exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2015-01-13

Gecko CMS 2.2 / 2.3 CSRF / XSS / SQL Injection
Posted Jan 13, 2015
Authored by LiquidWorm | Site zeroscience.mk

Gecko CMS versions 2.2 and 2.3 suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 641924170b5fe97cd5206e6af2553f0f88558b8ee8f4c7c4992e6781afd735d2
Snom IP Phones XSS / CSRF / Traversal / Escalation / Command Execution
Posted Jan 13, 2015
Authored by Johannes Greil | Site sec-consult.com

Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | d2c2d58cc183daa4264d0d86fbef93c03c64a2d566cceec9002e366fbba704dd
Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration
Posted Jan 13, 2015
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.

tags | exploit, sql injection
advisories | CVE-2014-2238
SHA-256 | b0515350e4ccd496fb0e7266e0caa11158145540d2f845735488187df6eb3bf1
WoltLab Burning Board 4.0 Tapatalk Cross Site Scripting
Posted Jan 13, 2015
Site redteam-pentesting.de

WoltLab Burning Board version 4.0 Tapatalk plugin suffers from a cross site scripting vulnerability. Versions 1.0.0 and above but below 1.1.2 are affected.

tags | exploit, xss
advisories | CVE-2014-8869
SHA-256 | 5d11f55fff359670f82ee7eec867318f3c3de3d121e95796ea80115d45a95335
Snom SIP Phone Denial Of Service
Posted Jan 13, 2015
Authored by kapejod

Snom SIP phones suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | a9dfc90dfa8c8f12d789e27b1c02092ea4dd4c2c8d05e6763b86969b623aaa28
Corel Software DLL Hijacking
Posted Jan 13, 2015
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2014-8393, CVE-2014-8394, CVE-2014-8395, CVE-2014-8396, CVE-2014-8397, CVE-2014-8398
SHA-256 | 3ed69590b68e44bc5711dfe4b54294c20f7bfaa50ab879dbe8a42222c370cc12
Fork CMS 3.8.3 Cross Site Scripting
Posted Jan 13, 2015
Authored by Phi Le Ngoc

Fork CMS version 3.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9470
SHA-256 | 46817a9716513fbf904cc210f681e8ee0de86e3cba3780ae82bde54b0f343ef9
CMS PHPKit WCMS 1.6.6 Cross Site Scripting
Posted Jan 13, 2015
Authored by Steffen Roesemann

CMS PHPKit WCMS version 1.6.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bc631a532ede7f396bf10e2908c4f90fd2b39943a411c0476b46853b7947dd90
CMS Croogo 2.2.0 Cross Site Scripting
Posted Jan 13, 2015
Authored by Steffen Roesemann

CMS Croogo version 2.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 72dc727c24b207af6f9830f6a67f552c49b56c411677bd6a256ced26cc2fda78
F5 BIG-IP Application Security Manager (ASM) XSS
Posted Jan 13, 2015
Authored by Peter Lapp

F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 16576032ddeda7555602b8798ffb21e9ce47e0cba867050f523c045d39124b0d
HP Security Bulletin HPSBMU03230 1
Posted Jan 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03230 1 - A potential security vulnerability has been identified with HP Insight Control server deployment that could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-7881
SHA-256 | 2cf200a92faa51490db9c4c86755eb7cfda0237026046639b790c80cfbbfa5d3
Ubuntu Security Notice USN-2468-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | b87ad3513b1b14897c08a8fa67c7f83ae209118a25480a7387424398b46ff1eb
Ubuntu Security Notice USN-2467-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | 6db7378aa52f1ea3d0d471f8fffba697ae4faed7d96f6528cf50a5bb6e55846e
Ubuntu Security Notice USN-2466-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | 72ab799039264b012fe56154c3779f8c3a2e0239f77320cbea5170fef033aff4
Ubuntu Security Notice USN-2462-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2462-1 - Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611
SHA-256 | 0f5da1d8a858a44a37ab039d7f2dbbccb1c46685351becb6ec3a4369a865c5f3
Ubuntu Security Notice USN-2465-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | 07d103f30d4ad42e9fbba5870ef5da6e4ed83ec02f5cd414821e6b547da1c15b
Ubuntu Security Notice USN-2463-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2463-1 - A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7842, CVE-2014-8369
SHA-256 | da3c2be0fdb5fdfe7f461298d822b706d3f2c2d489afa8457ad3302c94e57ace
Ubuntu Security Notice USN-2464-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2464-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Various other issues were also addressed.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7842, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090, CVE-2014-9322
SHA-256 | f75d7cc0dcd4758392f8801245cba456c9322b7d08a6a0f867821d681a4df56c
HP Security Bulletin HPSBOV03228 1
Posted Jan 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03228 1 - A potential security vulnerability has been identified with HP OpenVMS running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186
SHA-256 | 54602e8de35c6c47fc8c1b533278a3d28121a1b297a194088df4d09262b8ccc0
Ubuntu Security Notice USN-2461-3
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-3 - Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9130
SHA-256 | 94388bafb691cbdc91477eab2a842c6ff957d642eb82cd9053ce4d95dff49efc
Ubuntu Security Notice USN-2461-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-1 - Stanislaw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9130
SHA-256 | 1912ea1c0b403d856ee57fee50e164735f11c6866145ffe051d0d6582aa36d54
Ubuntu Security Notice USN-2461-2
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-2 - Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2014-9130
SHA-256 | 191712b310456bed505292d7ad3776e02d33b05d362fa3e709ea54c23a287610
Lizard Squad Botnet Code
Posted Jan 13, 2015
Authored by chippy1337

This bot code was liberated from the Lizard Squad.

tags | tool, rootkit
systems | unix
SHA-256 | 1af299a269ffdb4461e181ca774fc307a592288ad4b3f6b93226c955eb9b8084
WoltLab Burning Board 4.0 Tapatalk Open Redirect
Posted Jan 13, 2015
Site redteam-pentesting.de

WoltLab Burning Board version 4.0 Tapatalk plugin suffers from an open redirect vulnerability. Versions below 1.1.2 are affected.

tags | exploit
advisories | CVE-2014-8870
SHA-256 | 78fe732207c7a2a7abef9973cb5872d91bd7f59448276755a433bc56b43c81ca
Heroku API Deep Dive Script Insertion
Posted Jan 13, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Heroku API Deep Dive suffers from a mail related script insertion vulnerability.

tags | exploit
SHA-256 | 48ce32c2570d9291a426f6f4cf128d5da25797234ae385b612fd9ea3398f7d25
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close