what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2015-02-13

UNIT4 Prosoft HRMS Cross Site Scripting
Posted Feb 13, 2015
Authored by Jerold Hoong, Edric Teo

UNIT4 Prosoft HRMS version suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a4f3ec7feceab6a3f99934e46758de2c2efe2b7b713bcda776bb1b9bff55099b
Landsknecht Adminsystems CMS 4.0.1 CSRF / XSS / File Upload
Posted Feb 13, 2015
Authored by Steffen Roesemann

Landsknecht Adminsystems CMS version 4.0.1 (dev and beta versions) suffer from cross site request forgery, cross site scripting, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload, csrf
SHA-256 | 4c501213b8e037592e532e7fae3832f0793801bcd2630eba52f3f0dc202b7076
HP Security Bulletin HPSBGN03258 1
Posted Feb 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03258 1 - A potential security vulnerability has been identified with HP Insight Control server deployment Windows Pre-boot Execution Environment that could be exploited remotely resulting in arbitrary execution of code. This is the vulnerability known as Winshock. HP Insight Control server deployment uses the Windows Automated Installation Kit 2.0 to generate the Windows Pre-boot Execution Environment service operating system. WAIK 2.0 is vulnerable to CVE-2014-6321 (Microsoft Schannel Remote Code Execution vulnerability). This bulletin provides instructions to update the Windows Pre-boot Execution Environment with updates from Microsoft. Revision 1 of this advisory.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2014-6321
SHA-256 | fdb36a29c9f919ae18292d8cf51a2c7d25c56db903151def63ed21febd08e1c0
NetGear WNDR Authentication Bypass / Information Disclosure
Posted Feb 13, 2015
Authored by Peter Adkins

A number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query. Proof of concept included.

tags | exploit, remote, web, cgi, proof of concept, bypass, info disclosure
SHA-256 | 34b002a3f907250f8f492040b56ddae24228180c80888d6f1fb7b330a3c1d5ba
Google Email Denial Of Service
Posted Feb 13, 2015
Authored by Hector Marco

A bug in the stock Google email application version has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.

tags | exploit, denial of service
advisories | CVE-2015-1574
SHA-256 | ac7559e1e73b67d06c92b883f14f41cbf66238ec15aa4ca1bdae29c219ef9c78
Netatmo Weather Station Cleartext Password Leak
Posted Feb 13, 2015
Authored by jullrich

During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.

tags | advisory
advisories | CVE-2015-1600
SHA-256 | 26c45dc9330c4b9106868739be6a04123e25c4881dd15ee9236e856c7b66fbf4
Router Hunter 1.0
Posted Feb 13, 2015
Authored by Cleiton Pinheiro, Johnathan Davi

Router Hunter is a php script that scans for and exploits DNS change vulnerabilities in Shuttle Tech ADSL Modem-Router 915 WM and D-Link DSL-2740R routers and also exploits the credential disclosure vulnerability in LG DVR LE6016D devices.

tags | tool, scanner, php, vulnerability
systems | unix
SHA-256 | 9cf69c958fcf9b85f5aff152f7b92ca2f6c7e10bf683c01ea6febad6a68716b9
eTouch Samepage SQL Injection / File Read
Posted Feb 13, 2015
Authored by Brandon Perry

eTouch Samepage version suffers from remote SQL injection and arbitrary file read vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file inclusion
SHA-256 | 3d132193ed477d7d4ba1937eda3c2f767b2192990404bb7846361beb567d88c6
Cit-e-Net 6 Cross Site Scripting
Posted Feb 13, 2015
Authored by Jing Wang

Cit-e-Net version 6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8753
SHA-256 | 526bcf6a66b8b5bd0787352fd099676df823fb8295c9426bd68b5ec9306b352a
Realtek 11n Wireless LAN Utility Privilege Escalation
Posted Feb 13, 2015
Authored by Humberto Cabrera

An unquoted service path vulnerability in Realtek 11n wireless LAN utility allow for privilege escalation.

tags | exploit
SHA-256 | 8edd0b8e4145ca253b1c8218791fcccd4e50c65d89ec06e4fce246341f7908e6
vBulletin 5.1.3 Cross Site Scripting
Posted Feb 13, 2015
Authored by Jing Wang

vBulletin versions 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9469
SHA-256 | b4ccb13ef6eef032e7a9d2f031478fe37ff8d9ba120c3811c439050f150fdb47
Vanilla Forums 2.1.1 Cross Site Scripting
Posted Feb 13, 2015
Authored by W S

Vanilla Forums versions 2.0 through 2.1.1 suffer from a cross site scripting filter bypass.

tags | exploit, xss
SHA-256 | 886cab150352c4f15528711131df90f73ecf383744e97b0143a136ce58c2861c
WordPress Fusion 3.1 Arbitrary File Upload
Posted Feb 13, 2015
Authored by Evex

WordPress Fusion theme version 3.1 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | 7e949922af7e084f3e5004bd72e715be162526c75d9eeb904ce6040f218ca1c7
Ubuntu Security Notice USN-2488-2
Posted Feb 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2488-2 - USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS. Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6497, CVE-2014-9328
SHA-256 | 1ba3829916f38cc8b6f3e2bbeba9b556ef562873a7a035d0f40069446390f3fd
Page 1 of 1

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By