what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-10

Adobe Flash Player casi32 Integer Overflow
Posted Apr 10, 2015
Authored by juan vazquez, bilou | Site metasploit.com

This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2014-0569
MD5 | 1a3b9845d08a07ae03794bce0519f44c
Mac OS X Rootpipe Privilege Escalation
Posted Apr 10, 2015
Authored by joev, wvu, Emil Kvarnhammar | Site metasploit.com

This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe. Tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as an admin user to escalate to root.

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-1130
MD5 | d58bceb05b3e631e2ed1aa2d3f0b76f8
Aircrack-ng Wireless Network Tools 1.2 RC2
Posted Apr 10, 2015
Site aircrack-ng.org

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Changes: Various improvements and bug fixes.
tags | tool, wireless
systems | unix
MD5 | ebe9d537f06f4d6956213af09c4476da
WordPress Fusion Engage Local File Disclosure
Posted Apr 10, 2015
Authored by Why Know

WordPress Fusion Engage plugin suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | c9d2cdb2a3cf510c38d0ca0a6d575fb8
TP-LINK Local File Disclosure
Posted Apr 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

tags | exploit, local
advisories | CVE-2015-3035
MD5 | 64365844e37da0b003f56f54e4464af0
WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection
Posted Apr 10, 2015
Authored by Claudio Viviani

WordPress Duplicator plugin versions 0.5.14 and below suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | 358733e9242378029375a7848241c82c
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
MD5 | c08c1fb9f976b19b4163ffe2bf98a199
Hippo CMS 7.9.7 Enterprise Edition CRLF Injection
Posted Apr 10, 2015
Authored by Provensec

Hippo CMS version 7.9.7 Enterprise Edition suffers from a CRLF header injection vulnerability.

tags | exploit
MD5 | e4648534a290ee7767526b3a4c00b12a
Pimcore CMS 3.0.5 Cross Site Request Forgery
Posted Apr 10, 2015
Authored by Provensec

Pimcore CMS version 3.0.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9ce186151d595ecab518d8fa2a18fe06
Network Solutions Webmail XSS / CSRF / Password Reset
Posted Apr 10, 2015
Authored by Cristiano Maruti

Network Solutions Webmail suffers from cross site scripting, cross site request forgery, password reset, information disclosure and various other security vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
MD5 | d149f9a85d867b4fba91af6e58f8b976
Red Hat Security Advisory 2015-0797-01
Posted Apr 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0797-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. This issue was discovered by Olivier Fourdan of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0255
MD5 | 3818ba6e5a8f096d15b77e56ac20f3ab
Red Hat Security Advisory 2015-0795-01
Posted Apr 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0795-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was discovered by Paolo Bonzini of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8106
MD5 | e0b66c9de3d868b6b422f7fa98e4d2fa
Ubuntu Security Notice USN-2566-1
Posted Apr 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2566-1 - Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2015-0840
MD5 | 9eeee3418d011a047297c293ee1de099
OrangeHRM Cross Site Scripting / SQL Injection
Posted Apr 10, 2015
Authored by Rehan Ahmed

OrangeHRM versions Opensource 3.2.1 and Professional / Enterprise 4.11 suffer from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | d8461be9dcf1cd6699fbe3476c82afaa
WebDAV Uploading Script
Posted Apr 10, 2015
Authored by AdeRoot

Simple PHP script that explores WebDAV vulnerable sites that allow arbitrary uploads.

tags | tool, arbitrary, scanner, php, file upload
systems | unix
MD5 | e2fbd18bece78993d541a38cb51e07cc
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close