exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-01-22

OpenSSL Toolkit 1.0.2
Posted Jan 22, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Added support for OCB mode. SSLv2 support has been removed. Increased the minimal RSA keysize from 256 to 512 bits. Various other updates and fixes.
tags | tool, encryption, protocol, library
systems | unix
SHA-256 | 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9
Arris VAP2500 tools_command.php Command Execution
Posted Jan 22, 2015
Authored by HeadlessZeke | Site metasploit.com

Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.

tags | exploit, web, php
advisories | CVE-2014-8423, CVE-2014-8424
SHA-256 | a3a633df95163ac8abfd1b19d769fa3b73f2a1713b3feb2b4d0ff3be073861e7
EventSentry 3.1.0 Cross Site Scripting
Posted Jan 22, 2015
Authored by Sudhanshu Chauhan

EventSentry version 3.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1180
SHA-256 | da0f4374ef92f5ee3eea2636f7aa15246d345cf90fa0777320bc476ba11a4c44
Mango Automation SCADA/HMI 2.4.0 Cross Site Scripting
Posted Jan 22, 2015
Authored by Sudhanshu Chauhan

Mango Automation SCADA/HMI version 2.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1179
SHA-256 | 704e29f5301856f265965bf91b0847bbf30b4043a406207865521cb452b58b6d
X-CART e-Commerce 5.1.8 Cross Site Scripting
Posted Jan 22, 2015
Authored by Sudhanshu Chauhan

X-CART e-Commerce version 5.1.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1178
SHA-256 | 555b632a4f5d3cfbee4028e75235fa7360c2220cfa003692dc1d0d40899feee8
Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure
Posted Jan 22, 2015
Authored by Stefan Viehboeck | Site sec-consult.com

Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, info disclosure
advisories | CVE-2014-7289, CVE-2014-9224, CVE-2014-9225, CVE-2014-9226
SHA-256 | c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7
JasPer 1.900.1 Off-By-One / Heap Overflow
Posted Jan 22, 2015
Authored by Andrea Barisani, Open Source CERT, pyddeh

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.

tags | advisory, overflow
advisories | CVE-2014-8157, CVE-2014-8158
SHA-256 | 3c1005efe0f84a5d1c16b4cda12795276863a2d60100bb8a67371fa3e2b20f21
Exponent CMS 2.3.2 Cross Site Scripting
Posted Jan 22, 2015
Authored by Sudhanshu Chauhan

Exponent CMS version 2.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1177
SHA-256 | 48c6e80dad6478f82d642f57814f2a221955d4230c4eeb2b6b29cf0bd4259847
osTicket 1.9.4 Cross Site Scripting
Posted Jan 22, 2015
Authored by Sudhanshu Chauhan

osTicket version 1.9.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1176
SHA-256 | 8003e3196ed9e2fd6b263aace480f15a18ea6434721e52f87dd4a81d355e4753
Slackware Security Advisory - samba Updates
Posted Jan 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8143
SHA-256 | d460223d2ac3abb4361c3dadd8f8874b93c80a63a253ec7b5b6916c7c34bd4e6
Ubuntu Security Notice USN-2481-1
Posted Jan 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2481-1 - Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-8143
SHA-256 | 026bae5f16a8316f55f7d8076927a930f035e43ceda09a24057037a4b553ae5c
Ubuntu Security Notice USN-2480-1
Posted Jan 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2480-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0411, CVE-2015-0432
SHA-256 | 2d7b66cb2f0d53c0fed43dde1bc3c860050458dc5d305831c9dd351478ee8614
Wireshark Analyzer 1.12.3
Posted Jan 22, 2015
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 69950b9dcb1a630982b5f680554d73d27ee0dc856fc6aeef88c8d04eb5ac33ea
CAS Server 3.5.2 LDAP Authentication Bypass
Posted Jan 22, 2015
Authored by Jose Tozo

CAS Server version 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.

tags | exploit, remote, bypass
advisories | CVE-2015-1169
SHA-256 | acdd49563e5c313169658b0544468eb337857711cbf273a6c35da6f861cdb17c
Red Hat Security Advisory 2015-0067-01
Posted Jan 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0067-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
SHA-256 | 9bed3faf7e1e42e67e8121e6d47f976e763603a39292c4940797b9d5e8a48fc2
Red Hat Security Advisory 2015-0066-01
Posted Jan 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0066-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
SHA-256 | 77c9363f84cc9036c23105167adcebb2c9a5907fce6ae9726544fa0f09b031e8
Red Hat Security Advisory 2015-0069-01
Posted Jan 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0069-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0437
SHA-256 | 5ff8d2615b49aa68191f67efff8d0b990e75eb442be30e9d8571a4531c27797e
Google Drive Information Leak
Posted Jan 22, 2015
Authored by kevin mcsheehan

Google Drive suffers from a full name disclosure information leak vulnerability.

tags | advisory, info disclosure
SHA-256 | 1796e327e19e3a16fd8c5e4b451692d2b08ffefa625873becebca0eec57951a8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close