exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-01-20

Debian Security Advisory 3133-1
Posted Jan 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3133-1 - Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-1031
SHA-256 | 4978681b5f1311a5a45f38e60a7fbec5f75d51085ce14c19b4051a5b5bd55ec0
Barracuda Load Balancer ADC Key Recovery / Password Reset
Posted Jan 20, 2015
Authored by Cristiano Maruti

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key issues, and various other problems.

tags | advisory
advisories | CVE-2014-8426, CVE-2014-8428
SHA-256 | 5c42032507e2bcde6818fa49b6b98725db14f0fa3e856bb46af8de90d060d086
Prestashop 1.6.0.9 Cross Site Scripting
Posted Jan 20, 2015
Authored by Sudhanshu Chauhan

Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1175
SHA-256 | 895d65c3f6ea1f1c1f7afa03abbc7aa0cb28bab5b47eff3d072c5bfa9ffae180
Hack In Paris / Nuit Du Hack 2015 Call For Papers
Posted Jan 20, 2015
Authored by Hack in Paris CFP

Since 2010, Sysdream organizes the "Hack In Paris" event in Paris, France. Aiming to bring together security professionals and enthusiasts, Hack In Paris will focus on the latest advances in IT security. Hack In Paris will be held at a totally new location in Paris from June 15th to 19th, 2015. The Nuit Du Hack will take place on June 20th at the same place.

tags | paper, conference
SHA-256 | 68239e3a8f826937f214515874c3e88c943d5b1229ff295d9a9b28c2c7774cec
OS X networkd Sandbox Escape
Posted Jan 20, 2015
Authored by Google Security Research

OS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.

tags | exploit, proof of concept
systems | apple, osx
SHA-256 | 26000ca21e50478d63a5ca817398f053658a3693b62adac8eb4a3b8c6669b930
Vorbis Tools Division-By-Zero / Integer Overflow
Posted Jan 20, 2015
Authored by Paris Zoumpouloglou

Vorbis Tools suffers from a division-by-zero bug and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | cb728a9c129d83a52648cfa3d767d20a9d0a57fd06b201dd2c27d486a7b8099b
EMC M&R (Watch4Net) XSS / Upload / Java / Traversal / Overflow
Posted Jan 20, 2015
Site emc.com

EMC M&R (Watch4Net) suffers from heap overflow, remote file upload, insecure cryptographic storage, cross site scripting, ntp-related, java-related, and path traversal vulnerabilities.

tags | advisory, java, remote, overflow, vulnerability, xss, file upload
advisories | CVE-2014-3618, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294
SHA-256 | 7adceeb57a3368887bb1d10e104821dd7f027effb3815bf97aaaae498b047491
ifchk 1.0.1
Posted Jan 20, 2015
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 3a46d086bc6d38af96da063d3b38b7f844b4115afb2246133f6ebfabfadecad8
Remote Desktop 0.9.4 Android CSRF / Command Injection
Posted Jan 20, 2015
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Remote Desktop version 0.9.4 Android suffers from local command injection and cross site request forgery vulnerabilities.

tags | exploit, remote, local, vulnerability, csrf
SHA-256 | 81c31b606da552a492c3156c3ce1015ada9039256b0cd83c13a8feb14c06663a
Webinars 2.2.26.0 Script Insertion
Posted Jan 20, 2015
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Webinars version 2.2.26.0 suffers from a client-side script insertion vulnerability.

tags | exploit
SHA-256 | 95540c3f1a53b361187b285ddccd27b26ed9baa6240a8ce04205aacfb2574a3c
Remote Web Desktop Full 5.9.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 20, 2015
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Remote Web Desktop Full version 5.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, csrf
SHA-256 | b223fe2da6af965eb62693f470a44f543390166fd7bb6f547b33a5c0b6cebd3c
Sites Powered By INVEM SQL Injection
Posted Jan 20, 2015
Authored by SeRaVo.BlackHat

Sites "Powered by INVEM" suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 2ecdb5b1b4c52f845930bec8a4e59a89a979083e492ab914fa6ecc4297f5ab9f
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114
Posted Jan 20, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release of tor-ramdisk was triggered by some integer overflow bugs in libevent, CVE-2014-6272, which may be exploitable. The author took the opportunity to bump tor from the older 0.2.4 branch to 0.2.5.10 in the latest stable branch. Also updated is busybox, openssl, and the kernel.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-6272
SHA-256 | 966b7652d7133037134b30ff4cc54bdb82b1a220daf1667ccfe0df7292d201fa
ManageEngine Multiple Products Authenticated File Upload
Posted Jan 20, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.

tags | exploit
systems | linux, windows
advisories | CVE-2014-5301
SHA-256 | cfe15941681878a96b266d26c1d7d9356a553c192cb7478e884d2b24e8196dcb
Ubuntu Security Notice USN-2460-1
Posted Jan 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2460-1 - Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
SHA-256 | 7c9e1ac240c3519c3587b84179a25fea5b2eb6a7034f2fbed342a1fb60bbf0bb
Debian Security Advisory 3132-1
Posted Jan 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3132-1 - Multiple security issues have been found in Icedove, Debian's version of errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
SHA-256 | 128b40b04a97f4be794c7c1a3c99effc13157869a11b21cf0ca36e25a668807f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close