exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-03

JBoss Seam 2 File Upload / Execute
Posted Apr 3, 2015
Authored by vulp1n3 | Site metasploit.com

Versions of the JBoss Seam 2 framework prior to 2.2.1CR2 fail to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the application server. This Metasploit module leverages RCE to upload and execute a meterpreter payload. Versions of the JBoss AS admin-console are known to be vulnerable to this exploit, without requiring authentication. Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7. This Metasploit module provides a more efficient method of exploitation - it does not loop to find desired Java classes and methods. NOTE: the check for upload success is not 100% accurate. NOTE 2: The module uploads the meterpreter JAR and a JSP to launch it.

tags | exploit, java, remote, code execution
systems | linux
advisories | CVE-2010-1871
MD5 | 81feacdab70db36a6652e5bd7a522f25
Mandriva Linux Security Advisory 2015-192
Posted Apr 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.

tags | advisory, web, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0202, CVE-2015-0248, CVE-2015-0251
MD5 | 133f2b011d000810debd838ff3282394
HP Security Bulletin HPSBST03195 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271, CVE-2014-7169
MD5 | a3597b64c42716642c509ae51cfced26
Debian Security Advisory 3212-1
Posted Apr 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3212-1 - Multiple security issues have been found in Icedove, Debian's version of use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
MD5 | ee5f5e7cf974f2086c84bfb78874e660
HP Security Bulletin HPSBHF03300 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03300 1 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. Other vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) and unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
MD5 | 846e796b46ad2165e56f113932205c50
Kemp Load Master 7.1-16 CSRF / XSS / DoS / Code Execution
Posted Apr 3, 2015
Authored by Roberto Suggi Liverani

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution, xss, csrf
advisories | CVE-2014-5287, CVE-2014-5288
MD5 | d792ec396201a782057b689af726098b
phpSFP Schedule Facebook Posts 1.5.6 SQL Injection
Posted Apr 3, 2015
Authored by Pichaya Morimoto

phpSFP Schedule Facebook Posts version 1.5.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 281b3bba6ccd6a270386a4a3cbce6c81
Airties Air5650v3TT Remote Stack Overflow
Posted Apr 3, 2015
Authored by Batuhan Burakcin

Airties Air5650TT remote stack overflow exploit that spawns a reverse shell.

tags | exploit, remote, overflow, shell
MD5 | b1bbc3d15871f00dad770adc89f6075b
WordPress Simple Ads Manager 2.5.94 / 2.5.96 SQL Injection
Posted Apr 3, 2015
Authored by Le Hong Minh

WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-2824
MD5 | 3b85d299949b55fb08c7aa45162eca99
WordPress Simple Ads Manager 2.5.94 File Upload
Posted Apr 3, 2015
Authored by Tien Tran Dinh

WordPress Simple Ads Manager version 2.5.94 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-2825
MD5 | 749da24a6c4abfa25004cf7d7d8ffe2f
WordPress PHP Event Calendar 1.5 Arbitrary File Upload
Posted Apr 3, 2015
Authored by CrashBandicot

WordPress PHP Event Calendar plugin version 1.5 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, php, file upload
MD5 | 7e4e79d21d5989387668629416c18586
WordPress Simple Ads Manager 2.5.94 / 2.5.96 Information Disclosure
Posted Apr 3, 2015
Authored by Nguyen Hung Tuan

WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2015-2826
MD5 | 01385c3cc8cfe714f1ef4c986d610653
OpenSSH 6.8 Insecure Functions
Posted Apr 3, 2015
Authored by Nicholas Lemonias

OpenSSH version 6.8 makes use of some insecure functions.

tags | advisory
MD5 | f2c9d2c27b4f37ee57df559776cf7134
OpenSSL 1.0.2a Insecure Functions
Posted Apr 3, 2015
Authored by Nicholas Lemonias

OpenSSL version 1.0.2a makes use of some insecure functions.

tags | advisory
MD5 | 67dab38b98557a8440b703be32d1326c
Synology.com Cross Site Scripting
Posted Apr 3, 2015
Authored by Yann CAM

Synology.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 58d9842618821e93c78f24b0f7f0e603
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close