what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2015-04-03

JBoss Seam 2 File Upload / Execute
Posted Apr 3, 2015
Authored by vulp1n3 | Site metasploit.com

Versions of the JBoss Seam 2 framework prior to 2.2.1CR2 fail to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the application server. This Metasploit module leverages RCE to upload and execute a meterpreter payload. Versions of the JBoss AS admin-console are known to be vulnerable to this exploit, without requiring authentication. Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7. This Metasploit module provides a more efficient method of exploitation - it does not loop to find desired Java classes and methods. NOTE: the check for upload success is not 100% accurate. NOTE 2: The module uploads the meterpreter JAR and a JSP to launch it.

tags | exploit, java, remote, code execution
systems | linux
advisories | CVE-2010-1871
SHA-256 | fe639b25ec3a4921cb55d15bdfb6e881c231a40faa50a3d8152df00b6699cc2a
Mandriva Linux Security Advisory 2015-192
Posted Apr 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.

tags | advisory, web, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0202, CVE-2015-0248, CVE-2015-0251
SHA-256 | 829bf7383ff71da085f5217b201c2b0b0c211ea29983b39d9bc74aa6de7c36fc
HP Security Bulletin HPSBST03195 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271, CVE-2014-7169
SHA-256 | 6a809ea757ff22870a3e4f96354ac184c8c6886fa4f952676c8a777eb3d928e2
Debian Security Advisory 3212-1
Posted Apr 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3212-1 - Multiple security issues have been found in Icedove, Debian's version of use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
SHA-256 | f5fef3c8a0bfd6385a3eb9e894bf1b6efc708a179b17b5cc8474b7ca7cc78c4b
HP Security Bulletin HPSBHF03300 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03300 1 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. Other vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) and unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 329f0280df00f4c7b48c192f216b6d37cdbb7f6ed711b0b2b33a657122fbae7b
Kemp Load Master 7.1-16 CSRF / XSS / DoS / Code Execution
Posted Apr 3, 2015
Authored by Roberto Suggi Liverani

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution, xss, csrf
advisories | CVE-2014-5287, CVE-2014-5288
SHA-256 | 81a001a8c6f48e1e8af8a8319afbad8ca0dcf82113d9d1a5f0b09a6d0b520ed7
phpSFP Schedule Facebook Posts 1.5.6 SQL Injection
Posted Apr 3, 2015
Authored by Pichaya Morimoto

phpSFP Schedule Facebook Posts version 1.5.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7673a25237bdf3cd6bc1787a2b3327ccc77b90c595451e0afce62021f734c275
Airties Air5650v3TT Remote Stack Overflow
Posted Apr 3, 2015
Authored by Batuhan Burakcin

Airties Air5650TT remote stack overflow exploit that spawns a reverse shell.

tags | exploit, remote, overflow, shell
SHA-256 | 9f0340d2c2b6c3152187216f7125ce13eea9862d86be92f799f51b9e8793bbad
WordPress Simple Ads Manager 2.5.94 / 2.5.96 SQL Injection
Posted Apr 3, 2015
Authored by Le Hong Minh

WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-2824
SHA-256 | d0666e28aa1c3b476d3cec2790fdd3cb6d8998518ab039b1673e710aec01a687
WordPress Simple Ads Manager 2.5.94 File Upload
Posted Apr 3, 2015
Authored by Tien Tran Dinh

WordPress Simple Ads Manager version 2.5.94 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-2825
SHA-256 | acf530bdb80483f6f4aba3d8993b8414f225dc3ea3793cf25500608f6901ea0e
WordPress PHP Event Calendar 1.5 Arbitrary File Upload
Posted Apr 3, 2015
Authored by CrashBandicot

WordPress PHP Event Calendar plugin version 1.5 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, php, file upload
SHA-256 | 0c0e6821c9f39d195b058b4a300a86fb947a58cbad45c92060bdd27bb6a0511d
WordPress Simple Ads Manager 2.5.94 / 2.5.96 Information Disclosure
Posted Apr 3, 2015
Authored by Nguyen Hung Tuan

WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2015-2826
SHA-256 | 3796a819f2860d5d329196625fa65cebbe2141c37ed980f31297dce290960590
Synology.com Cross Site Scripting
Posted Apr 3, 2015
Authored by Yann CAM

Synology.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | df36960f10fd715ad89f78bcc5f4c2fdfa17ca95a83d0ace087bc886131e0aec
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close