Exploit the possiblities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2014-12-29

ProjectSend Arbitrary File Upload
Posted Dec 29, 2014
Authored by Fady Mohammed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.

tags | exploit, remote, web, php, code execution, file upload
MD5 | 6132c16a9f34de6549cfc05d0921dcca
THC-IPv6 Attack Tool 2.7
Posted Dec 29, 2014
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: This is the 31C3 release. New tool fuzz_dhcpc6 has been added. Various new scripts, options, and test cases added.
tags | tool, protocol
systems | unix
MD5 | 2975dd54be35b68c140eb2a6b8ef5e59
Incom CMS SQL Injection
Posted Dec 29, 2014
Authored by Xodiak

Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.

tags | exploit, remote, sql injection, bypass
MD5 | da0d3865528e19c18292a57c90698af1
Debian Security Advisory 3113-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
MD5 | f7566e7e2f5fa878a32d60492911d388
Debian Security Advisory 3114-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3114-1 - Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2014-7209
MD5 | 347f909f17039d5e606f845fa892e4d6
Gentoo Linux Security Advisory 201412-52
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-52 - Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service. Versions less than 1.12.2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
MD5 | 1914a1c212f53f897842dba64a6e8c3b
Gentoo Linux Security Advisory 201412-51
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-51 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service, bypass intended ACL restrictions or allow an authenticated user to gain escalated privileges. Versions less than 11.14.2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8412, CVE-2014-8414, CVE-2014-8417, CVE-2014-8418, CVE-2014-9374
MD5 | 5279a3e7a613e057e400c35c2db4e319
Gentoo Linux Security Advisory 201412-50
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-50 - Multiple vulnerabilities have been discovered in getmail, allowing remote attackers to obtain sensitive information. Versions less than 4.46.0 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2014-7273, CVE-2014-7274, CVE-2014-7275
MD5 | e7f1fb5cb39ee4273867ae48379f5258
Gentoo Linux Security Advisory 201412-49
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-49 - Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution. Versions less than 2.1.1 are affected.

tags | advisory, remote, arbitrary, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2905, CVE-2014-2906, CVE-2014-2914, CVE-2014-3219
MD5 | 92c57da546add97babf48abc5fe7e620
Gentoo Linux Security Advisory 201412-48
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-48 - A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.21 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8117
MD5 | 7b9921ce4e139f50f8eeb95b7bab0ce0
Gentoo Linux Security Advisory 201412-47
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-47 - Multiple vulnerabilities have been found in TORQUE Resource Manager, possibly resulting in escalation of privileges or remote code execution. Versions less than 4.1.7 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2011-2193, CVE-2011-2907, CVE-2011-4925, CVE-2013-4319, CVE-2013-4495, CVE-2014-0749
MD5 | 39df3d225504e8bbc10ec3bf68ff42b9
Gentoo Linux Security Advisory 201412-46
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-46 - Multiple buffer overflow flaws and a parser error in LittleCMS could cause Denial of Service. Versions less than 2.6-r1 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2013-4276, CVE-2014-0459
MD5 | 2c439eb7de218d958cf5c9677bdf76d4
Gentoo Linux Security Advisory 201412-45
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-45 - An untrusted search path vulnerability in Facter could lead to local privilege escalation. Versions less than 1.7.6 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-3248
MD5 | 0e7ba1fc7c9038223a4337c2634251d5
Gentoo Linux Security Advisory 201412-44
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-44 - A vulnerability in policycoreutils could lead to local privilege escalation. Versions prior to 2.2.5-r4 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-3215
MD5 | 0d8070d2e0011d91d2caec2cfd2ebbeb
Gentoo Linux Security Advisory 201412-43
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-43 - Multiple vulnerabilities have been found in MuPDF, possibly resulting in remote code execution or Denial of Service. Versions less than 1.3_p20140118 are affected.

tags | advisory, remote, denial of service, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2013
MD5 | 767678d864d75e5e125e644181498708
Gentoo Linux Security Advisory 201412-42
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-42 - Multiple vulnerabilities have been found in Xen, possibly resulting in Denial of Service. Versions less than 4.4.1-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188
MD5 | 2e733eb35dc290149a9f9ccc5bc46f5a
Gentoo Linux Security Advisory 201412-41
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-41 - A vulnerability in OpenVPN could lead to Denial of Service. Versions less than 2.3.6 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8104
MD5 | e029d3a206028a59108c25f350d4f66a
mrtparse MRT Parsing Tool 1.1
Posted Dec 29, 2014
Authored by Nobuhiro ITOU, Tetsumune KISO, Yoshiyuki YAMAUCHI | Site github.com

mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

Changes: Code improvements in mrtparse.py. Added support for IPv6 in exabgp_conf.py. Various other updates and fixes.
tags | tool, protocol, python
systems | unix
MD5 | 62c88e673d64ab74667f6bd9dc2513e2
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
MD5 | 7a355a677b733a2bafc0af3d544a89a6
Ex Libris Patron Directory Services 2.1 Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2014-7294
MD5 | 152da38a0b04e65a395837219b7c3244
Ex Libris Patron Directory Services 2.1 Cross Site Scripting
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7293
MD5 | f9a5a13195c412f5c9638a21f9dcfe78
CNN Cross Site Scripting / Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 004fd090a979fa4a861cfcad03e0eec1
WordPress Dmsguestbook Unauthenticated Data Injection
Posted Dec 29, 2014
Authored by Evex

WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.

tags | exploit, remote
MD5 | d1188bab34809f0cf26aa2d2c090f508
CMS Pylot Cross Site Request Forgery / Cross Site Scripting
Posted Dec 29, 2014
Authored by MustLive

CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 1ede26a1d594e3662a10ebbb9bedcee1
WordPress Frontend Uploader 0.9.2 Cross Site Scripting
Posted Dec 29, 2014
Authored by SECUPENT

WordPress Frontend Uploader plugin version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ed96452bba0fbcea605664256c402e30
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close