exploit the possibilities
Showing 1 - 25 of 30 RSS Feed

Files Date: 2015-01-13

Gecko CMS 2.2 / 2.3 CSRF / XSS / SQL Injection
Posted Jan 13, 2015
Authored by LiquidWorm | Site zeroscience.mk

Gecko CMS versions 2.2 and 2.3 suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 04b8cc16b0904dfc4627b659464edf56
Snom IP Phones XSS / CSRF / Traversal / Escalation / Command Execution
Posted Jan 13, 2015
Authored by Johannes Greil | Site sec-consult.com

Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 481f877719848ac83238c4cad9e7bb61
Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration
Posted Jan 13, 2015
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.

tags | exploit, sql injection
advisories | CVE-2014-2238
MD5 | 05a4f9eff2ce86e27bee88dc9042ce06
WoltLab Burning Board 4.0 Tapatalk Cross Site Scripting
Posted Jan 13, 2015
Site redteam-pentesting.de

WoltLab Burning Board version 4.0 Tapatalk plugin suffers from a cross site scripting vulnerability. Versions 1.0.0 and above but below 1.1.2 are affected.

tags | exploit, xss
advisories | CVE-2014-8869
MD5 | 628e33e11927337a1044c4a429bd6f68
Snom SIP Phone Denial Of Service
Posted Jan 13, 2015
Authored by kapejod

Snom SIP phones suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 1d7de04a9094ecc1c891931144ee19f6
Corel Software DLL Hijacking
Posted Jan 13, 2015
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2014-8393, CVE-2014-8394, CVE-2014-8395, CVE-2014-8396, CVE-2014-8397, CVE-2014-8398
MD5 | 74b9b0456e1bc2ec9edc9f1342760a4d
Fork CMS 3.8.3 Cross Site Scripting
Posted Jan 13, 2015
Authored by Phi Le Ngoc

Fork CMS version 3.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9470
MD5 | 19d2e22104f5f58a02f44377d2f69b3b
CMS PHPKit WCMS 1.6.6 Cross Site Scripting
Posted Jan 13, 2015
Authored by Steffen Roesemann

CMS PHPKit WCMS version 1.6.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 07514140f012ab4904f348e5447f20cf
CMS Croogo 2.2.0 Cross Site Scripting
Posted Jan 13, 2015
Authored by Steffen Roesemann

CMS Croogo version 2.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0279c21827e2026fdd0b8c847d2bd439
F5 BIG-IP Application Security Manager (ASM) XSS
Posted Jan 13, 2015
Authored by Peter Lapp

F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 17a2b91fe3d408dbe453d5a413e65873
HP Security Bulletin HPSBMU03230 1
Posted Jan 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03230 1 - A potential security vulnerability has been identified with HP Insight Control server deployment that could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-7881
MD5 | 164b0a9e4e017ea6c3a3486cc003c2cc
Ubuntu Security Notice USN-2468-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | cb096fee87ac7196fba24344b0e3268d
Ubuntu Security Notice USN-2467-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | 1364663330e1e0c8461c5d686536b2d5
Ubuntu Security Notice USN-2466-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | ad80de552ce7b27b72ac351c81a3f8f8
Ubuntu Security Notice USN-2462-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2462-1 - Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611
MD5 | a151a28cd980ed5527db1347857c5374
Ubuntu Security Notice USN-2465-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | 5896bc7df94f0b50ae45f0269444007f
Ubuntu Security Notice USN-2463-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2463-1 - A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7842, CVE-2014-8369
MD5 | 9f27883cc5de09997d7e4f35ada8941e
Ubuntu Security Notice USN-2464-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2464-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Various other issues were also addressed.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7842, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090, CVE-2014-9322
MD5 | e457a668e3126d7170b972bd85b03514
HP Security Bulletin HPSBOV03228 1
Posted Jan 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03228 1 - A potential security vulnerability has been identified with HP OpenVMS running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186
MD5 | 8c3fe2ec10e72150d0bb898a23963d2b
Ubuntu Security Notice USN-2461-3
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-3 - Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9130
MD5 | f300f8c01fe5811814c6707c52effcfa
Ubuntu Security Notice USN-2461-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-1 - Stanislaw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9130
MD5 | e098b38db62e7f66774ea4cbfc5aa604
Ubuntu Security Notice USN-2461-2
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-2 - Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2014-9130
MD5 | 98cee7a4829c3edaa3a39fe7e418f7d1
Lizard Squad Botnet Code
Posted Jan 13, 2015
Authored by chippy1337

This bot code was liberated from the Lizard Squad.

tags | tool, rootkit
systems | unix
MD5 | bbb37ab09e01b200cad9202c4d2bf9d8
WoltLab Burning Board 4.0 Tapatalk Open Redirect
Posted Jan 13, 2015
Site redteam-pentesting.de

WoltLab Burning Board version 4.0 Tapatalk plugin suffers from an open redirect vulnerability. Versions below 1.1.2 are affected.

tags | exploit
advisories | CVE-2014-8870
MD5 | 047c98222280d605d7f08b6593e89746
Heroku API Deep Dive Script Insertion
Posted Jan 13, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Heroku API Deep Dive suffers from a mail related script insertion vulnerability.

tags | exploit
MD5 | 39db0698252f58edf421b40cad1f9c9a
Page 1 of 2
Back12Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close