what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-12-20

Apple Security Advisory 2014-12-18-1
Posted Dec 20, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-12-18-1 - Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.

tags | advisory
systems | apple
advisories | CVE-2014-9390
SHA-256 | f61fd9d0d48bd3edc62fd01719a27d1689aae89d9c6537e9356ca5a7b525aa5c
Ubuntu Security Notice USN-2448-2
Posted Dec 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2448-2 - USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | c47545b18e641e882b45a3c426edabfd912ad269d8872340a45d7660ebe5e154
Ubuntu Security Notice USN-2447-2
Posted Dec 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2447-2 - USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | 48836bea6415674b21cc9d2e67d419022278c5cdd948c6b798dbc7a87a1e15be
Varnish Cache CLI Interface Remote Code Execution
Posted Dec 20, 2014
Authored by Patrick Webster | Site metasploit.com

This Metasploit module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords. This Metasploit module will also attempt to read the /etc/shadow root password hash if a valid password is found. It is possible to execute code as root with a valid password, however this is not yet implemented in this module.

tags | exploit, root
advisories | CVE-1999-0502, CVE-2009-2936, OSVDB-67670
SHA-256 | fe293ec94b3dfa7e3027ffc1c7be75b60a403e4ba9e56d55b6442ac2180a0939
miniBB 3.1 Blind SQL Injection
Posted Dec 20, 2014
Authored by Kacper Szurek

miniBB version 3.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-9254
SHA-256 | e5da1d18bf539a350dd613c18592c5f2c52ece3839b3a480990d86cd2ceb3e87
Cacti Superlinks 1.4-2 Code Execution / LFI / SQL Injection
Posted Dec 20, 2014
Authored by Wireghoul

Cacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, sql injection, file inclusion
advisories | CVE-2014-4644
SHA-256 | 5a23314873f3c7b79647dafc858449285d365137abb907d03a2007a2c4bb40fd
NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
Posted Dec 20, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5212, CVE-2014-5213
SHA-256 | 42f12d914fa5417e9b3009fd6a0222ff5662fe88ac1c59cf41efc6d5318502e6
Mobilis MobiConnect 3G ZDServer 1.0.1.2 Privilege Escalation
Posted Dec 20, 2014
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Mobilis MobiConnect 3G ZDServer version 1.0.1.2 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 6c74b1f6e37725e0c1ac37c1c232da750e8669314683cec2a7bc5be5684e7c8d
Codiad 2.4.3 Cross Site Scripting / Local File Inclusion
Posted Dec 20, 2014
Authored by Taurus Omar

Codiad version 2.4.3 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2014-1137
SHA-256 | fe2507339eb5aeda7a897ee547f5f0796393c2acefcc81e722686bf71a1385ef
ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure
Posted Dec 20, 2014
Authored by Taurus Omar

ProjectSend version r561 Ultimate suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2014-1155
SHA-256 | f914ac1aa8fc5e724fe7cbdabea5e45d01a153211b858cd9a295349ee69dc04e
Piwigo 2.7.2 Cross Site Scripting / SQL Injection
Posted Dec 20, 2014
Authored by Taurus Omar

Piwigo version 2.7.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-1470
SHA-256 | 26ad1bdac26fbe5346039af7a88028c6e43d1ef8d7e34e737578c4186353d04c
GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection
Posted Dec 20, 2014
Authored by Taurus Omar

GQ File Manager version 0.2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-1137
SHA-256 | 886376e4da426f55cb91e358853374c9e2a50517b41435e2711a8976b7e01973
Ettercap 0.8.0 / 0.8.1 Denial Of Service
Posted Dec 20, 2014
Authored by Nick Sampanis

Ettercap versions 0.8.0 and 0.8.1 suffers from multiple denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2014-6395
SHA-256 | c2d3c37bbcf2c09b4172044c3ddf17cecc9c546ea8ab8c937287a9c6a36c57e6
PHP Shell Backdoors
Posted Dec 20, 2014
Authored by KnocKout

This is a brief write up noting javascript backdoors left in common PHP shells.

tags | paper, shell, php, javascript
SHA-256 | 5cfb1217e9087a15de79d56e9f05827f2a275f0a080cf8427518a3cba732ef2f
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close