Twenty Year Anniversary
Showing 1 - 25 of 29 RSS Feed

Files Date: 2015-03-19

Chamilo LMS 1.9.10 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 19, 2015
Authored by Rehan Ahmed

Chamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 69e4147e1a3aa67e4930ac4f42112abb
EMC M&R (Watch4net) Insecure Credential Storage
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.

tags | exploit, remote
advisories | CVE-2015-0514
MD5 | eba368f2ffa4a6d9413f27cae2d20a8f
OpenSSH 6.8p1
Posted Mar 19, 2015
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is a major release, containing a number of new features as well as a large internal re-factoring.
tags | encryption
systems | linux, unix, openbsd
MD5 | 08f72de6751acfbd0892b5f003922701
Websense Content Gateway Error Message Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Content Gateway error messages are vulnerable to cross site scripting.

tags | exploit, xss
MD5 | de3f4d171630c37b115c54280c94b782
Publish-It PUI Buffer Overflow
Posted Mar 19, 2015
Authored by Daniel Kazimirow, Andrew Smith aka jakx | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2014-0980
MD5 | 492c24a2e4a85523dac7f0dc46d4788d
TWiki Debugenableplugins Remote Code Execution
Posted Mar 19, 2015
Authored by h0ng10, Netanel Rubin | Site metasploit.com

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.

tags | exploit, remote, perl, code execution
advisories | CVE-2014-7236
MD5 | 861350151f1243072a1bf5d32e992c39
Websense Reporting Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Reporting suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | da9fb8b1b23d712a581d731987d2f582
Fortinet Single Sign On Stack Overflow
Posted Mar 19, 2015
Authored by Core Security Technologies, Andres Lopez Luksenberg, Enrique Nissim

Core Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.

tags | exploit
systems | windows
advisories | CVE-2015-2281
MD5 | 364a74b173679d6c23119f93cd7f0e6e
Websense Explorer Report Scheduler Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Explorer's report scheduler suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f61d7e7372d27ad491697c44ef11c43a
Websense Data Security Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.

tags | exploit, xss
MD5 | 86ab3b7389ac26123e7206b0314a486d
Websense Explorer Missing Access Control
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.

tags | exploit, web
MD5 | 89c0346b75e7f6661c0cd5eb2a56049e
Websense Triton Source Code Disclosure
Posted Mar 19, 2015
Authored by Han Sahin

Websense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.

tags | exploit, info disclosure
MD5 | dac76339348e0acabb8f22b5eea22b34
Websense Appliance Manager Command Injection
Posted Mar 19, 2015
Authored by Han Sahin

A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like cross site scripting, to perform a remote unauthenticated attacks to compromise the appliance.

tags | exploit, remote, arbitrary, vulnerability, xss
MD5 | bf1fef925f4eb4c3a65e0bed86a82682
Websense Email Security Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.

tags | advisory, web, arbitrary, xss
MD5 | 233d117108a173ccaaf79f36aa5bccfe
Websense Data Security DLP Incident Forensics Preview XSS
Posted Mar 19, 2015
Authored by Han Sahin

Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.

tags | advisory, web, arbitrary, xss
MD5 | f44de586ef210e05a155e337189a0aba
Joomla ECommerce-WD 1.2.5 SQL Injection
Posted Mar 19, 2015
Authored by Brandon Perry

Joomla ECommerce-WD plugin version 1.2.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | da188df7cade95bd85ba4bb44c0bd9c2
Apple Security Advisory 2015-03-17-1
Posted Mar 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-17-1 - Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address multiple WebKit vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084
MD5 | 6548e09d665151e47839fae2a30144e8
Findsploit 1.1
Posted Mar 19, 2015
Authored by 1N3

Findsploit is a simple bash script to quickly and easily search both local and online exploit databases.

tags | local, bash
systems | unix
MD5 | ab6cb230e93eceeee5f82c1bdabc2f9d
Red Hat Security Advisory 2015-0698-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0698-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat, windows
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2011-4516, CVE-2011-4517, CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
MD5 | c6e7c66bceb68524ea02a5ee6ad34a25
Red Hat Security Advisory 2015-0696-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0696-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675
MD5 | 142c142d4bfbac8bb845d5f205a60dd9
Gentoo Linux Security Advisory 201503-10
Posted Mar 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-10 - Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.

tags | advisory, arbitrary, vulnerability, code execution, python
systems | linux, gentoo
advisories | CVE-2013-1752, CVE-2013-7338, CVE-2014-1912, CVE-2014-2667, CVE-2014-4616, CVE-2014-7185, CVE-2014-9365
MD5 | d8dc2ad2f03aa115ae5e87edc83489c4
Debian Security Advisory 3196-1
Posted Mar 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3196-1 - Hanno Boeck discovered that file's ELF parser is susceptible to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-9653
MD5 | b7f705d85c9fd21896fc2fc0a47e809a
Red Hat Security Advisory 2015-0700-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636
MD5 | cf9f2af4a3853ef8397ab56550e16af3
Red Hat Security Advisory 2015-0699-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0699-01 - PostgreSQL is an advanced object-relational database management system. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
MD5 | 3f640220a4b7bef1f90cd0ad72705976
Ubuntu Security Notice USN-2536-1
Posted Mar 19, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2536-1 - Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
MD5 | e88b78badcc5f72ad11f218d6ac882c8
Page 1 of 2
Back12Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close