Exploit the possiblities
Showing 1 - 25 of 39 RSS Feed

Files Date: 2014-12-15

Intrexx Professional 6.0 / 5.2 Cross Site Scripting
Posted Dec 15, 2014
Authored by Christian Schneider | Site christian-schneider.net

Intrexx Professional suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-2026
MD5 | 1db749a16ddcc1b7f8248e68113f3565
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass
Posted Dec 15, 2014
Authored by LiquidWorm | Site zeroscience.mk

Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack. Versions 1.3 and 1.4 are affected.

tags | exploit, web, sql injection, bypass
MD5 | 4f2719bfa688479adc321a159617f379
ActualAnalyzer 'ant' Cookie Command Execution
Posted Dec 15, 2014
Authored by Benjamin Harris | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The 'aa.php' file allows unauthenticated users to execute arbitrary commands in the 'ant' cookie.

tags | exploit, arbitrary, php
MD5 | 3c92744bfb5c441286f93fcde50d36e3
Red Hat Security Advisory 2014-1995-01
Posted Dec 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 3b956fbdd4da583032e1319e6e7d5715
Intrexx Professional 6.0 / 5.2 Remote Code Execution
Posted Dec 15, 2014
Authored by Christian Schneider | Site christian-schneider.net

Intrexx Professional suffers from a remote code execution vulnerability via unrestricted file upload.

tags | advisory, remote, code execution, file upload
advisories | CVE-2014-2025
MD5 | 52f5c3547f1832e64ae3ee59ccc87747
WordPress O2Tweet 0.0.4 CSRF / XSS
Posted Dec 15, 2014
Authored by Manideep K

WordPress O2Tweet plugin version 0.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9338
MD5 | b85b67fbaef5f3a43dfac1b8fecac7f1
Gentoo Linux Security Advisory 201412-17
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405
MD5 | e3e02ec557b4a422e26e198d1ff0d92a
Gentoo Linux Security Advisory 201412-16
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-16 - A vulnerability in CouchDB could result in Denial of Service. Versions less than 1.5.1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-2668
MD5 | 71335e0c700624d4446d1ff49797c477
Gentoo Linux Security Advisory 201412-15
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-15 - Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. Versions less than 2.5.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3248, CVE-2014-3251
MD5 | 7bfc56d56ce6f50e2b092a70a9fd5ded
Gentoo Linux Security Advisory 201412-14
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-14 - Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 3.2.5c are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4227, CVE-2009-4228
MD5 | 31890e1bae5acfba40071e5805215aae
Mandriva Linux Security Advisory 2014-253
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-253 - It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-8583
MD5 | 49cd40c9d7560b8b5cbc5ac96ab7f4db
Gentoo Linux Security Advisory 201412-13
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Versions less than 39.0.2171.65 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3195, CVE-2014-3197, CVE-2014-3198, CVE-2014-3199, CVE-2014-3200, CVE-2014-7899, CVE-2014-7900, CVE-2014-7901, CVE-2014-7902, CVE-2014-7903, CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
MD5 | 21e406ca857601d924f3a635f486698f
Gentoo Linux Security Advisory 201412-30
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-30 - Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.5 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0345, CVE-2013-4484
MD5 | 7ea2dc1c5075e42890d07b0e6db200cd
Mandriva Linux Security Advisory 2014-242
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2014-9130
MD5 | a6827f64e5910be462be455ebdd112ef
Mandriva Linux Security Advisory 2014-239
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-239 - In libFLAC before 1.3.1, a stack overflow. and a heap overflow. which may result in arbitrary code execution, can be triggered by passing a maliciously crafted.flac file to the libFLAC decoder.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | d3a6350c2865c71895371cd96eb53cfc
Mandriva Linux Security Advisory 2014-243
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-243 - Multiple vulnerabilities has been discovered and corrected in libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service via a long password. Cross-site scripting vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, remote, web, denial of service, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2014-9218, CVE-2014-9219
MD5 | fc06bc7411d4c970b234cf28c188f111
Mandriva Linux Security Advisory 2014-244
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-244 - Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long fileserver ACL entry. Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption for Kerberos keys, which makes it easier for remote attackers to obtain the service key. The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Buffer overflow in the GetStatistics64 remote procedure call in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service via a crafted statsVersion argument. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1794, CVE-2013-1795, CVE-2013-4134, CVE-2013-4135, CVE-2014-0159
MD5 | 386cda5d2a302b946f57630d73e88d9f
Mandriva Linux Security Advisory 2014-245
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-245 - A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition. The mutt package has been updated to version 1.5.23 and patched to fix this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-9116
MD5 | 696938d4f7289d0adef8375edcca019e
Mandriva Linux Security Advisory 2014-251
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-251 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-6435, CVE-2014-8118
MD5 | badf5cc001f0e09fd26cc3b745bd3373
Mandriva Linux Security Advisory 2014-250
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-250 - Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2014-9112
MD5 | 317b0f5da8784602f5a187b438d01f98
Mandriva Linux Security Advisory 2014-249
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-249 - During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.

tags | advisory, arbitrary, code execution
systems | linux, redhat, mandriva
advisories | CVE-2014-7840, CVE-2014-8106
MD5 | 206a806188abec95ae95b13db45b1434
Mandriva Linux Security Advisory 2014-248
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-248 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-9157
MD5 | 85b6ebaa7f3b7605224ff90be28245e1
Mandriva Linux Security Advisory 2014-247
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-247 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9029
MD5 | a8e41c1effbdf4b4edf841eade18adff
Gentoo Linux Security Advisory 201412-12
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-12 - Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.10 are affected.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3477, CVE-2014-3532, CVE-2014-3533, CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824
MD5 | 9328af5b4b578b56650f5e578a30737f
Mandriva Linux Security Advisory 2014-246
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-246 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service. The openvpn packages has been updated to the 2.3.2 version and patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8104
MD5 | ae59644ca0d4c11cefa889a9729f2103
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close