory
systems | linux, debian
advisories | CVE-2014-8104
SHA-256 | c9e59a3cc2d0846936d49063493f76daac05181cf5c5749ecc2b432c06e11499
Red Hat Security Advisory 2014-1938-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1938-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-7821
SHA-256 | 392d0c8a5002c7cb1ffef29db8ec3808348de94a00aa2a42a18d316a5b45e184
Red Hat Security Advisory 2014-1937-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1937-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5615, CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
SHA-256 | cd562ed99ccb1033ca973e9aeee9168103627f04bc78017c29431dca6c398440
Wix.com Cross Site Scripting
Posted Dec 2, 2014
Authored by Devsec Security

57 million web pages in wix.com suffer from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | c226317cdc5db53b8ca4528328ab02912e5addd884d61aac4190cd04a62f668a
Red Hat Security Advisory 2014-1940-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1940-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5615, CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
SHA-256 | e6e3e6133227ce7c70e4f43424dc2bce6e4a97446edd8d32113f477a544d0521
Red Hat Security Advisory 2014-1939-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1939-01 - OpenStack Database is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly and easily utilize the features of a database without the burden of handling complex administrative tasks. Cloud users and database administrators can provision and manage multiple database instances as needed. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-7230, CVE-2014-7231
SHA-256 | 836354ac903cce9e3a9d8d877ebdb31bcdf1f96bb0e60582e6c3639bffe137c1
Hack4 Call For Papers
Posted Dec 2, 2014
Authored by dash | Site hack4.org

Hack4 has announced its Call For Papers. It will be held December 29th through the 30th, 2014 in Berlin, Germany.

tags | paper, conference
SHA-256 | 8bd8d0107cba3e6990b5c796da3abbd9efe8451353a0df658a656537e05f6e17
less Out Of Bounds Read Access
Posted Dec 2, 2014
Authored by Hanno Boeck | Site hboeck.de

An out of bounds read access in the UTF-8 decoding can be triggered with a malformed file in the tool less.

tags | advisory
SHA-256 | 347f4926038ecad2d6a29f7ea51b42576cbdba32e0a8492bd6c7800ee394189c
SQL Buddy 1.3.3 Remote Code Execution
Posted Dec 2, 2014
Authored by Fady Mohamed Osman

SQL Buddy version 1.3.3 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | a7040fa9a7bbf05e878f4e287a5244f16ee0664c859fff5c38264b6a7d7d9f50
IPUX CL5452/CL5132 IP Camera Stack Buffer Overflow
Posted Dec 2, 2014
Authored by LiquidWorm | Site zeroscience.mk

The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.

tags | exploit, overflow, arbitrary, activex
SHA-256 | ab552203002b5442f6c1bc8c385e038e6bf8f4fa91dcb2c7c81a0411c66078c7
IPUX CS7522/CS2330/CS2030 IP Camera Stack Buffer Overflow
Posted Dec 2, 2014
Authored by LiquidWorm | Site zeroscience.mk

The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.

tags | exploit, overflow, arbitrary, activex
SHA-256 | bd90ac6b31dacfbadf046e06c7deecd459efc8df1e4b12be5f77d4d95a82096f
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Posted Dec 2, 2014
Authored by joev, Ian Beer | Site metasploit.com

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite.

tags | exploit, overflow, kernel
systems | apple, osx
advisories | CVE-2014-4404
SHA-256 | 11133f34a345562636b3137fbe3bb6e9f2ec2aa4045b1360d1b0885244f3d580
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close