exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2015-03-11

Capstone 3.0.2
Posted Mar 11, 2015
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: Release 3.0.2 is a stable version with important fixes in the core and Python bindings.
tags | tool
systems | linux, unix
MD5 | fd2663e86f9e3e59d11a3f1c740d6298
tcpdump 4.7.3
Posted Mar 11, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
MD5 | 334a4761594b29f80793c1303f0f4acc
Red Hat Security Advisory 2015-0674-01
Posted Mar 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0674-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7822, CVE-2014-8159, CVE-2014-8160, CVE-2014-8369
MD5 | b367cb84194b7426f2cf2b6d53e4b66c
Windows Pass-Through Authentication Methods Improper Validation
Posted Mar 11, 2015
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a domain-joined server, a pass-through authentication must be performed in order for the server to verify the client's Credentials with the domain controller. This logon request must be delivered to the domain controller over a secure channel. This secure channel is achieved by encrypting the server to DC communication using a shared secret, commonly known as a server's machine account password. On successful authentication, the domain controller returns the UserSessionKey back to the server. This key is used for cryptographic operations on a session. Examples of the use of this key are generating the keys needed to signing SMB packets, and the keys needed for encryption/decryption of SMB sessions. Improper validation between the account used to secure the communication channel and the logon request data being sent to the domain controller allows third parties to obtain the UserSessionKey for communications that were not meant for them.

tags | exploit, remote, protocol
systems | windows
advisories | CVE-2015-0005
MD5 | b2b8740843fe391023b6c152b27fe322
GeniXCMS 0.0.1 Cross Site Request Forgery
Posted Mar 11, 2015
Authored by LiquidWorm | Site zeroscience.mk

GeniXCMS version 0.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 59eb5f8f916ba6bd410b444b59b31925
GeniXCMS 0.0.1 Cross Site Scripting
Posted Mar 11, 2015
Authored by LiquidWorm | Site zeroscience.mk

GeniXCMS version 0.0.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 495ddf98f54c4dce8ae008725587a67a
GeniXCMS 0.0.1 SQL Injection
Posted Mar 11, 2015
Authored by LiquidWorm | Site zeroscience.mk

GeniXCMS version 0.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 700867f4c8a4e6a86188c0ab60b01009
RSA Digital Certificate Solution XSS / Denial Of Service
Posted Mar 11, 2015
Authored by Ken Cijsouw | Site emc.com

RSA Certificate Manager versions prior to 6.9 Build 558 and RSA Registration Manager versions prior to 6.9 Build 558 suffer from cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2014-0231, CVE-2015-0521, CVE-2015-0522, CVE-2015-0523
MD5 | 3d7e8818c92ef714884d2dd6d5a13cc6
EMC Secure Remote Services GHOST / SQL Injection / Command Injection
Posted Mar 11, 2015
Authored by Han Sahin | Site emc.com

EMC Secure Remote Services Virtual Edition (ESRS VE) suffers from GHOST, remote SQL injection, and command injection vulnerabilities. Affected products include versions 3.02 and 3.03.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2015-0235, CVE-2015-0524, CVE-2015-0525
MD5 | 2c5f30dbe1691618bb352de8673e9d5f
Dropbox SDK For Android Remote Exploitation
Posted Mar 11, 2015
Authored by Roee Hay, Or Peles

A vulnerability in the Dropbox SDK for Android may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques.

tags | exploit, paper
advisories | CVE-2014-8889
MD5 | 9274033584a6daa1b2971e6040ac7597
Community Gallery 2.0 Cross Site Scripting
Posted Mar 11, 2015
Authored by Pham Kien Cuong

Community Gallery version 2.0 prior to 12/10/2014 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2275
MD5 | 500d48ac8d64772fccb1d61df4fdfbb2
Microsoft Security Bulletin Summary For March, 2015
Posted Mar 11, 2015
Site microsoft.com

This bulletin summary lists fourteen released Microsoft security bulletins for March, 2015.

tags | advisory
MD5 | aa13ef1b615a8b9ce6de1f884469aa3e
Cisco Security Advisory 20150310-ssl
Posted Mar 11, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, or perform a man-in-the-middle attack. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
MD5 | 37be48ba37307f3eab02fbaeb8cca671
Debian Security Advisory 3182-1
Posted Mar 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3182-1 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-1782
MD5 | b197067437530675aa8dc5588573b643
Debian Security Advisory 3177-1
Posted Mar 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3177-1 - Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server's client verify mode not to be considered at all, in case the directory's configuration was unset. Clients with invalid certificates were then able to leverage this flaw in order to get access to that directory.

tags | advisory
systems | linux, debian
advisories | CVE-2015-2091
MD5 | 1990e6b5c456442f8dad0e50121662dc
Debian Security Advisory 3181-1
Posted Mar 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3181-1 - Multiple security issues have been found in the Xen virtualisation solution.

tags | advisory
systems | linux, debian
advisories | CVE-2015-2044, CVE-2015-2045, CVE-2015-2151
MD5 | 2768ba40912b3d996063ab23fdd40d76
HP Security Bulletin HPSBUX03281 SSRT101968 1
Posted Mar 11, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03281 SSRT101968 1 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-4010
MD5 | 46a28186a6f3e3cf63dce371ed20a4af
Red Hat Security Advisory 2015-0672-01
Posted Mar 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0672-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon to crash under certain conditions.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-1349
MD5 | 154ec6fa4bdc12974095f4c17d036392
Ubuntu Security Notice USN-2524-1
Posted Mar 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2524-1 - Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-9687
MD5 | 63a7c195efa5ca2b1c168da62ecbc1db
Ubuntu Security Notice USN-2522-3
Posted Mar 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2522-3 - USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7940
MD5 | 0b09f986fa0a4a3760d5524c3809ac9e
Vastal I-tech phpVID 1.2.3 Cross Site Scripting
Posted Mar 11, 2015
Authored by Jing Wang

Vastal I-tech phpVID version 1.2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 97372da9eeefefefe68bb027224b34c9
Vastal I-tech phpVID 1.2.3 SQL Injection
Posted Mar 11, 2015
Authored by Jing Wang

Vastal I-tech phpVID version 1.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fe3f6dd04ba35093eebf50c76c6f29f1
WordPress Daily Edition Theme 1.6.2 Path Disclosure
Posted Mar 11, 2015
Authored by Jing Wang

WordPress Daily Edition theme version 1.6.2 suffers from a path disclosure vulnerability.

tags | advisory, info disclosure
MD5 | 8ca7177417534c85b235eefdebc1fa31
WordPress Daily Edition Theme 1.6.2 Cross Site Scripting
Posted Mar 11, 2015
Authored by Jing Wang

WordPress Daily Edition theme version 1.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bb80b45ff5e6e7c7df0f3303a04021a0
SuperWebMailer 5.50.0.01160 Cross Site Scripting
Posted Mar 11, 2015
Authored by Jing Wang

SuperWebMailer version 5.50.0.01160 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 743e8a1a98c5742c80263694acea49fd
Page 1 of 2
Back12Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    12 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close