exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-03-02

Mandriva Linux Security Advisory 2015-050
Posted Mar 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-050 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9637, CVE-2015-1196, CVE-2015-1395
MD5 | f06ed1e7fefa5e74301b0b0c48207ef7
Seagate Business NAS Unauthenticated Remote Command Execution
Posted Mar 2, 2015
Authored by OJ Reeves | Site metasploit.com

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This Metasploit module has been tested on the STBN300 device.

tags | exploit, local, php
advisories | CVE-2014-8684, CVE-2014-8686, CVE-2014-8687
MD5 | d6d14184d0e621b49bae1f4a02d3abe9
HP Security Bulletin HPSBST03274 1
Posted Mar 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03274 1 - Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss
systems | linux, windows
advisories | CVE-2014-7896
MD5 | 4cbe3ad8774464e59f823682385d5790
D-Link DIR636L Remote Command Injection
Posted Mar 2, 2015
Authored by Stephan Rickauer, Tiago Caetano Henriques

D-Link DIR636L suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2015-1187
MD5 | db95b6473fd1fe90c9f6c52179355b9e
Slim PHP Framework 2.5.0 Weak Cryptography
Posted Mar 2, 2015
Authored by Scott Arciszewski

Slim PHP Framework versions 2.5.0 and below suffer weak cryptographic implementations.

tags | advisory, php
MD5 | 71f5a8d6b29a0d86cd23ea0685159974
RV4sec 2015 Call For Papers
Posted Mar 2, 2015
Site rvasec.com

The RV4sec 2015 Call For Papers has been announced. It will be held June 4th through June 5th, 2015, in Richmond, Virginia, USA.

tags | paper, conference
MD5 | 9325f538349c3237de639de018e0fb72
WordPress Calculated Fields Form 1.0.10 SQL Injection
Posted Mar 2, 2015
Authored by Ibrahim Raafat

WordPress Calculated Fields Form plugin versions 1.0.10 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c6871da86d2dd0ab47d40d718273e9f8
ECCMS 1.0 Cross Site Scripting / SQL Injection
Posted Mar 2, 2015
Authored by R3VAN_BASTARD

ECCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 9d024069f96c796868995967089e5c59
Mandriva Linux Security Advisory 2015-049
Posted Mar 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-049 - A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-9679
MD5 | 556278b3573f47eb9da0d414810112f4
Ubuntu Security Notice USN-2516-2
Posted Mar 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2516-2 - USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9419, CVE-2014-9420, CVE-2014-9428, CVE-2014-9529, CVE-2014-9584, CVE-2014-9585, CVE-2014-9683, CVE-2015-0239
MD5 | 6f9155ecdc733508e557ebe5adab371a
ATutor LCMS 2.2 Cross Site Request Forgery
Posted Mar 2, 2015
Authored by Edric Teo

ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-1583
MD5 | b7dcd204efcb7e53beccd029495c0551
BEdita CMS 3.5.0 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 2, 2015
Authored by Edric Teo

BEdita CMS version 3.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 506e0cec7f722a33dd7ae54033294b17
Linux CVE-2014-9322 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

tags | exploit, x86, kernel, local
systems | linux
advisories | CVE-2014-9322
MD5 | 41892d8c9ea011f2b0ebf36fcbb44cc6
Linux CVE-2014-4943 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2014-4943
MD5 | 73974e06417810bd1b77ad02b89add32
Linux CVE-2014-3631 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2014-3631
MD5 | dbc6af722de90a09a66b16637ebdc4a5
Fortimail 5.2.1 Cross Site Scripting
Posted Mar 2, 2015
Authored by William Costa

Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 3628f3362f10c0a28a02f3d6eb21166c
NetCat CMS 3.12 Remote File Inclusion
Posted Mar 2, 2015
Authored by Jing Wang

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 54706dd96cb4070960d08faf283dd9ae
Packet Storm New Exploits For February, 2015
Posted Mar 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 146 exploits added to Packet Storm in February, 2015.

tags | exploit
systems | linux
MD5 | 7f4efc02a8478f987315981ae643b094
Swiss File Knife 1.7.4 Buffer Overflow
Posted Mar 2, 2015
Authored by lucyoa | Site vulnerability-lab.com

Swiss File Knife version 1.7.4 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 29485031a3a783a5056f6f9e9b8683ef
WordPress WP All 3.2.3 Shell Upload
Posted Mar 2, 2015
Authored by Evex

WordPress WP All Import plugin versions 3.2.3 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 57069348b6655163a07f205d3e895c77
tmap 0.1
Posted Mar 2, 2015
Authored by TheKingOf9x

tmap is a fast multi-threaded port scanner that tunnels through TOR.

tags | tool, scanner
systems | unix
MD5 | f9eed822c34bae27f20a5f421eac89f1
WordPress Photocrati Theme 4.x.x SQL Injection
Posted Mar 2, 2015
Authored by ayastar

WordPress Photocrati theme version 4.x.x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6a7ffa419ab62c8d4a056eb1f017f02b
79 Bytes Add Mapping /etc/hosts
Posted Mar 2, 2015
Authored by Osanda Malith

79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.

tags | shellcode
MD5 | ffb92e150f52393601489605eb64f490
Piwik Signature Validation
Posted Mar 2, 2015
Authored by Taylor Hornby

Piwik fails to perform signature validation when running updates.

tags | advisory
MD5 | 700fc933cb155c933d7bb94297319646
Ubuntu Vivid Upstart Privilege Escalation
Posted Mar 2, 2015
Authored by halfdog

Ubuntu Vivid Upstart suffers from a logrotate privilege escalation vulnerability.

tags | exploit
systems | linux, ubuntu
MD5 | 554e49941bf10a5161fb9223087679f8
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close