what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-02-12

WordPress Photo Gallery 1.2.5 Unrestricted File Upload
Posted Feb 12, 2015
Authored by Kacper Szurek | Site metasploit.com

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php

tags | exploit, remote, arbitrary, php
advisories | CVE-2014-9312
SHA-256 | f02ad987ed7f1dad396989d5468e155f2bca868059ecd59d3ac73240b22cd297
Maarch LetterBox 2.8 Unrestricted File Upload
Posted Feb 12, 2015
Authored by Rob Carr | Site metasploit.com

This Metasploit module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the file_to_index.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

tags | exploit, web, php, file upload
advisories | CVE-2015-1587
SHA-256 | cd2b7f42e25ec82d510aeb7d6752ea48283d55ef832886d99f9df019f40f307e
WordPress Failed Randomness
Posted Feb 12, 2015
Authored by Scott Arciszewski

All versions of WordPress fail to implement a cryptographically secure pseudorandom number generator.

tags | advisory
advisories | CVE-2014-6412
SHA-256 | 170595a1bbe7e09d77645ac1e3ed66ad3b2cd04dd4cb157b616751c9edc794df
Open-Xchange Server 6 / OX AppSuite 7.6.1 Exposure
Posted Feb 12, 2015
Authored by Martin Heiland

Open-Xchange Server 6 / OX AppSuite suffers from an information exposure vulnerability in versions 7.6.1 and below.

tags | advisory
advisories | CVE-2014-9466
SHA-256 | 8229982ea2c858877843bfc93dec828d259e06e7d9ea4893899722e0857cf8f5
ShakaCon VII Call For Papers
Posted Feb 12, 2015
Site shakacon.org

The Shakacon 2015 Call For Papers has been announced. It will take place July 6th through the 7th, 2015, in Honolulu, Hawaii.

tags | paper, conference
SHA-256 | 3e1cc0d66c6521684612f80c381c39ff80e87cab0d911c92741baeb95ffb7955
Mandriva Linux Security Advisory 2015-044
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-044 - Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The updated packages have been patched to correct this issue.

tags | advisory, perl
systems | linux, mandriva
SHA-256 | e73da39c4f4f83b3f336e55cc33673138264f90452afaeb86dafd1ea189a8695
Debian Security Advisory 3161-1
Posted Feb 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3161-1 - Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.

tags | advisory, denial of service, local, root
systems | linux, debian
advisories | CVE-2015-0245
SHA-256 | 2aa70c387619edf5818fcdac52d8d84392b4ab17ce8511cb0c1f79f7b11e9cc6
Mandriva Linux Security Advisory 2015-047
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-047 - Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-9447
SHA-256 | 72bdd7da941cefc3fb4d3fcab073210f54c6225dc876df7b77489666a6946e4f
Mandriva Linux Security Advisory 2015-048
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-048 - Multiple vulnerabilities has been discovered and corrected in Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PostgreSQL incorrectly handled memory in the pgcrypto extension. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. Emil Lenngren discovered that PostgreSQL incorrectly handled extended protocol message reading. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly inject query messages. This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
SHA-256 | 634d97dbd89e3a11f0f04718cbf5534aac49ac2bfae32de2e27000b2b448d65e
Mandriva Linux Security Advisory 2015-046
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.

tags | advisory, denial of service
systems | linux, suse, mandriva
advisories | CVE-2014-9297, CVE-2014-9298
SHA-256 | 1738bc161859133a34d1c1b3f945bb293d62965b7ce6af9e1ab54e8936be9dd5
Mandriva Linux Security Advisory 2015-045
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-045 - The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-0247
SHA-256 | afbd08dd885b278be82cc4c96d75245e87201d6fbcf427b723ce8ce64f54f3c9
Exponent CMS 2.3.1 Cross Site Scripting
Posted Feb 12, 2015
Authored by Narendra Shinde, Mayuresh Dani

Exponent CMS version 2.3.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8690
SHA-256 | d7c212b63775bde5c49ae7979f6feda188aeede831184a2ef05a72bfb78c0ad3
WordPress Survey And Poll 1.1.7 Blind SQL Injection
Posted Feb 12, 2015
Authored by Securely

WordPress Survey and Poll plugin version 1.1.7 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bffe875e9602d8364594172c18a3c2b30db880051341861fc5e0ec7390f54b65
WordPress Video Gallery 2.7 SQL Injection
Posted Feb 12, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f1c1b63158e55fcb88ffb9e2a48a95cd38c6187d753ae7798f61c163dd8da92c
SEANux 1.0 Remote Command Execution
Posted Feb 12, 2015
Authored by Larry W. Cashdollar

SEANux version 1.0 remote command execution exploit that executes as www-data.

tags | exploit, remote
SHA-256 | c69564190cc4edb5f8372673b0b013f53a6e1591b4c20d0e40bb202e5c650f7c
WordPress Ninja Forms 2.8.8 Cross Site Scripting
Posted Feb 12, 2015
Authored by Sergio Navarro

WordPress Ninja Forms plugin version 2.8.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d9cdb4289101f87321d12ef9895293720a72dd17e96f746e1a95667c4dc179cb
Ubuntu Security Notice USN-2499-1
Posted Feb 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2499-1 - Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
SHA-256 | ece0ed1fa664c2cfc993dd729652d029bc60850f5ddde36ddea4ba499be6ec0d
Red Hat Security Advisory 2015-0158-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0158-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface .

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2012-6153, CVE-2014-0151, CVE-2014-0154, CVE-2014-3577
SHA-256 | d9bb9ff72c6bd97b60e38ccf8918a120f640422e9b3d209587866a2130fb7674
Debian Security Advisory 3160-1
Posted Feb 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3160-1 - Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2015-0255
SHA-256 | a8c6a3b27aaa3ff3ec4661dad807a413a2b37a89aa34950221b7a1e87856681f
Cisco Security Advisory 20150211-csacs
Posted Feb 12, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Secure Access Control System (ACS) prior to version 5.5 patch 7 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, sql injection
systems | cisco
SHA-256 | 0316ff4c6325490cd4330984306d52e82eba029c3763085c673dc708d5d17e38
Red Hat Security Advisory 2015-0215-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0215-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 57ab1fc8b9507ca56ece907b266ce7c9eb4bd0abbef003b66b314ffee42dde44
Red Hat Security Advisory 2015-0218-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0218-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | f9ad7ddcc0da56c409f88863816e066c6de7d686ea4c7eef207b9df7eb41214a
Red Hat Security Advisory 2015-0217-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0217-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 6e4bb84632dec0165b206c20f5fb253e5a62ac2ecc1df2e42f35cae661646453
Red Hat Security Advisory 2015-0216-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0216-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 6fdb35979e83d4bc7783909319fa6956e41ee874378bc2a23ef3be879dee9fb7
Red Hat Security Advisory 2015-0197-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0197-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat, windows
advisories | CVE-2014-3509, CVE-2014-3511
SHA-256 | c5f4f033803d9e22a30145022cb9ac7c8e6388b88c24dd2ce47e5a58c8bb1a76
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close