what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2014-12-29

ProjectSend Arbitrary File Upload
Posted Dec 29, 2014
Authored by Fady Mohammed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.

tags | exploit, remote, web, php, code execution, file upload
SHA-256 | 087e2e4d69111e46f2812dd4908b4b22a1de2bce44989d3e02e0a9a6e58cfba6
THC-IPv6 Attack Tool 2.7
Posted Dec 29, 2014
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: This is the 31C3 release. New tool fuzz_dhcpc6 has been added. Various new scripts, options, and test cases added.
tags | tool, protocol
systems | unix
SHA-256 | 440a3ae98b57100c397ec4f8634468dbbb0c3b48788c6b74af2a597a90544a96
Incom CMS SQL Injection
Posted Dec 29, 2014
Authored by Xodiak

Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.

tags | exploit, remote, sql injection, bypass
SHA-256 | 28e1d1b127d9bf0b66f5bb5a2d7f99ee61b5bf34b4c66d93200d8b96697b8157
Debian Security Advisory 3113-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | c07d19cf6b887fa58bdf1aabe929c435954c16a8c33b34fa65ffa5b22c076cda
Debian Security Advisory 3114-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3114-1 - Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2014-7209
SHA-256 | d0d564ef0b65527a21eee4ab3d08a36dc96badae881dd56d032b2a6b2a4adc01
Gentoo Linux Security Advisory 201412-52
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-52 - Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service. Versions less than 1.12.2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
SHA-256 | f17c19c16fb1c4ac4bc4cbe10a7fa67976348af84d1bb1b7a8aa25a6421db1db
Gentoo Linux Security Advisory 201412-51
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-51 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service, bypass intended ACL restrictions or allow an authenticated user to gain escalated privileges. Versions less than 11.14.2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8412, CVE-2014-8414, CVE-2014-8417, CVE-2014-8418, CVE-2014-9374
SHA-256 | 04044181d0958586da94e04aa40876aa0b3112da38bf0c87d7e7ea0eb5d041f0
Gentoo Linux Security Advisory 201412-50
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-50 - Multiple vulnerabilities have been discovered in getmail, allowing remote attackers to obtain sensitive information. Versions less than 4.46.0 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2014-7273, CVE-2014-7274, CVE-2014-7275
SHA-256 | 6a1e587d9ebd5fb431680886ea0dc60724e6a6c78885dfc8ffca72fb52f56d9f
Gentoo Linux Security Advisory 201412-49
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-49 - Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution. Versions less than 2.1.1 are affected.

tags | advisory, remote, arbitrary, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2905, CVE-2014-2906, CVE-2014-2914, CVE-2014-3219
SHA-256 | 123e46940ecf6f2469426c6935aec9bd1c6d5353bbbfc158faf0722597cbd198
Gentoo Linux Security Advisory 201412-48
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-48 - A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.21 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8117
SHA-256 | 1cdbea9495a1375e74f8b72f7ea0936bfdb317a6d2b74279856945a6b1734a56
Gentoo Linux Security Advisory 201412-47
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-47 - Multiple vulnerabilities have been found in TORQUE Resource Manager, possibly resulting in escalation of privileges or remote code execution. Versions less than 4.1.7 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2011-2193, CVE-2011-2907, CVE-2011-4925, CVE-2013-4319, CVE-2013-4495, CVE-2014-0749
SHA-256 | 51a42e443e73a67f0e0416d7e5cd284c78b89ddef4d31e82cd485c179c0087a4
Gentoo Linux Security Advisory 201412-46
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-46 - Multiple buffer overflow flaws and a parser error in LittleCMS could cause Denial of Service. Versions less than 2.6-r1 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2013-4276, CVE-2014-0459
SHA-256 | c9bb33764707bb704d3507f54af051747564581d3d72a23550da0ef47d9d4603
Gentoo Linux Security Advisory 201412-45
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-45 - An untrusted search path vulnerability in Facter could lead to local privilege escalation. Versions less than 1.7.6 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-3248
SHA-256 | 2408fdb470e5ca13e3158b05ea08bf735a14aefe460cfdf705aa3ba374e80432
Gentoo Linux Security Advisory 201412-44
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-44 - A vulnerability in policycoreutils could lead to local privilege escalation. Versions prior to 2.2.5-r4 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-3215
SHA-256 | 2b706a9b7343eb709884ad81f2c80a0c6680592d90a399a8cb2af12c127d2d2d
Gentoo Linux Security Advisory 201412-43
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-43 - Multiple vulnerabilities have been found in MuPDF, possibly resulting in remote code execution or Denial of Service. Versions less than 1.3_p20140118 are affected.

tags | advisory, remote, denial of service, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2013
SHA-256 | 9db4f8eb533c555a2ab6d7ee94ce631b7188dbc59c13ec335fec084c0af97f33
Gentoo Linux Security Advisory 201412-42
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-42 - Multiple vulnerabilities have been found in Xen, possibly resulting in Denial of Service. Versions less than 4.4.1-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188
SHA-256 | 2db7505f2e7bc5f6baa362b0b62538e08d79d4290e93c6e8354e4d02ac99eacf
Gentoo Linux Security Advisory 201412-41
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-41 - A vulnerability in OpenVPN could lead to Denial of Service. Versions less than 2.3.6 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8104
SHA-256 | 651aa9b76ab89413bece706940ddde61a52f8eba2671728362fc48fbf32b6ebc
mrtparse MRT Parsing Tool 1.1
Posted Dec 29, 2014
Authored by Nobuhiro ITOU, Tetsumune KISO, Yoshiyuki YAMAUCHI | Site github.com

mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

Changes: Code improvements in mrtparse.py. Added support for IPv6 in exabgp_conf.py. Various other updates and fixes.
tags | tool, protocol, python
systems | unix
SHA-256 | ee3b4b8da3eef55bbe75796ab60f02d974938ff08c8a93ed9195475126e1b5a1
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
SHA-256 | 0a9cac7ba17812d5abc36544dbde12e861f70ee5697f577efc23726fdff20564
Ex Libris Patron Directory Services 2.1 Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2014-7294
SHA-256 | 17a847f6cf2d103df094c681d21bff37daf5bd35df9356102400dd835ed770a6
Ex Libris Patron Directory Services 2.1 Cross Site Scripting
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7293
SHA-256 | a3b5ead6e76494619c7357d9c2e36a3ff71e90dec08243d6f7e34d5f87d1d734
CNN Cross Site Scripting / Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0d6722f00690a9f4f5bb9bcaf068b17df31ede688b0b375bd5e9204e1bce1236
WordPress Dmsguestbook Unauthenticated Data Injection
Posted Dec 29, 2014
Authored by Evex

WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.

tags | exploit, remote
SHA-256 | 196b447c8f48a497957f3386f73aabc903eced80e2d5a3266d6cfe4877d68af5
CMS Pylot Cross Site Request Forgery / Cross Site Scripting
Posted Dec 29, 2014
Authored by MustLive

CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 01f1a45be6f858d68cb4c7a7728eab0c21996ae492e868a252d83abe5edbf83a
WordPress Frontend Uploader 0.9.2 Cross Site Scripting
Posted Dec 29, 2014
Authored by SECUPENT

WordPress Frontend Uploader plugin version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0c3801fecfa0e2bbccbf1155f37c7cf89e78a103cb78344d76816b9cc4889844
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close