Exploit the possiblities
Showing 1 - 25 of 33 RSS Feed

Files Date: 2015-01-14

WordPress Simple Security 1.1.5 Cross Site Scripting
Posted Jan 14, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9570
MD5 | a49a8c1c350f30360904c424eac7632f
AusCERT 2015 Call For Presentations
Posted Jan 14, 2015
Site conference.auscert.org.au

The AusCERT2015 Call For Presentations has been extended by one week. It will be held at the RACV Royal Pines Resort, Gold Coast, Australia June 1st through the 5th, 2015.

tags | paper, conference
MD5 | 2bca567afb1f26972a72c4495c80be2a
Microsoft MS14-080 Proof Of Concept
Posted Jan 14, 2015
Authored by Dieyu

Proof of concept code that demonstrates a bypass flaw in Microsoft's cross site scripting filter.

tags | exploit, xss, proof of concept
advisories | CVE-2014-6365
MD5 | 486ffac8d7364092d8124ea317e5622d
WiFi File Browser Pro 2.0.8 Code Execution
Posted Jan 14, 2015
Authored by Hadji Samir

WiFi File Browser Pro version 2.0.8 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 6254ad234c8080cb2cdd7415e618a57b
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection
Posted Jan 14, 2015
Authored by Luke Walker

Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP response from the device.

tags | exploit, web, local, file inclusion
MD5 | 07425604804ea2c1fba7012339c34893
TechSmith Camtasia 7 / 8 Cross Site Scripting
Posted Jan 14, 2015
Authored by Soroush Dalili

TechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 36803f7721accb233c739a4f49f8edc4
Kodi/XBMC 14 Cross Site Request Forgery
Posted Jan 14, 2015
Authored by Wolfgang Ettlinger | Site sec-consult.com

Kodi/XBMC versions 14 and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | 2b1422311d81ea0e325951bcd953ad3e
Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload
Posted Jan 14, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Foxit MobilePDF version 4.4.0 suffers from arbitrary file upload and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, file inclusion, file upload
MD5 | 062e83e48153e5935c96ac96c0a35105
Microsoft Security Bulletin Revision Increment For January, 2015
Posted Jan 14, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for January, 2015.

tags | advisory
MD5 | 40fa7a13b0253ec4e56847f522e22d52
Microsoft Security Bulletin Summary For January, 2015
Posted Jan 14, 2015
Site microsoft.com

This bulletin summary lists eight released Microsoft security bulletins for January, 2015.

tags | advisory
MD5 | 81d665ab8ca0d57873d274cb055b4e57
Blitz CMS SQL Injection
Posted Jan 14, 2015
Authored by P0!s0nC0d3 | Site vulnerability-lab.com

Blitz CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 59ef058c75ee918bcfc117467ada890d
KeySweeper Stealth Logger
Posted Jan 14, 2015
Authored by Samy | Site github.com

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

tags | tool, sniffer
MD5 | 48350e56fbf9f46ddc8a91e6cc9b6f96
Sitefinity Enterprise 7.2.53 Script Insertion
Posted Jan 14, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Sitefinity Enterprise version 7.2.53 suffers from a persistent script insertion vulnerability.

tags | exploit
MD5 | 41b5ecc682a13087e2d2868dfd4c846f
Ansible Tower 2.0.2 XSS / Privilege Escalation / Authentication Missing
Posted Jan 14, 2015
Authored by Manuel Hofer | Site sec-consult.com

Ansible Tower versions 2.0.2 and below suffer from cross site scripting, privilege escalation, and missing vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 8cc36e6fd8ea1d40d906dfd2e325d9a0
Congstar Internet-Manager SEH Buffer Overflow
Posted Jan 14, 2015
Authored by metacom

Congstar Prepaid Internet-Stick suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | e00239999f740bbbc24912fea2c46a5a
T-Mobile Internet Manager SEH Buffer Overflow
Posted Jan 14, 2015
Authored by metacom

T-Mobile Internet Manager web'n'walk Stick Fusion version 8.01.2015 suffers from a buffer overflow vulnerability.

tags | exploit, web, overflow
MD5 | 865985d6c49db7f72fce23001dfeef6b
Apache Qpid 0.30 Denial Of Service
Posted Jan 14, 2015
Authored by G. Geshev

Apache Qpid's qpidd up to and including version 0.30 suffers from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2015-0203
MD5 | dcdd68b444a9b9694095664ab2509dd3
CMS b2evolution 5.2.0 Cross Site Scripting
Posted Jan 14, 2015
Authored by Steffen Roesemann

CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e9ca470e37a3b32322274d32c35aab4e
Ubuntu Security Notice USN-2470-1
Posted Jan 14, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2470-1 - Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9390
MD5 | 311fb9299dd15944003fac116d5c73d8
Red Hat Security Advisory 2015-0046-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0046-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641
MD5 | 42c9fe51fb7798392f730019901cceed
Red Hat Security Advisory 2015-0047-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0047-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
MD5 | b76ed5ed1d81fb934ce1356ee668ee09
Red Hat Security Advisory 2015-0045-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0045-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5-year life cycle of Production Support for the 4.0 version will end on June 19, 2015. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux OpenStack Platform version 4.0 after June 19, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to upgrade to the latest version of Red Hat Enterprise Linux OpenStack Platform as soon as possible. As of the End of Life date, this is expected to be the 6.0 version, based on the upstream Juno release, and will be supported for 3 years. In addition, the 5.0 version will continue to be in the Production Support phase until its End of Life on June 29, 2017. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux OpenStack Platform version.

tags | advisory
systems | linux, redhat
MD5 | 507e2c87fb1ae756039af2866f6d8dbd
Red Hat Security Advisory 2015-0043-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0043-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688
MD5 | bb92ad83ed64d809bac38d508c6260d7
Red Hat Security Advisory 2015-0042-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0042-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, remote, denial of service, python
systems | linux, redhat
advisories | CVE-2013-2099
MD5 | 2541e8505ef947e95dbb0fc814ac0b4b
Red Hat Security Advisory 2015-0044-01
Posted Jan 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0044-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-7821
MD5 | b53fe17ed7b3ab0e31d9691c3a9db50c
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    33 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close