exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-01-20

Debian Security Advisory 3133-1
Posted Jan 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3133-1 - Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-1031
MD5 | 3f97d4044cd6e37cec1ca6d966194fe4
Barracuda Load Balancer ADC Key Recovery / Password Reset
Posted Jan 20, 2015
Authored by Cristiano Maruti

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key issues, and various other problems.

tags | advisory
advisories | CVE-2014-8426, CVE-2014-8428
MD5 | c8913ae4082ad291d6da4e7eded4df7b
Prestashop 1.6.0.9 Cross Site Scripting
Posted Jan 20, 2015
Authored by Sudhanshu Chauhan

Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1175
MD5 | 9620b29ff30be75a7de13821ee3377f9
Hack In Paris / Nuit Du Hack 2015 Call For Papers
Posted Jan 20, 2015
Authored by Hack in Paris CFP

Since 2010, Sysdream organizes the "Hack In Paris" event in Paris, France. Aiming to bring together security professionals and enthusiasts, Hack In Paris will focus on the latest advances in IT security. Hack In Paris will be held at a totally new location in Paris from June 15th to 19th, 2015. The Nuit Du Hack will take place on June 20th at the same place.

tags | paper, conference
MD5 | aa428c913df1c12b6a2e8c89469a3afd
OS X networkd Sandbox Escape
Posted Jan 20, 2015
Authored by Google Security Research

OS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.

tags | exploit, proof of concept
systems | apple, osx
MD5 | 4050c0d6e9c3910083759e7b718c3818
Vorbis Tools Division-By-Zero / Integer Overflow
Posted Jan 20, 2015
Authored by Paris Zoumpouloglou

Vorbis Tools suffers from a division-by-zero bug and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 7417518978d783d6161798f90560f65a
EMC M&R (Watch4Net) XSS / Upload / Java / Traversal / Overflow
Posted Jan 20, 2015
Site emc.com

EMC M&R (Watch4Net) suffers from heap overflow, remote file upload, insecure cryptographic storage, cross site scripting, ntp-related, java-related, and path traversal vulnerabilities.

tags | advisory, java, remote, overflow, vulnerability, xss, file upload
advisories | CVE-2014-3618, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294
MD5 | 1bb4795beb321e519020ba164d8124db
ifchk 1.0.1
Posted Jan 20, 2015
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 7e26567040b600fbd210b46e26780941
Remote Desktop 0.9.4 Android CSRF / Command Injection
Posted Jan 20, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Remote Desktop version 0.9.4 Android suffers from local command injection and cross site request forgery vulnerabilities.

tags | exploit, remote, local, vulnerability, csrf
MD5 | 1df201c85216e756909c248eee3bc2c7
Webinars 2.2.26.0 Script Insertion
Posted Jan 20, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Webinars version 2.2.26.0 suffers from a client-side script insertion vulnerability.

tags | exploit
MD5 | 31927a9be263d5448c93c87d155fbbf8
Remote Web Desktop Full 5.9.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 20, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Remote Web Desktop Full version 5.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, csrf
MD5 | 5424c212289698cd021b4c028ef0d7d9
Sites Powered By INVEM SQL Injection
Posted Jan 20, 2015
Authored by SeRaVo.BlackHat

Sites "Powered by INVEM" suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | ddc3f7c0af4f0ccd9121a45a52b05a4d
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114
Posted Jan 20, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release of tor-ramdisk was triggered by some integer overflow bugs in libevent, CVE-2014-6272, which may be exploitable. The author took the opportunity to bump tor from the older 0.2.4 branch to 0.2.5.10 in the latest stable branch. Also updated is busybox, openssl, and the kernel.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-6272
MD5 | 462128c2bb5edd85c76e2dd98e7c2fcc
ManageEngine Multiple Products Authenticated File Upload
Posted Jan 20, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.

tags | exploit
systems | linux, windows
advisories | CVE-2014-5301
MD5 | 272a3df924baba786c9fb30f40476d5b
Ubuntu Security Notice USN-2460-1
Posted Jan 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2460-1 - Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
MD5 | 1ab5af1abaa0fd3ccb27df4d4a7487d6
Debian Security Advisory 3132-1
Posted Jan 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3132-1 - Multiple security issues have been found in Icedove, Debian's version of errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
MD5 | 436865feddd58237901515cf5503fbfb
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close