what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-12-16

SAP Business Objects Search Token Privilege Escalation
Posted Dec 16, 2014
Authored by Will Vandevanter, Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.

tags | advisory, remote
advisories | CVE-2014-9320
SHA-256 | 572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6b
CIK Telecom SVG6000RW Default Account / Command Execution
Posted Dec 16, 2014
Authored by Chako

CIK Telecom VoIP router SVG6000RW suffers from default credential and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 3d60036023d39de042bb902b702af332a92465cb7c101f6e34a07aee126705c5
Red Hat Security Advisory 2014-2000-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-2000-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. This issue was discovered by Elliott Baron of Red Hat.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-8120
SHA-256 | aeca17094bb56abecbd3f12a0b0b346a3d837163e0c5bf0e8cd9cb1cd587566e
Konakart 7.3.0.1 Cross Site Scripting
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Konakart CMS version 7.3.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 44576257b6b465e0aeaec73a87765dd5657a1bf9c8d5dc1cb9a9f06fe0290513
RSform!Pro 1.3.0 Remote Shell Upload
Posted Dec 16, 2014
Authored by Ibrahim Raafat

RSform!Pro versions 1.3.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 72319f37657e3ffbf18c3ee7f8cd880285e32e0cce5cd6babe2185cf1068f2a2
RStickets! 1.0.0 Remote Shell Upload
Posted Dec 16, 2014
Authored by Ibrahim Raafat

RStickets! versions 1.0.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b53c228a0ee7cc0f11b1201eab5c487dad45beaaf327134c1d88aa7bcf5f863b
Ettercap 8.0 / 8.1 Code Execution / Denial Of Service
Posted Dec 16, 2014
Authored by Nick Sampanis

Ettercap versions 8.0 and 8.1 suffer from code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2014-6395, CVE-2014-6396, CVE-2014-9376, CVE-2014-9377, CVE-2014-9378, CVE-2014-9379, CVE-2014-9380, CVE-2014-9381
SHA-256 | c3b781745f88cbd862cea63d2dda4901f96f9929928278c03b1c679d2601df98
Elefant CMS 1.3.9 Cross Site Scripting
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Elefant CMS version 1.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 55f849818464fd08ac27f9a2972f675a42d4ade6169ba99a04fea74e8d12420b
Arris Touchstone TG862G/CT Cross Site Scripting
Posted Dec 16, 2014
Authored by Seth Art

Arris Touchstone TG862G/CT suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5438
SHA-256 | ead08de5941f9903987136a17f510532192f42e31b904847e66f4d06640a9611
Arris Touchstone TG862G/CT Cross Site Request Forgery
Posted Dec 16, 2014
Authored by Seth Art

Arris Touchstone TG862G/CT suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-5437
SHA-256 | 2a82373f66affb49b6bfa467e5952fd04a9cd14179793ba072610383123dc973
iWifi For Chat 1.1 Denial Of Service
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iWifi for Chat versions 1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 3cab99079172c9e06514750282830fd8acfb059162cad3a99c24f705cc4e0a7b
iUSB 1.2 Arbitrary Code Execution
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iUSB version 1.2 suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
SHA-256 | b6a1a01769bd3f9334306167f581916259ec39c95f87d805b9060d1ee01766fc
Red Hat Security Advisory 2014-1998-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1998-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-9322
SHA-256 | 885c454e2df45f10d3dd5faa7793cbefdc2fe5c65b5a3e5121114ffc38dd334b
Red Hat Security Advisory 2014-1999-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1999-01 - The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-". To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.

tags | advisory, arbitrary, shell, local
systems | linux, redhat
advisories | CVE-2004-2771, CVE-2014-7844
SHA-256 | 550a292aa61b5f7a074e345298a0cd0059f2754363fdcbd0de30b1f3ff6b3bc4
Red Hat Security Advisory 2014-1997-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1997-01 - A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322
SHA-256 | 9a42bc59092af16ac1038c9e5dce06d93b232fcce0c7a1ab4cb77a0af3e0b74c
Debian Security Advisory 3105-1
Posted Dec 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3105-1 - Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2004-2771, CVE-2014-7844
SHA-256 | 3276ccbb50391322547e01d57c1b7e9bacbeee3a02b4097917699734e69e42da
Debian Security Advisory 3104-1
Posted Dec 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3104-1 - It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.

tags | advisory, shell
systems | linux, bsd, debian
advisories | CVE-2014-7844
SHA-256 | 006d3763516e5cdc42e37f601fa0a12bc73a61ca2f541385a1185543a6bcf8e7
Mandriva Linux Security Advisory 2014-252
Posted Dec 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-252 - In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. This update adds support for the TLS Fallback Signaling Cipher Suite Value in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.

tags | advisory, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2014-1569
SHA-256 | 70a783dd698c32c35cc4ba737ea20e314d2dfed051a171704672b2b3fa1c0075
Fuzzylime 3.03b Cross Site Scripting
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Fuzzylime CMS version 3.03b suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b03b03673686ccd16ead75ab8e0b9100792f4b1475e6cfa1c7142d96b8b58c33
RelateIQ Mail Encoding Script Code Injection
Posted Dec 16, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

RelateIQ suffered from a mail encoding flaw that allowed for malicious script insertion.

tags | exploit
SHA-256 | 1965f8f41f4b94ba228c1c5a7e705aaf4253a0394a33dde894eb206d9528a793
WordPress A.F.D. Theme Echelon Arbitrary File Download
Posted Dec 16, 2014
Authored by Cleiton Pinheiro

WordPress A.F.D. Theme Echelon suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 0eaf643cace3cd4ee48bc42f9138192f2f3dbcf77a8c32224d60e11ac79ce0c4
D-Link DCS-2103 Brute Force / Cross Site Scripting
Posted Dec 16, 2014
Authored by MustLive

D-Link DCS-2103 suffers from cross site scripting and brute force vulnerabilities.

tags | exploit, cracker, vulnerability, xss
SHA-256 | 1b747820623f0f30adc18502d9d90b9a424d62981c4e8b89cb19fa11e3abed40
CA LISA Release Automation Security Notice
Posted Dec 16, 2014
Authored by Ken Williams | Site www3.ca.com

CA Release Automation (formerly CA LISA Release Automation) suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Versions 4.7.1 Build 413 and earlier are affected.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2014-8246, CVE-2014-8247, CVE-2014-8248
SHA-256 | 0653e6f753223236bc7e18d2e1538e854fd0951b8c497541ffb7dc11afb28484
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close