what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-03-02

Mandriva Linux Security Advisory 2015-050
Posted Mar 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-050 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9637, CVE-2015-1196, CVE-2015-1395
SHA-256 | dd7de176b34a952d25575c635b880b8c9dc41848d647c7ceb42a7c5c8cf1b677
Seagate Business NAS Unauthenticated Remote Command Execution
Posted Mar 2, 2015
Authored by OJ Reeves | Site metasploit.com

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This Metasploit module has been tested on the STBN300 device.

tags | exploit, local, php
advisories | CVE-2014-8684, CVE-2014-8686, CVE-2014-8687
SHA-256 | 0487fb38d28fb3a16f1e6da5666a62aa264281d650c6fa4c8f45c8249d44e294
HP Security Bulletin HPSBST03274 1
Posted Mar 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03274 1 - Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss
systems | linux, windows
advisories | CVE-2014-7896
SHA-256 | 313530fb85dcd9b7a5909c43c1a9174d841e98c3f656b77b47c738ae47f3844e
D-Link DIR636L Remote Command Injection
Posted Mar 2, 2015
Authored by Stephan Rickauer, Tiago Caetano Henriques

D-Link DIR636L suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2015-1187
SHA-256 | df7948a9c798ebc1230638924d141d539e501afcc6de8a28a912424e4ab221c5
Slim PHP Framework 2.5.0 Weak Cryptography
Posted Mar 2, 2015
Authored by Scott Arciszewski

Slim PHP Framework versions 2.5.0 and below suffer weak cryptographic implementations.

tags | advisory, php
SHA-256 | 7304a663661117ba1736dac58d918a2592aaf4e52793385fbe106cd9354f2843
RV4sec 2015 Call For Papers
Posted Mar 2, 2015
Site rvasec.com

The RV4sec 2015 Call For Papers has been announced. It will be held June 4th through June 5th, 2015, in Richmond, Virginia, USA.

tags | paper, conference
SHA-256 | 5ac341361c8658ff0a4f5d4ecf5fa9a5eb345e264afdb9642fcf2bb5d7cee691
WordPress Calculated Fields Form 1.0.10 SQL Injection
Posted Mar 2, 2015
Authored by Ibrahim Raafat

WordPress Calculated Fields Form plugin versions 1.0.10 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7e5962ac72858caaf2fb0139e1f2f9b4b15c8955c0374349c4d59471e823a696
ECCMS 1.0 Cross Site Scripting / SQL Injection
Posted Mar 2, 2015
Authored by R3VAN_BASTARD

ECCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 9eeb234bbd8787625b39c3f09b64e83fd61a9ce1aa037d29a827c35e31e2de3b
Mandriva Linux Security Advisory 2015-049
Posted Mar 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-049 - A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-9679
SHA-256 | 4e612da94a75e94c7020c6ebba6df495936f1935a1e11297c6fb9e1c656627dc
Ubuntu Security Notice USN-2516-2
Posted Mar 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2516-2 - USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9419, CVE-2014-9420, CVE-2014-9428, CVE-2014-9529, CVE-2014-9584, CVE-2014-9585, CVE-2014-9683, CVE-2015-0239
SHA-256 | 76903f6b56698c4952e01e1d34693ec01de15214367c1003f5d4153b94ec442f
ATutor LCMS 2.2 Cross Site Request Forgery
Posted Mar 2, 2015
Authored by Edric Teo

ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-1583
SHA-256 | 44ffb91b51da80df29764e37e1a573311e6d31e296f500dfaa2f621352facdf5
BEdita CMS 3.5.0 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 2, 2015
Authored by Edric Teo

BEdita CMS version 3.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 343b3785e6e18f998615ce4afd69ac29404e76178c8291bcfbbabc530815a3e4
Linux CVE-2014-9322 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

tags | exploit, x86, kernel, local
systems | linux
advisories | CVE-2014-9322
SHA-256 | 4af67f178eb58a164b5111e77b240cd7ee040f47573670c05d5a9905efc16e21
Linux CVE-2014-4943 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2014-4943
SHA-256 | a61882d75d8479cc731747b0d2682c513a28bb1ec35244e7dadceb22767f2277
Linux CVE-2014-3631 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2014-3631
SHA-256 | aa1298ddf2533503468e7415c2de8808d48b8fac52f00905dd6dbef860a455f8
Fortimail 5.2.1 Cross Site Scripting
Posted Mar 2, 2015
Authored by William Costa

Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4a9ca90086f920fbde41283b2de6cf6ada62459dae9b0d0f5aea2a02e800c26e
NetCat CMS 3.12 Remote File Inclusion
Posted Mar 2, 2015
Authored by Jing Wang

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 53f795f8a60c40bb0d2cabd0e643847a187fa5fa0ed2aed87c4340b11bb7fd27
Packet Storm New Exploits For February, 2015
Posted Mar 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 146 exploits added to Packet Storm in February, 2015.

tags | exploit
systems | linux
SHA-256 | fe470aa6494680f0b9f1494501103139ce6bb81434637f768cd7218e7acd9df9
Swiss File Knife 1.7.4 Buffer Overflow
Posted Mar 2, 2015
Authored by Vulnerability Laboratory, lucyoa | Site vulnerability-lab.com

Swiss File Knife version 1.7.4 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | bd1750a260505e80621dabe4def52528b4f6d76e51e6c987af5b67be5f14be0c
WordPress WP All 3.2.3 Shell Upload
Posted Mar 2, 2015
Authored by Evex

WordPress WP All Import plugin versions 3.2.3 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c38ce943c8d2cafa463b95e04fd56a3eb2837ceab61b895ff74cbe8f9c336f12
tmap 0.1
Posted Mar 2, 2015
Authored by TheKingOf9x

tmap is a fast multi-threaded port scanner that tunnels through TOR.

tags | tool, scanner
systems | unix
SHA-256 | db20e08df203cb56e43fdac32a8d5e55b9a58acd729cf037136a8348620e6350
WordPress Photocrati Theme 4.x.x SQL Injection
Posted Mar 2, 2015
Authored by ayastar

WordPress Photocrati theme version 4.x.x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 158866c77fdda9bb7fca9fe0eb1c0d0c13e28fbfc60ee9b15419d6a2c013d733
79 Bytes Add Mapping /etc/hosts
Posted Mar 2, 2015
Authored by Osanda Malith

79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.

tags | shellcode
SHA-256 | 318b8a39ccbe95150914624284fab185bb8e44b9b248cd2b89f8701e7946d1e9
Piwik Signature Validation
Posted Mar 2, 2015
Authored by Taylor Hornby

Piwik fails to perform signature validation when running updates.

tags | advisory
SHA-256 | b828fa052cbba603a1c31b4b2e170441da3919c6b79028adaa375fa4614c688a
Ubuntu Vivid Upstart Privilege Escalation
Posted Mar 2, 2015
Authored by halfdog

Ubuntu Vivid Upstart suffers from a logrotate privilege escalation vulnerability.

tags | exploit
systems | linux, ubuntu
SHA-256 | 57ba2d59b5541f853776351cd1d83860c51f823ac02e23145009c9b6c6f926b2
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close