exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-03-20

Citrix NITRO SDK Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.

tags | exploit
MD5 | b7c5905da53dbedf0252c0e0eaf31a32
Citrix NetScaler VPX Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.

tags | exploit, xss
MD5 | 50c91a8bdcdd159b0b9034e8ccc241ed
OpenSSL Toolkit 1.0.2a
Posted Mar 20, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: 12 security vulnerabilities have been addressed.
tags | tool, encryption, protocol
systems | unix
MD5 | a06c547dac9044161a477211049f60ef
OpenSSL Security Advisory - 12 Security Fixes
Posted Mar 20, 2015
Site openssl.org

OpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | d5e61bc62fd70b1e4faa9d5757fe8ea0
FreeBSD Security Advisory - OpenSSL Issues
Posted Mar 20, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

tags | advisory
systems | freebsd
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 8a30cb43be0ccad8caf129b707a6c904
Citrix NITRO SDK xen_hotfix Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.

tags | exploit, xss
MD5 | 1579db71b1b93c28ae8678b57f16a887
Airties Air5650TT Modem Cross Site Scripting
Posted Mar 20, 2015
Authored by KnocKout

Airties Air5650TT Modem suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1a64a72555a21261d960dc31ec517851
Citrix Command Center Configuration Disclosure
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

tags | exploit, web
MD5 | 9874325f86bef49d1ece9fd0d75e93be
Security BSides Las Vegas 2015 Call For Papers
Posted Mar 20, 2015
Authored by BSides LV

BSides Las Vegas 2015 has announced its Call For Papers. It will take place August 4th and 5th, 2015, in Las Vegas, Nevada.

tags | paper, conference
MD5 | 540e6ad52a6b5c6c905136c4e4710a9e
EMC Secure Remote Services Virtual Edition SQL Injection
Posted Mar 20, 2015
Authored by Han Sahin

An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2015-0524
MD5 | 38ab9bd223d35a3ae4036a23e8101091
EMC Secure Remote Services Virtual Edition Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.

tags | exploit, remote, arbitrary
advisories | CVE-2015-0525
MD5 | 1ce9eb0a674b58ee302cff1521c315ad
EMC M&R (Watch4net) Device Discovery Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
MD5 | 8b88774ea14080fe5e9b90b7285e9723
EMC M&R (Watch4net) MIB Browser Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
MD5 | 75c8cf8cad96cde32de2124ca6a7d13f
EMC M&R (Watch4net) Alerting Frontend XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
MD5 | b5a7bb3b7795ea4a02931e1a103d80d6
EMC M&R (Watch4net) Centralized Management Console XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
MD5 | 0905638d0042501994a70dc5a5008bea
EMC M&R (Watch4net) Web Portal Report Favorites XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.

tags | exploit, web, xss
advisories | CVE-2015-0513
MD5 | 3229a84d50ed04e1c73f2ab068557038
Gentoo Linux Security Advisory 201503-11
Posted Mar 20, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | 4a2e3489d02d9cd892b08aaab0121cc9
Red Hat Security Advisory 2015-0708-01
Posted Mar 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0708-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
MD5 | 4c1048b81d9ed718ffd81418ac590a61
Ubuntu Security Notice USN-2537-1
Posted Mar 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | af6954b41cf8921ca646fd8bce9c0314
Red Hat Security Advisory 2015-0707-01
Posted Mar 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0707-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
MD5 | 4711da4d34b9b974fb558928885acb13
Debian Security Advisory 3197-1
Posted Mar 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3197-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292
MD5 | 81d2834847d1995a892ad45b8b801880
Subrion 3.3.0 Cross Site Request Forgery
Posted Mar 20, 2015
Authored by Provensec

Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.

tags | exploit, arbitrary, sql injection, csrf
MD5 | f4c6821ddf5b0a36e0ae02cf06c3c8d9
Citrx Command Center Advent JMX Servlet Accessible
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.

tags | exploit, xss, bypass
MD5 | 654ea83b4f8835317d17c06f0d8566f1
Mac OS X 10.10.2 Heap Overflows
Posted Mar 20, 2015
Authored by Luca Todesco

Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.

tags | exploit, overflow, local, vulnerability
systems | linux, apple, osx
MD5 | fc064282844724e02708b8de4b4db8b8
Yoast Google Analytics Stored Cross Site Scripting
Posted Mar 20, 2015
Authored by Jouko Pynnonen | Site klikki.fi

The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5685c927d3a6f1b4721f023d1a424a8d
Page 1 of 1
Back1Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close