Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-02-04

Malwarebytes Anti-Malware / Anti-Exploit Update Remote Code Execution
Posted Feb 4, 2015
Authored by todb, Gabor Seljan, Yonathan Klijnsma | Site metasploit.com

This Metasploit module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation a man-in-the-middle attacker could execute arbitrary code by spoofing the update server data-cdn.mbamupdates.com and uploading an executable. This Metasploit module has been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.

tags | exploit, arbitrary, spoof
advisories | CVE-2014-4936
MD5 | 11ee17491f663b3704191ae7e3b0ccc5
EMC Documentum D2 Information Disclosure / Privilege Escalation
Posted Feb 4, 2015
Site emc.com

EMC Documentum D2 suffers from sensitive information disclosure and privilege escalation vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2015-0517, CVE-2015-0518
MD5 | 6e63d19e0c04836b6708b4597895ac92
Fork CMS 3.8.5 SQL Injection
Posted Feb 4, 2015
Authored by Sven Schleier

Fork CMS version 3.8.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1467
MD5 | d565ec07f448d71c95d88f93d531b46d
Red Hat Security Advisory 2015-0126-01
Posted Feb 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0126-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2014-3511, CVE-2014-3567, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2015-0235
MD5 | 38f0c030cacab19a70e7221bfe5ea8c6
Cisco Security Advisory 20150204-wbx
Posted Feb 4, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system. The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 46fe63a04a12675accd3f59f389631cf
Debian Security Advisory 3153-1
Posted Feb 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3153-1 - Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
MD5 | 45bf9343c9d7f66465544c24b0e16580
Ubuntu Security Notice USN-2469-2
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2469-2 - USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-0219, CVE-2015-0220, CVE-2015-0221, CVE-2015-0222
MD5 | 7d30568c7432ba821fe63d7008f52131
Ubuntu Security Notice USN-2494-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2494-1 - Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
MD5 | efc916bd2def482c0d2017000579c0c0
Red Hat Security Advisory 2015-0125-01
Posted Feb 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0125-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.6.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3490, CVE-2014-3558, CVE-2014-3577
MD5 | 634e10be3bd1528ecaaeac9de1ca2eb9
WordPress Pixabay Images PHP Code Upload
Posted Feb 4, 2015
Authored by h0ng10 | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images version 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

tags | exploit, php, vulnerability
MD5 | 9d5215e29109a12adab7c06ea8e47e74
WordPress Platform Theme Remote Code Execution
Posted Feb 4, 2015
Authored by Christian Mehlmauer, Marc-Alexandre Montpas | Site metasploit.com

The Wordpress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

tags | exploit, remote, php, code execution
MD5 | ab67f84d0a35c6fcf60dc191aecf8abe
Pragyan CMS 3.0 SQL Injection
Posted Feb 4, 2015
Authored by Steffen Roesemann

Pragyan CMS version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b527dc8b6bfe6d2e84e30a162ae3e742
Ubuntu Security Notice USN-2493-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2493-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-8559, CVE-2014-9420
MD5 | d63c1a1fee9a6929638722bf1f5e3323
Ubuntu Security Notice USN-2491-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2491-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-8133, CVE-2014-9322, CVE-2014-9420
MD5 | 4d751300ddef976a94a5d9a3838b217c
Ubuntu Security Notice USN-2490-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2490-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-9420
MD5 | a6aa0a129ab068aa1abc02e2db2ce0a6
Ubuntu Security Notice USN-2492-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2492-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-8559, CVE-2014-9420
MD5 | 89caf0566b508d19a1b90d970669d7b7
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close