Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-01-07

Microweber CMS 0.95 SQL Injection
Posted Jan 7, 2015
Authored by Pham Kien Cuong

Microweber CMS version 0.95 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-9464
MD5 | 74ad74eccadae04db47bd3bc394c0305
Zurmo CRM 2.8.5 Cross Site Scripting
Posted Jan 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Zurmo CRM version 2.8.5 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c05346f629187be9cc3eee190400c2be
Brother MFC-J4410DW Cross Site Scripting
Posted Jan 7, 2015
Authored by Dave Daly

The printer administration web application on Brother MFC-J4410DW model printers with firmware versions older than version L (released 18th December 2014) are susceptible to a reflected cross site scripting (XSS) vulnerability due to inadequately sanitised user input.

tags | exploit, web, xss
MD5 | 8a31b996454df6596e7d996d3256382b
BSidesLjubljana 2015 Call For Papers
Posted Jan 7, 2015
Site bsidesljubljana.si

The first Security B-Sides Ljubljana will be held March 12th in Ljubljana, Slovenia.

tags | paper, conference
MD5 | d24d3d639384e0b3e254a6f23c90a77b
Ubuntu Security Notice USN-2455-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2455-1 - It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the "expandaddr" configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a "--" separator before the address to properly handle those that begin with "-". Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell
systems | linux, bsd, ubuntu
advisories | CVE-2014-7844
MD5 | a01c6cddbe1fbf6bfc8a2cbc8e906e31
Ubuntu Security Notice USN-2454-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2454-1 - It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9449
MD5 | 76fde384e4ee3a6ceba76c9168a18fdc
Ubuntu Security Notice USN-2453-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2453-1 - Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2014-7209
MD5 | 877782b03f42281a0faa5db10eb49213
Ubuntu Security Notice USN-2452-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2452-1 - It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-1569
MD5 | 9f5791f16d0d7f0e6adce4f47d08617e
Red Hat Security Advisory 2015-0016-01
Posted Jan 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0016-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.

tags | advisory, arbitrary
systems | linux, redhat, osx
advisories | CVE-2014-6040, CVE-2014-7817
MD5 | 4e120cd1132b641b1cddbc67f7d2cb8f
Pandora 3.1 Auth Bypass / Arbitrary File Upload
Posted Jan 7, 2015
Authored by Juan Galiana Lara | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.

tags | exploit, arbitrary, bypass
advisories | CVE-2010-4279, OSVDB-69549
MD5 | d965ba027d48cc3721d5c79224e82e0f
HP Security Bulletin HPSBMU03118 3
Posted Jan 7, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03118 3 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 3 of this advisory.

tags | advisory, remote, vulnerability, xss
systems | linux, windows
advisories | CVE-2014-2643, CVE-2014-2644, CVE-2014-2645
MD5 | 9e0e5607076e1665465c50a65df816e6
Debian Security Advisory 3120-1
Posted Jan 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3120-1 - Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

tags | advisory, arbitrary, php, xss, sql injection, info disclosure
systems | linux, debian
advisories | CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388
MD5 | cbfa6c7a42bd034cb582613202a0e343
Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting
Posted Jan 7, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Microsoft Dynamics CRM 2013 SP1 suffers from self-inflicted cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2ef360483073ad5d6f0f5031e61031bd
Microsoft Network (MSN) Bypass / XSS / Abuse / Parameter Injection
Posted Jan 7, 2015
Authored by Nicholas Lemonias

Microsoft Network (MSN) suffered from filter bypass, cross site scripting, URI abuse, and parameter injection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | de47974940226e393ff15b533be113a0
AVM Fritz!box Auto Exploiter
Posted Jan 7, 2015
Authored by BaD-HaCKeR-MaN

This is a php script used to leverage an unauthenticated remote command execution flaw in AVM Fritz!box.

tags | exploit, remote, php
MD5 | f669c7b2a3ce06b40cbbf39d0a24fd42
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close