what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-10

Adobe Flash Player casi32 Integer Overflow
Posted Apr 10, 2015
Authored by juan vazquez, bilou | Site metasploit.com

This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2014-0569
MD5 | 1a3b9845d08a07ae03794bce0519f44c
Mac OS X Rootpipe Privilege Escalation
Posted Apr 10, 2015
Authored by joev, wvu, Emil Kvarnhammar | Site metasploit.com

This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe. Tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as an admin user to escalate to root.

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-1130
MD5 | d58bceb05b3e631e2ed1aa2d3f0b76f8
Aircrack-ng Wireless Network Tools 1.2 RC2
Posted Apr 10, 2015
Site aircrack-ng.org

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Changes: Various improvements and bug fixes.
tags | tool, wireless
systems | unix
MD5 | ebe9d537f06f4d6956213af09c4476da
WordPress Fusion Engage Local File Disclosure
Posted Apr 10, 2015
Authored by Why Know

WordPress Fusion Engage plugin suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | c9d2cdb2a3cf510c38d0ca0a6d575fb8
TP-LINK Local File Disclosure
Posted Apr 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

tags | exploit, local
advisories | CVE-2015-3035
MD5 | 64365844e37da0b003f56f54e4464af0
WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection
Posted Apr 10, 2015
Authored by Claudio Viviani

WordPress Duplicator plugin versions 0.5.14 and below suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | 358733e9242378029375a7848241c82c
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
MD5 | c08c1fb9f976b19b4163ffe2bf98a199
Hippo CMS 7.9.7 Enterprise Edition CRLF Injection
Posted Apr 10, 2015
Authored by Provensec

Hippo CMS version 7.9.7 Enterprise Edition suffers from a CRLF header injection vulnerability.

tags | exploit
MD5 | e4648534a290ee7767526b3a4c00b12a
Pimcore CMS 3.0.5 Cross Site Request Forgery
Posted Apr 10, 2015
Authored by Provensec

Pimcore CMS version 3.0.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9ce186151d595ecab518d8fa2a18fe06
Network Solutions Webmail XSS / CSRF / Password Reset
Posted Apr 10, 2015
Authored by Cristiano Maruti

Network Solutions Webmail suffers from cross site scripting, cross site request forgery, password reset, information disclosure and various other security vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
MD5 | d149f9a85d867b4fba91af6e58f8b976
Red Hat Security Advisory 2015-0797-01
Posted Apr 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0797-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. This issue was discovered by Olivier Fourdan of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0255
MD5 | 3818ba6e5a8f096d15b77e56ac20f3ab
Red Hat Security Advisory 2015-0795-01
Posted Apr 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0795-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was discovered by Paolo Bonzini of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8106
MD5 | e0b66c9de3d868b6b422f7fa98e4d2fa
Ubuntu Security Notice USN-2566-1
Posted Apr 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2566-1 - Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2015-0840
MD5 | 9eeee3418d011a047297c293ee1de099
OrangeHRM Cross Site Scripting / SQL Injection
Posted Apr 10, 2015
Authored by Rehan Ahmed

OrangeHRM versions Opensource 3.2.1 and Professional / Enterprise 4.11 suffer from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | d8461be9dcf1cd6699fbe3476c82afaa
WebDAV Uploading Script
Posted Apr 10, 2015
Authored by AdeRoot

Simple PHP script that explores WebDAV vulnerable sites that allow arbitrary uploads.

tags | tool, arbitrary, scanner, php, file upload
systems | unix
MD5 | e2fbd18bece78993d541a38cb51e07cc
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close