exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2015-01-06

Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure
Posted Jan 6, 2015
Authored by Eduardo Novella

ADB BroadBand Pirelli ADSL2/2+ wireless router version P.DGA4001N suffers from multiple unauthenticated remote information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
advisories | CVE-2015-0554
MD5 | d762c843c734459eabf59293eac40c1f
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure
Posted Jan 6, 2015
Authored by Brandon Perry | Site metasploit.com

This Metasploit module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user created during installation. This password is encrypted with a static key, and is encrypted using a weak cipher at that (ECB).

tags | exploit, xxe
MD5 | 6c549aa9ed67c22c17d4a1c813965c6d
Kajona CMS 4.6 Cross Site Scripting
Posted Jan 6, 2015
Authored by Steffen Roesemann

Kajona CMS version 4.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f82ab7525beddca86469f8a3d1a964b7
Sefrengo CMS 1.6.0 Cross Site Scripting
Posted Jan 6, 2015
Authored by Steffen Roesemann

Sefrengo CMS version 1.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 93e3f0b74ab40f7f8582e06874dc53de
Sefrengo CMS 1.6.0 SQL Injection
Posted Jan 6, 2015
Authored by Steffen Roesemann

Sefrengo CMS version 1.6.0 suffers from a remote SQL injection in the administrative backend.

tags | exploit, remote, sql injection
MD5 | ad6271db3769b7241053d54093688c02
BulletProof FTP Client BPS Buffer Overflow
Posted Jan 6, 2015
Authored by Gabor Seljan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in BulletProof FTP Client 2010, caused by an overly long hostname. By persuading the victim to open a specially-crafted .BPS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.

tags | exploit, remote, overflow, arbitrary
systems | windows, xp
advisories | CVE-2014-2973
MD5 | 6f00f2af940afc19976a4e84fa4d807c
EMC Documentum Web Development Kit XSS / CSRF / Redirection / Injection
Posted Jan 6, 2015
Site emc.com

Documentum Web Development Kit (WDK) and WDK-based clients contain cross site scripting, cross site request forgery, URL redirection, insufficient randomness, and frame injection vulnerabilities.

tags | advisory, web, vulnerability, xss, csrf
advisories | CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639
MD5 | 0b55aa41f2e71a38866005a8466ac43d
Mandriva Linux Security Advisory 2015-005
Posted Jan 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-005 - A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3580, CVE-2014-8108
MD5 | 89de1a036bdaa309a0c5834b355cb08c
Debian Security Advisory 3119-1
Posted Jan 6, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3119-1 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2014-6272
MD5 | ad3cf003c4598b5bbc88350aaeda397b
Ubuntu Security Notice USN-2451-1
Posted Jan 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2451-1 - Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-1425
MD5 | c8a2a67e6d6a540e76a93a9e788b3240
Handling The Problems In Biometrics
Posted Jan 6, 2015
Authored by Varun Mamillapalli

This paper describes some of the common problems faced in biometrics and possible solutions to these problems.

tags | paper
MD5 | db5a465bbff864e8686fbede63aa217d
Pirelli Router P.DG-A4001N WPA Key Reverse Engineering
Posted Jan 6, 2015
Authored by Eduardo Novella

This is proof of concept code that demonstrates reverse-engineering of the default WPA key generation algorithm used in ADB broadband Pirelli routers in Argentina. Model P.DG-A4001N is affected.

tags | exploit, proof of concept
advisories | CVE-2015-0558
MD5 | f193b77e4dc82be4eae4ecfdf55342f3
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close