what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2015-03-24

Wordpress InfusionSoft Shell Upload
Posted Mar 24, 2015
Authored by us3r777, g0blin | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2014-6446
SHA-256 | 2b7754496960422648fd53d44f7c5f663f40d4e64906b1d967c380e682afd7da
WordPress OptimizePress Theme Shell Upload
Posted Mar 24, 2015
Authored by United of Muslim Cyber Army, Mekanismen | Site metasploit.com

This Metasploit module exploits a vulnerability found in the the WordPress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component, allowing an attacker to upload arbitrary PHP code. This Metasploit module has been tested successfully on OptimizePress 1.45.

tags | exploit, arbitrary, php, file upload
SHA-256 | 8fe5a65ba0a48deeb6568d675a37477fe142197da4739939fdc89d00458ee2ed
WordPress cache_lastpostdate Arbitrary Code Execution
Posted Mar 24, 2015
Authored by H D Moore, str0ke | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2005-2612, OSVDB-18672
SHA-256 | 8029e1794748c6b847a3fcb2ff96b2b28fc0fde9bdbb4d42498a35812e402c16
WordPress W3 Total Cache PHP Code Execution
Posted Mar 24, 2015
Authored by H D Moore, juan vazquez, temp66, Christian Mehlmauer | Site metasploit.com

This Metasploit module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically find or bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on WordPress must be unchecked for successful exploitation. This Metasploit module has been tested against WordPress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.

tags | exploit, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2013-2010, OSVDB-92652
SHA-256 | bed096490dc9d7e2c3e5ae3b9e8234d981926a7705dfde36023179c919fb54aa
WordPress Foxypress uploadify.php Arbitrary Code Execution
Posted Mar 24, 2015
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | b017c0df7061322735956c2e5f849f22a187dfba7fc928876d14b674c70fddd8
HP Security Bulletin HPSBST03196 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03196 1 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running Bash. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271
SHA-256 | 4be7a57fc9d180a0c2da2e754c8f966e45742fb56c2315e518187bf758764467
Ubuntu Security Notice USN-2545-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2545-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, cryptography
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
SHA-256 | f0d96d401b0085cca787c43e9e7cf167b99f5f483a755be670dfc9be5e09397f
Ubuntu Security Notice USN-2546-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2546-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, cryptography
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
SHA-256 | e4e127ba9f45099c6fc66a9a7ccea1411fc292920595bd1a9ea9b59e851882be
Ubuntu Security Notice USN-2541-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2541-1 - The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7822, CVE-2014-9419, CVE-2014-9683, CVE-2015-1421
SHA-256 | 2d7e5b61dc25c61afcef553473cababbdf6689f4edd43072e65e8a190d46291b
Ubuntu Security Notice USN-2544-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2544-1 - Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, kernel, local, cryptography
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-9644, CVE-2015-0274
SHA-256 | 9ddf124b2f1631a25b55a6630565e4ec8e300e7cba350a78679c54da8bfe363c
Ubuntu Security Notice USN-2543-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2543-1 - Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, kernel, local, cryptography
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-9644, CVE-2015-0274
SHA-256 | 1d20f0a45ef3c2328018fdfae24660ad9d7b3abed4e42067fe621154e5dc00f9
Ubuntu Security Notice USN-2542-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2542-1 - The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7822, CVE-2014-9419, CVE-2014-9683, CVE-2015-1421
SHA-256 | 6d16a19b701a03e7e17da5f559a14199c6b398ae3799e95bf7de7f4747bb2efe
Red Hat Security Advisory 2015-0716-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0716-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
SHA-256 | 9d8aee16c77d0cfe933cacb5fd802931cd9f89036d273602e014764364847f8f
HP Security Bulletin HPSBGN03249 2
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03249 2 - Potential security vulnerabilities has been identified with HP ArcSight Enterprise Security Manager (ESM) and HP ArcSight Logger. These vulnerabilities could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-7884, CVE-2014-7885
SHA-256 | 8f4edcb3114142df1bedbb92bf3cd48730dfdc80c7ef8ea3c8bd8922da2b1202
HP Security Bulletin HPSBMU03220 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03220 1 - Potential security vulnerabilities have been identified with HP Shunra Network Appliance / HP Shunra Wildcat Appliance running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | a6123d5b851b138a543e987a040efe52fa0e792954adbdefa8c34b543cc021b7
HP Security Bulletin HPSBHF03289 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03289 1 - A potential security vulnerability has been identified with HP ThinPro Linux This is the glibc vulnerability known as "GHOST", which could be exploited remotely to allow execution of arbitrary code. This update also addresses other vulnerabilities in SSL that would remotely allow denial of service, disclosure of information and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0235
SHA-256 | 382397e1a5db4b2ad8674375cd6e6e6384288664cd896f150a77ef9a0ae8d8cd
HP Security Bulletin HPSBHF03279 2
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03279 2 - Potential security vulnerabilities have been identified with certain HP Point of Sale PCs Running Windows with OLE Point of Sale (OPOS) Drivers. These vulnerabilities could be remotely exploited resulting in execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2014-7888, CVE-2014-7889, CVE-2014-7890, CVE-2014-7891, CVE-2014-7892, CVE-2014-7893, CVE-2014-7894, CVE-2014-7895, CVE-2014-7897, CVE-2014-7898
SHA-256 | 1036020a39ce9516aea534d077971926ce15bbc57583ad525067c387f183e6f2
HP Security Bulletin HPSBGN03299 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03299 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including: The SSL vulnerability known as "FREAK", which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204
SHA-256 | 2bb84f4f172f79af7ec61d8661a7811600da15eaeb941f552c18a3962ffbb1f8
Ubuntu Security Notice USN-2547-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2547-1 - It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-0992, CVE-2012-3543, CVE-2015-2318, CVE-2015-2319, CVE-2015-2320
SHA-256 | df47982100cec85a2943f68bea9742b67b9e2b5b58f72ad84ed804375204ff53
Red Hat Security Advisory 2015-0718-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0718-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-0817, CVE-2015-0818
SHA-256 | ceca8eaeb9eeb560f017b4c71d935b577a7b2b63afe6d73a4389cd3b984d33da
Red Hat Security Advisory 2015-0715-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0715-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
SHA-256 | 444104d5932d36fbf7dd33fbca71b225a194dc3084d7bd251d91eabd0c7f0e48
Microsoft Windows Local WebDAV NTLM Reflection Privilege Escalation
Posted Mar 24, 2015
Authored by James Forshaw

A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system. It can also be used to escape application sandboxes if TCP socket access is not blocked. Microsoft will not fix this issue.

tags | advisory, local, tcp
systems | windows
SHA-256 | d7f65f0f6fcfb1538cdd107180c364c1d5d666cadc19162e231ebc624660d51a
Anchor CMS 0.9.2 Cross Site Scripting
Posted Mar 24, 2015
Authored by Vadodil Joel Varghese

Anchor CMS version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1fbc46802e35a95a8200a4c6bc7e7bb4d7136136a187801b6d0ba3f9bbaab36a
Joomla Random Article SQL Injection
Posted Mar 24, 2015
Authored by Jagriti Sahu

Joomla Random Article component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0a2fa879f23beb0befce309d421834e8bc1f50146c8984ae39d4d21797ea7dc8
Unasjee CMS Cross Site Request Forgery
Posted Mar 24, 2015
Authored by KnocKout

Unasjee CMS suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 9b4101394e2daa2f90d83d866085ad33416c24d0ffa44d634c30bdae9c251e17
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close