all things security
Showing 1 - 25 of 442 RSS Feed

Files Date: 2014-12-01 to 2014-12-31

Cforms 14.7 Remote Code Execution
Posted Dec 30, 2014
Authored by Zakhar Fedotkin

Cforms version 14.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 1ad09cf26c6262770ce28f512163c43a
iFunbox 2014 3.4.697.652 DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

iFunbox 2014 version 3.4.697.652 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 3b49a3f28c9fca23d1ebc34b50135512
MobiConnect 23.009.17.00.216 Privilege Escalation / DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

MobiConnect version 23.009.17.00.216 suffers from privilege escalation and DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 3ed0c26452ce3e89f0e9064db2aaf978
WordPress RevSlider Local File Disclosure
Posted Dec 30, 2014
Authored by FarbodEZRaeL

WordPress RevSlider suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | a320035939bf0a8a1ca05353ac91d5d3
Phoenix Service Software 2012.16.004.48159(Nokia) DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

Phoenix Service Software version 2012.16.004.48159(Nokia) suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 929f9bc2b07d58d9a97353c5e4d6eb0c
iExplorer 3.6.3.0 DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

iExplorer version 3.6.3.0 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 95154d524274f91adb4fe650d5861a21
ProjectSend Arbitrary File Upload
Posted Dec 29, 2014
Authored by Fady Mohammed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.

tags | exploit, remote, web, php, code execution, file upload
MD5 | 6132c16a9f34de6549cfc05d0921dcca
THC-IPv6 Attack Tool 2.7
Posted Dec 29, 2014
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: This is the 31C3 release. New tool fuzz_dhcpc6 has been added. Various new scripts, options, and test cases added.
tags | tool, protocol
systems | unix
MD5 | 2975dd54be35b68c140eb2a6b8ef5e59
Incom CMS SQL Injection
Posted Dec 29, 2014
Authored by Xodiak

Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.

tags | exploit, remote, sql injection, bypass
MD5 | da0d3865528e19c18292a57c90698af1
Debian Security Advisory 3113-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
MD5 | f7566e7e2f5fa878a32d60492911d388
Debian Security Advisory 3114-1
Posted Dec 29, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3114-1 - Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2014-7209
MD5 | 347f909f17039d5e606f845fa892e4d6
Gentoo Linux Security Advisory 201412-52
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-52 - Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service. Versions less than 1.12.2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
MD5 | 1914a1c212f53f897842dba64a6e8c3b
Gentoo Linux Security Advisory 201412-51
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-51 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service, bypass intended ACL restrictions or allow an authenticated user to gain escalated privileges. Versions less than 11.14.2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8412, CVE-2014-8414, CVE-2014-8417, CVE-2014-8418, CVE-2014-9374
MD5 | 5279a3e7a613e057e400c35c2db4e319
Gentoo Linux Security Advisory 201412-50
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-50 - Multiple vulnerabilities have been discovered in getmail, allowing remote attackers to obtain sensitive information. Versions less than 4.46.0 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2014-7273, CVE-2014-7274, CVE-2014-7275
MD5 | e7f1fb5cb39ee4273867ae48379f5258
Gentoo Linux Security Advisory 201412-49
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-49 - Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution. Versions less than 2.1.1 are affected.

tags | advisory, remote, arbitrary, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2905, CVE-2014-2906, CVE-2014-2914, CVE-2014-3219
MD5 | 92c57da546add97babf48abc5fe7e620
Gentoo Linux Security Advisory 201412-48
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-48 - A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.21 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8117
MD5 | 7b9921ce4e139f50f8eeb95b7bab0ce0
Gentoo Linux Security Advisory 201412-47
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-47 - Multiple vulnerabilities have been found in TORQUE Resource Manager, possibly resulting in escalation of privileges or remote code execution. Versions less than 4.1.7 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2011-2193, CVE-2011-2907, CVE-2011-4925, CVE-2013-4319, CVE-2013-4495, CVE-2014-0749
MD5 | 39df3d225504e8bbc10ec3bf68ff42b9
Gentoo Linux Security Advisory 201412-46
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-46 - Multiple buffer overflow flaws and a parser error in LittleCMS could cause Denial of Service. Versions less than 2.6-r1 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2013-4276, CVE-2014-0459
MD5 | 2c439eb7de218d958cf5c9677bdf76d4
Gentoo Linux Security Advisory 201412-45
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-45 - An untrusted search path vulnerability in Facter could lead to local privilege escalation. Versions less than 1.7.6 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-3248
MD5 | 0e7ba1fc7c9038223a4337c2634251d5
Gentoo Linux Security Advisory 201412-44
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-44 - A vulnerability in policycoreutils could lead to local privilege escalation. Versions prior to 2.2.5-r4 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-3215
MD5 | 0d8070d2e0011d91d2caec2cfd2ebbeb
Gentoo Linux Security Advisory 201412-43
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-43 - Multiple vulnerabilities have been found in MuPDF, possibly resulting in remote code execution or Denial of Service. Versions less than 1.3_p20140118 are affected.

tags | advisory, remote, denial of service, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2013
MD5 | 767678d864d75e5e125e644181498708
Gentoo Linux Security Advisory 201412-42
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-42 - Multiple vulnerabilities have been found in Xen, possibly resulting in Denial of Service. Versions less than 4.4.1-r2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188
MD5 | 2e733eb35dc290149a9f9ccc5bc46f5a
Gentoo Linux Security Advisory 201412-41
Posted Dec 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-41 - A vulnerability in OpenVPN could lead to Denial of Service. Versions less than 2.3.6 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-8104
MD5 | e029d3a206028a59108c25f350d4f66a
mrtparse MRT Parsing Tool 1.1
Posted Dec 29, 2014
Authored by Nobuhiro ITOU, Tetsumune KISO, Yoshiyuki YAMAUCHI | Site github.com

mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

Changes: Code improvements in mrtparse.py. Added support for IPv6 in exabgp_conf.py. Various other updates and fixes.
tags | tool, protocol, python
systems | unix
MD5 | 62c88e673d64ab74667f6bd9dc2513e2
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
MD5 | 7a355a677b733a2bafc0af3d544a89a6
Page 1 of 18
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close