what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-10

Adobe Flash Player casi32 Integer Overflow
Posted Apr 10, 2015
Authored by juan vazquez, bilou | Site metasploit.com

This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-0569
SHA-256 | ae591f02688cd067f82a826d2565cca8148319265c1fabddf71ee88ff7b5d99b
Mac OS X Rootpipe Privilege Escalation
Posted Apr 10, 2015
Authored by joev, wvu, Emil Kvarnhammar | Site metasploit.com

This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe. Tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as an admin user to escalate to root.

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-1130
SHA-256 | 6e27a1e1f2bcf759b740ad9887024027c9c87f0045ced259f32d35e3a7522fe1
Aircrack-ng Wireless Network Tools 1.2 RC2
Posted Apr 10, 2015
Site aircrack-ng.org

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Changes: Various improvements and bug fixes.
tags | tool, wireless
systems | unix
SHA-256 | ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9
WordPress Fusion Engage Local File Disclosure
Posted Apr 10, 2015
Authored by Why Know

WordPress Fusion Engage plugin suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | b52c96d8ad5b17a3befc553727ad9791dd2827f50c32f8d7c79b82cbfae79e50
TP-LINK Local File Disclosure
Posted Apr 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

tags | exploit, local
advisories | CVE-2015-3035
SHA-256 | 77dc5766ead42d5a0627853f735788b13644c3d13432f56e13c5ebedd4253fa3
WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection
Posted Apr 10, 2015
Authored by Claudio Viviani

WordPress Duplicator plugin versions 0.5.14 and below suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | f6a51d5df014feb4bd047ab4edcd3143f94f10035313ee7d5c44176c2ffdf44c
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
SHA-256 | 2abdab09c60b62e14aaa6b4c47c3f0c149c4561cf4f13a7a1514da1b9474cc0a
Hippo CMS 7.9.7 Enterprise Edition CRLF Injection
Posted Apr 10, 2015
Authored by Provensec

Hippo CMS version 7.9.7 Enterprise Edition suffers from a CRLF header injection vulnerability.

tags | exploit
SHA-256 | 2fb4fa85ea66e995db6ab55d0538b5311601d0e89367a86fc0e5f6c567ccbaa7
Pimcore CMS 3.0.5 Cross Site Request Forgery
Posted Apr 10, 2015
Authored by Provensec

Pimcore CMS version 3.0.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5209b22680fd154dc19cf97cff87c1072529cc3d9440119d2a4d450da6fc2e7a
Network Solutions Webmail XSS / CSRF / Password Reset
Posted Apr 10, 2015
Authored by Cristiano Maruti

Network Solutions Webmail suffers from cross site scripting, cross site request forgery, password reset, information disclosure and various other security vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
SHA-256 | c559efb26add26a98a7159d6b6b66eef0951644e9d1df44a88ea79ae16873041
Red Hat Security Advisory 2015-0797-01
Posted Apr 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0797-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. This issue was discovered by Olivier Fourdan of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0255
SHA-256 | 7ac8b7aced2419a0badae538306c5cb9ccc87d8ef506ce63553f43b2bca66baf
Red Hat Security Advisory 2015-0795-01
Posted Apr 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0795-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was discovered by Paolo Bonzini of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8106
SHA-256 | 41652ca875602c699e7f0b082e9a598e015e900d7caabfca7902669a6050bd49
Ubuntu Security Notice USN-2566-1
Posted Apr 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2566-1 - Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2015-0840
SHA-256 | 6cf9f3e41298a6212ac8a4bcd8c602d537ac9410e0524b541502765d10e1b336
OrangeHRM Cross Site Scripting / SQL Injection
Posted Apr 10, 2015
Authored by Rehan Ahmed

OrangeHRM versions Opensource 3.2.1 and Professional / Enterprise 4.11 suffer from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 1862a0aad68949b5bd076f84585c5eaeef1fd83c5fa15e8a9e8d03c8a737ecf6
WebDAV Uploading Script
Posted Apr 10, 2015
Authored by AdeRoot

Simple PHP script that explores WebDAV vulnerable sites that allow arbitrary uploads.

tags | tool, arbitrary, scanner, php, file upload
systems | unix
SHA-256 | 82096e8ddc00f8baec5d02ce1a0576b3e0253c168398a7b80b0b02473a331d36
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close