Exploit the possiblities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-12-16

SAP Business Objects Search Token Privilege Escalation
Posted Dec 16, 2014
Authored by Will Vandevanter, Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.

tags | advisory, remote
advisories | CVE-2014-9320
MD5 | 028f048843e0f74cef940aeac47c03ec
CIK Telecom SVG6000RW Default Account / Command Execution
Posted Dec 16, 2014
Authored by Chako

CIK Telecom VoIP router SVG6000RW suffers from default credential and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 7b900f0b27a966404b9a233f082a5544
Red Hat Security Advisory 2014-2000-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-2000-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. This issue was discovered by Elliott Baron of Red Hat.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-8120
MD5 | bd7ce2c04a51e52c24bc920f083c1685
Konakart 7.3.0.1 Cross Site Scripting
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Konakart CMS version 7.3.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4418841216cd1ec5f21eec7528a4239d
RSform!Pro 1.3.0 Remote Shell Upload
Posted Dec 16, 2014
Authored by Ibrahim Raafat

RSform!Pro versions 1.3.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 7a1e6cd3cc28719b7436477a636f30a2
RStickets! 1.0.0 Remote Shell Upload
Posted Dec 16, 2014
Authored by Ibrahim Raafat

RStickets! versions 1.0.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | d25ed060a6f7af75ce25a81d6c611e03
Ettercap 8.0 / 8.1 Code Execution / Denial Of Service
Posted Dec 16, 2014
Authored by Nick Sampanis

Ettercap versions 8.0 and 8.1 suffer from code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2014-6395, CVE-2014-6396, CVE-2014-9376, CVE-2014-9377, CVE-2014-9378, CVE-2014-9379, CVE-2014-9380, CVE-2014-9381
MD5 | 9966b872010268d29e8dfaee0c76e062
Elefant CMS 1.3.9 Cross Site Scripting
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Elefant CMS version 1.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5545b72be2ceeb7b42d5c15fc23edfdc
Arris Touchstone TG862G/CT Cross Site Scripting
Posted Dec 16, 2014
Authored by Seth Art

Arris Touchstone TG862G/CT suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5438
MD5 | 7d9e783e7a90a51aa3de8acc652b31f8
Arris Touchstone TG862G/CT Cross Site Request Forgery
Posted Dec 16, 2014
Authored by Seth Art

Arris Touchstone TG862G/CT suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-5437
MD5 | 1c722b3b02f4595cddafaa2f002a7544
iWifi For Chat 1.1 Denial Of Service
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

iWifi for Chat versions 1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 4277641121d533d5b14fca709e629867
iUSB 1.2 Arbitrary Code Execution
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

iUSB version 1.2 suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
MD5 | 27d5906901f84be4c4a2d9ee135735d0
Red Hat Security Advisory 2014-1998-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1998-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-9322
MD5 | 302ecd598bcdc946eaf4c9dc352e5f0e
Red Hat Security Advisory 2014-1999-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1999-01 - The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-". To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.

tags | advisory, arbitrary, shell, local
systems | linux, redhat
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | 543f206a3ea8d0ad612ed3f9f163a3f7
Red Hat Security Advisory 2014-1997-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1997-01 - A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322
MD5 | d531970912661035cea054c74fa99870
Debian Security Advisory 3105-1
Posted Dec 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3105-1 - Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | 511d13ad9646cf509bde569126185e74
Debian Security Advisory 3104-1
Posted Dec 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3104-1 - It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.

tags | advisory, shell
systems | linux, bsd, debian
advisories | CVE-2014-7844
MD5 | 9d911bcd97ae2855a676663bdbc79aeb
Mandriva Linux Security Advisory 2014-252
Posted Dec 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-252 - In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. This update adds support for the TLS Fallback Signaling Cipher Suite Value in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.

tags | advisory, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2014-1569
MD5 | e76d1a52dde45c0cc9cab3721fb3d822
Fuzzylime 3.03b Cross Site Scripting
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Fuzzylime CMS version 3.03b suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
MD5 | 013bd8c694d9c2fcb1d58dcf07ebd5d7
RelateIQ Mail Encoding Script Code Injection
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

RelateIQ suffered from a mail encoding flaw that allowed for malicious script insertion.

tags | exploit
MD5 | ac7c5a8b51a702b4256216cad7562852
WordPress A.F.D. Theme Echelon Arbitrary File Download
Posted Dec 16, 2014
Authored by Cleiton Pinheiro

WordPress A.F.D. Theme Echelon suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | bc62e4e06319d8f7f0c9125fb2bbd51c
D-Link DCS-2103 Brute Force / Cross Site Scripting
Posted Dec 16, 2014
Authored by MustLive

D-Link DCS-2103 suffers from cross site scripting and brute force vulnerabilities.

tags | exploit, cracker, vulnerability, xss
MD5 | b2c93b2882408097b694453995a45b57
CA LISA Release Automation Security Notice
Posted Dec 16, 2014
Authored by Ken Williams | Site www3.ca.com

CA Release Automation (formerly CA LISA Release Automation) suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Versions 4.7.1 Build 413 and earlier are affected.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2014-8246, CVE-2014-8247, CVE-2014-8248
MD5 | 7b3aba71523c7e90b667fde899b6b1ef
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close