exploit the possibilities
Showing 1 - 25 of 27 RSS Feed

Files Date: 2015-04-01

EMC PowerPath Virtual Appliance Undocumented User Accounts
Posted Apr 1, 2015
Authored by Jeremy Brown | Site emc.com

EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.

tags | advisory
advisories | CVE-2015-0529
MD5 | c7eff923a0c604ac98bf2cc310e95742
Apache Cassandra Remote Code Execution
Posted Apr 1, 2015
Authored by G. Geshev

Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user. Versions 1.2.0 to 1.2.19, 2.0.0 to 2.0.13, and 2.1.0 to 2.1.3 are affected.

tags | advisory, java, remote, arbitrary
advisories | CVE-2015-0225
MD5 | 2b1811df2d4703382612cf4886161127
WordPress VideoWhisper Video Presentation 3.31.17 Shell Upload
Posted Apr 1, 2015
Authored by Larry W. Cashdollar

WordPress VideoWhisper Video Presentation plugin version 3.31.17 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 628bf17ebc73fc80efe19139ac8210c5
WordPress VideoWhisper Video Conference Integration 4.91.8 Shell Upload
Posted Apr 1, 2015
Authored by Larry W. Cashdollar

WordPress VideoWhisper Video Conference Integration plugin version 4.91.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | bcce7d49139682920a0dc5da50fba625
Ubuntu Security Notice USN-2555-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2015-0837
MD5 | e428fe287b99f96560cbd339eb766675
Ubuntu Security Notice USN-2554-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606, CVE-2015-1607
MD5 | 076618d0af514422a50aeaf16bd6d41e
Red Hat Security Advisory 2015-0766-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0766-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
MD5 | d853b3d757bc45775927f3404decbe1b
Red Hat Security Advisory 2015-0768-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0768-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 was retired on March 31, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
MD5 | 48c9cf8e748c6f4538e01e6af400b68a
Red Hat Security Advisory 2015-0767-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | 164db12aba7116e662aaa7d4c6609c5c
Red Hat Security Advisory 2015-0771-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0771-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
MD5 | 20abe1b631c68e00199f00b9c6ee3ab1
Red Hat Security Advisory 2015-0773-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002, CVE-2014-7839, CVE-2014-8122, CVE-2015-0226, CVE-2015-0227
MD5 | 646ee5a7987f6753fcf916a00ee9a84c
Ubuntu Security Notice USN-2550-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2550-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
MD5 | addd56853ab86e778c41e9c63ab5868f
WordPress Revolution Slider File Upload
Posted Apr 1, 2015
Authored by CrashBandicot

WordPress Revolution Slider suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 7c4aed1bf01b6c9e8d48d6de3a0de163
Joomla Simple Photo Gallery Shell Upload
Posted Apr 1, 2015
Authored by CrashBandicot

Joomla Simple Photo Gallery component version 1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 796cb813195ec5ef42607b5d1dde3f02
WordPress DesignFolio+ Theme File Upload
Posted Apr 1, 2015
Authored by CrashBandicot

WordPress DesignFolio+ theme suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 3cd452bc5dbbbcdbc9d0741bcf3c1dcb
Packet Storm New Exploits For March, 2015
Posted Apr 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 224 exploits that were added to Packet Storm in March, 2015.

tags | exploit
systems | linux
MD5 | 4e7b9eb1c34e67825729e2b496930a00
Ericsson Drutt MSDP (Instance Monitor) Directory Traversal / File Access
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2015-2166
MD5 | 893f70c4c2e5b070735a35469f13f1f6
Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (Report Viewer) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2165
MD5 | d8228ca7b6089452eae8db0427916e1f
Ericsson Drutt MSDP (3PI Manager) Cross Site Scripting
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5f1bbbfeefb52a0a0e2c55ae86512034
Ericsson Drutt MSDP (3PI Manager) Open Redirect
Posted Apr 1, 2015
Authored by Anastasios Monachos

Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from an open redirection vulnerability.

tags | exploit
advisories | CVE-2015-2167
MD5 | 9bf069188b13154ac0c8614e03fd93e1
Red Hat Security Advisory 2015-0765-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3577
MD5 | 576c75050e7726247568a441b57dc040
Ubuntu Security Notice USN-2553-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2553-1 - William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655
MD5 | f3d58af233fa2f9aae8db85519f911a2
Debian Security Advisory 3210-1
Posted Apr 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3210-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-2188, CVE-2015-2189, CVE-2015-2191
MD5 | 231bb3afdc0076b537d1c6f313314688
Mandriva Linux Security Advisory 2015-186
Posted Apr 1, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-186 - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally, the phpseclib package has been upgraded to the 0.3.10 version.

tags | advisory, remote, web, php
systems | linux, mandriva
advisories | CVE-2015-2206
MD5 | eda07576e05ed2510e8cae582581c2fc
Java.com Cross Site Scripting
Posted Apr 1, 2015
Authored by Yann CAM

Java.com suffered from multiple cross site scripting vulnerabilities.

tags | exploit, java, vulnerability, xss
MD5 | cea43e2cc4a3c92544a49dc5a3141695
Page 1 of 2
Back12Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    11 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close