exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2014-12-09

Subrion CMS 3.2.2 Cross Site Scripting
Posted Dec 9, 2014
Authored by Onur YILMAZ, Omar Kurt | Site netsparker.com

Subrion CMS version 3.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9120
SHA-256 | c1298bd4285680bb909de7d080e42246026fcafa8acbcb9c5b42cb20c45c4a52
goYWP WebPress 13.00.06 Cross Site Scripting
Posted Dec 9, 2014
Authored by Jing Wang

goYWP WebPress version 13.00.06 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8751
SHA-256 | a21be4dd03bd59d3528f15a9288cff274f06afcc7ee938c5319f87766878e5f3
phpTrafficA 2.3 SQL Injection
Posted Dec 9, 2014
Authored by Daniel Geerts

phpTrafficA versions 2.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-8340
SHA-256 | 35cf42f536241e5b5165723fb326796ec0832be49a1a2e5d66ecf66411871ea8
Apache CloudStack 4.3 / 4.4 Unauthenticated LDAP Binds
Posted Dec 9, 2014
Authored by Citrix Security Team

Apache CloudStack may be configured to authenticate LDAP users. When so configured, it performs a simple LDAP bind with the name and password provided by a user. Simple LDAP binds are defined with three mechanisms (RFC 4513): 1) username and password; 2) unauthenticated if only a username is specified; and 3) anonymous if neither username or password is specified. Currently, Apache CloudStack does not check if the password was provided which could allow an attacker to bind as an unauthenticated user. Versions 4.3 and 4.4 are affected.

tags | advisory
advisories | CVE-2014-7807
SHA-256 | bbbd1b2ac7a4bb891b769624d11c121d4535a2c1bb2af58f8cd50947731eefdc
Debian Security Advisory 3093-1
Posted Dec 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3093-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-7841, CVE-2014-8369, CVE-2014-8884, CVE-2014-9090
SHA-256 | 57232cc982d5b56a3a4484ad03202481e9d82dcc2130c361d364a0329773cbdd
HP Security Bulletin HPSBST03154 2
Posted Dec 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 2 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 1fd37f9427784b3b37be04b743ed2eb89dd0ff93ce83329650327ceec8f74b04
Debian Security Advisory 3094-1
Posted Dec 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3094-1 - It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability. By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service (up to and including termination of the named server process).

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-8500
SHA-256 | 1d2684cbff318116da931be8775f83a064a4521f81b9e896735e6547897432ec
Ubuntu Security Notice USN-2437-1
Posted Dec 9, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2437-1 - Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-8500
SHA-256 | 3d1d036b529b6873104212a11d009791b5b4b740cb524238ad8f2bfb5b4b7a8a
Red Hat Security Advisory 2014-1976-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1976-01 - The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6435, CVE-2014-8118
SHA-256 | f3d5900ed19dc90fb2fe4b2515aa16f953b699c1bbe2c44861f607a0ddb74b93
Red Hat Security Advisory 2014-1974-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1974-01 - The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6435
SHA-256 | 6e89aa2b2e0253c04afbf06552de7a2d10d01556b868fb8b80dec65dd2b96cbd
Red Hat Security Advisory 2014-1975-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1975-01 - The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6435
SHA-256 | 8d80abb8541cbbc8250361acbc9606a88785e1abb04428c93bbb1a8a92b84a06
Red Hat Security Advisory 2014-1973-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1973-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Middleware components that have been tested and certified together to provide an integrated experience. RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. It was found that RichFaces accepted arbitrary strings included in a URL and returned them unencoded in a CSS file. A remote attacker could use this flaw to perform cross-site scripting attacks against a user running a RichFaces application.

tags | advisory, java, remote, arbitrary, xss
systems | linux, redhat
advisories | CVE-2014-7852
SHA-256 | 814cf5940970b4e11d38e5b84b869f649ada5cb0bfc376e7c0c1241393ca9288
Red Hat Security Advisory 2014-1972-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1972-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2013-5704, CVE-2014-3581
SHA-256 | b15033df8966e461bd230191dc61a940f431119df00b767cbba93b9ab386f18c
Red Hat Security Advisory 2014-1971-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1971-01 - A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2014-1739, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5045, CVE-2014-6410
SHA-256 | 259b2a7a6414f480013fd35c56afb4dd38c3314536fa54e70f0ac1b44239b896
Ubuntu Security Notice USN-2435-1
Posted Dec 9, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2435-1 - It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9157
SHA-256 | 5932c92cbfbc9eeade2de417beb3caef257a0e59dd0e0e9600dca6d53ee4b85d
Ubuntu Security Notice USN-2436-1
Posted Dec 9, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2436-1 - Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103
SHA-256 | 97deccba022aa2cc95bda1a026d6949fb81fdc208c22a7019aa4f37ecc4abd4a
HP Security Bulletin HPSBGN03208 1
Posted Dec 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03208 1 - A potential security vulnerability has been identified with HP Cloud Service Automation running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 27f37afb1036f5c5d4bb6b486468b8c08347f3df32c493091b0e0391eaab9061
HP Security Bulletin HPSBGN03222 1
Posted Dec 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03222 1 - A potential security vulnerability has been identified with HP Enterprise Maps running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | f18daf6c0c99a853a512a72f0ccc9a7ec88c30820920cee167b136d92412be40
Scarlet Daisy Web CMS Cross Site Scripting
Posted Dec 9, 2014
Authored by KnocKout

Scarlet Daisy Web CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, web, xss
SHA-256 | d6b8a12437d0210b5129116dbb62cac83a2528fa625ec889888d0ffb37d18192
B-Sides Vancouver 2015 Call For Papers
Posted Dec 9, 2014
Site bsidesvancouver.com

B-Sides Vancouver 2015 has announced its Call For Papers. It will be held March 16th and 17th, 2015 in Vancouver, British Columbia, Canada.

tags | paper, conference
SHA-256 | 73ea7bcc54693a3019aa63a693d45e9123e728addfa88e9bb6e520a29504f9d6
Humhub 0.10.0-rc.1 Cross Site Scripting / SQL Injection
Posted Dec 9, 2014
Authored by Jos Wetzels, Emiel Florijn

Humhub versions 0.10.0-rc.1 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a8b814b89548826f53744a839edb39b524a3238eaea84c586c85c33e616b62ac
Microsoft Security Bulletin Revision Increment For December, 2014
Posted Dec 9, 2014
Site microsoft.com

This bulletin summary lists two bulletins that have undergone a major revision increment for December, 2014.

tags | advisory
SHA-256 | 91b8c128a0cc65616bf6f64e683d9135b7d0759d7374b3a37d0b3d750ef8d121
BulletProof FTP Client 2010 Buffer Overflow
Posted Dec 9, 2014
Authored by Muhamad Fadzil Ramli, Gabor Seljan

BulletProof FTP Client 2010 SEH buffer overflow exploit that affects version 2010.75.0.76.

tags | exploit, overflow
advisories | CVE-2014-2973
SHA-256 | 768ac5c85705858de901eded228cb32ca920c358f2b0b48fd7cc80cc6fee9a4a
ClassAd 3.0 SQL Injection
Posted Dec 9, 2014
Authored by Renzi

ClassAd version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 08e3f466466b70f7c2ba6f79ba80db7b44175d81abd88c0594531502dedcd2c6
espn.go.com Cross Site Scripting / Open Redirect
Posted Dec 9, 2014
Authored by Jing Wang

espn.go.com suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5b0500a08b374806d0cceeb29f4910ac61b0bf1fa95d2f59f39a461e09d32362
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close