what you don't know can hurt you
Showing 1 - 25 of 35 RSS Feed

Files Date: 2015-03-24

Wordpress InfusionSoft Shell Upload
Posted Mar 24, 2015
Authored by us3r777, g0blin | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2014-6446
MD5 | 2a8a84c324fff3740033f0a79d327826
WordPress OptimizePress Theme Shell Upload
Posted Mar 24, 2015
Authored by United of Muslim Cyber Army, Mekanismen | Site metasploit.com

This Metasploit module exploits a vulnerability found in the the WordPress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component, allowing an attacker to upload arbitrary PHP code. This Metasploit module has been tested successfully on OptimizePress 1.45.

tags | exploit, arbitrary, php, file upload
MD5 | 2117b1399dc824b5e7a4d51b544b38c7
WordPress cache_lastpostdate Arbitrary Code Execution
Posted Mar 24, 2015
Authored by H D Moore, str0ke | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2005-2612, OSVDB-18672
MD5 | 6587a07ae6fb8103545737bc7a447633
WordPress W3 Total Cache PHP Code Execution
Posted Mar 24, 2015
Authored by H D Moore, juan vazquez, temp66, Christian Mehlmauer | Site metasploit.com

This Metasploit module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically find or bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on WordPress must be unchecked for successful exploitation. This Metasploit module has been tested against WordPress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.

tags | exploit, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2013-2010, OSVDB-92652
MD5 | be8ab3b5728c9890eeda2592ba90ef4e
WordPress Foxypress uploadify.php Arbitrary Code Execution
Posted Mar 24, 2015
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3a487527cd2c26d67722a8add1279d90
HP Security Bulletin HPSBST03196 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03196 1 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running Bash. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271
MD5 | 155179048fef5f06ffff87f381b7d674
Ubuntu Security Notice USN-2545-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2545-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
MD5 | 5ae0554e64e796d299cb0dd60398e427
Ubuntu Security Notice USN-2546-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2546-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
MD5 | 3c3b871a5068bd2fff0e393ad0aa76aa
Ubuntu Security Notice USN-2541-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2541-1 - The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7822, CVE-2014-9419, CVE-2014-9683, CVE-2015-1421
MD5 | 3e24d4f47628df7e3421fd1a7b297cab
Ubuntu Security Notice USN-2544-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2544-1 - Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-9644, CVE-2015-0274
MD5 | bcd5ca8cc6652f61057ffcc8f2ab46f0
Ubuntu Security Notice USN-2543-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2543-1 - Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-9644, CVE-2015-0274
MD5 | 1fd345a98c5bea2aa825c73ef793cbc0
Ubuntu Security Notice USN-2542-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2542-1 - The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7822, CVE-2014-9419, CVE-2014-9683, CVE-2015-1421
MD5 | 4d82d698728935036be976213a63d50d
Red Hat Security Advisory 2015-0716-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0716-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 84c06482c884d666f0674209111c6d16
HP Security Bulletin HPSBGN03249 2
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03249 2 - Potential security vulnerabilities has been identified with HP ArcSight Enterprise Security Manager (ESM) and HP ArcSight Logger. These vulnerabilities could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-7884, CVE-2014-7885
MD5 | 00727e0303441fb770bb00a1239de076
HP Security Bulletin HPSBMU03220 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03220 1 - Potential security vulnerabilities have been identified with HP Shunra Network Appliance / HP Shunra Wildcat Appliance running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | 45b387b5df583f081be056617de348e8
HP Security Bulletin HPSBHF03289 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03289 1 - A potential security vulnerability has been identified with HP ThinPro Linux This is the glibc vulnerability known as "GHOST", which could be exploited remotely to allow execution of arbitrary code. This update also addresses other vulnerabilities in SSL that would remotely allow denial of service, disclosure of information and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0235
MD5 | cb045c74fdd840614d7e6835f0776526
HP Security Bulletin HPSBHF03279 2
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03279 2 - Potential security vulnerabilities have been identified with certain HP Point of Sale PCs Running Windows with OLE Point of Sale (OPOS) Drivers. These vulnerabilities could be remotely exploited resulting in execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2014-7888, CVE-2014-7889, CVE-2014-7890, CVE-2014-7891, CVE-2014-7892, CVE-2014-7893, CVE-2014-7894, CVE-2014-7895, CVE-2014-7897, CVE-2014-7898
MD5 | 1dd04fd55f4c49403170deb98acdf44f
HP Security Bulletin HPSBGN03299 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03299 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including: The SSL vulnerability known as "FREAK", which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204
MD5 | 3238fe378c1ecd8a4516be16530d81d9
Ubuntu Security Notice USN-2547-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2547-1 - It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-0992, CVE-2012-3543, CVE-2015-2318, CVE-2015-2319, CVE-2015-2320
MD5 | 19fa9d3776f5eafe34251eb3a1c9e32d
Red Hat Security Advisory 2015-0718-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0718-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-0817, CVE-2015-0818
MD5 | 235ddf4add35688faa2b945220495650
Red Hat Security Advisory 2015-0715-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0715-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 9c5429281270d2cf5d0d7d74e66bab1e
Microsoft Windows Local WebDAV NTLM Reflection Privilege Escalation
Posted Mar 24, 2015
Authored by James Forshaw

A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system. It can also be used to escape application sandboxes if TCP socket access is not blocked. Microsoft will not fix this issue.

tags | advisory, local, tcp
systems | windows, 7
MD5 | acf5e4414852c101a882e4682f56ac7f
Anchor CMS 0.9.2 Cross Site Scripting
Posted Mar 24, 2015
Authored by Vadodil Joel Varghese

Anchor CMS version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fe79a1067dbae2308d541c8ba6de2bc4
Joomla Random Article SQL Injection
Posted Mar 24, 2015
Authored by Jagriti Sahu

Joomla Random Article component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ad2bba53bcddf1c89f0bd7c186131802
Unasjee CMS Cross Site Request Forgery
Posted Mar 24, 2015
Authored by KnocKout

Unasjee CMS suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 247cfc78c89a77dd5323ca8f9baaed18
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close