exploit the possibilities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2015-04-16

WordPress Ajax Store Locator 1.2 SQL Injection
Posted Apr 16, 2015
Authored by Claudio Viviani

WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b87b641e8387dccf32236c52134b2bf5
D-Link/TRENDnet NCC Service Command Injection
Posted Apr 16, 2015
Authored by Michael Messner, Peter Adkins, Tiago Caetano Henriques | Site metasploit.com

This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01

tags | exploit, remote
advisories | CVE-2015-1187
MD5 | 5b57c7c0ff79d4325de41bfe776a35e8
EMC NetWorker Buffer Overflow
Posted Apr 16, 2015
Site emc.com

EMC NetWorker contains a buffer overflow vulnerability that may potentially be exploited by attackers to launch arbitrary programs on the affected system. Versions prior to 8.0.4.3, 8.1.2.6, and 8.2.1.2 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2015-0530
MD5 | c23fe57855c127996fd6da57816d2b55
Huawei SEQ Analyst Cross Site Scripting
Posted Apr 16, 2015
Authored by Ugur Cihan KOC

Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2347
MD5 | f4a89fb1769f765f9bb6b98b6b53c522
Huawei SEQ Analyst XXE Injection
Posted Apr 16, 2015
Authored by Ugur Cihan KOC

Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-2346
MD5 | 5284b1f07ef59d65a778895ed54cf99d
Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption
Posted Apr 16, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-1645
MD5 | 6837605e8bfab6ac2be90456e818f90d
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Posted Apr 16, 2015
Authored by Jing Wang

Comsenz SupeSite CMS version 7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 86936eb49b293d6171489c05d07ddd47
Opoint Media Intelligence Open Redirect
Posted Apr 16, 2015
Authored by Jing Wang

Opoint Media Intelligence suffers from an open redirect vulnerability.

tags | exploit
MD5 | 24d7c9680ff505067260e0c32bb10fc8
Webs ID Cross Site Scripting
Posted Apr 16, 2015
Authored by Jing Wang

Webs ID suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 7f0fdda30725a775539b9aad6791c5f1
NetCat CMS 3.12 HTML Injection
Posted Apr 16, 2015
Authored by Jing Wang

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from an html injection vulnerability.

tags | exploit
MD5 | 86668639bce04889e33a55b8461d9441
NetCat CMS 3.12 Directory Traversal
Posted Apr 16, 2015
Authored by Jing Wang

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 3928ae1b3d86cf5cb481ed11caa7b528
Red Hat Security Advisory 2015-0813-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0813-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
MD5 | 6df1ba7b1ff6c7da4eb75281caf31c0f
Debian Security Advisory 3227-1
Posted Apr 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3227-1 - John Lightsey discovered a format string injection vulnerability in the localization of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user.

tags | advisory, remote, web, arbitrary
systems | linux, debian
advisories | CVE-2015-0845
MD5 | b4c653e9292b621ad586627343bc1421
Red Hat Security Advisory 2015-0808-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0808-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | c45fc1d52088d5a197df15e212fa7a0c
Red Hat Security Advisory 2015-0809-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0809-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | cc22e05ad616afd2c70b1afb1e9e9812
Red Hat Security Advisory 2015-0807-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0807-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | 1f2103343e21b194f0a57b4c735b4363
Red Hat Security Advisory 2015-0806-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0806-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | 8aff50f264492ff23a3399bf2ab04e80
Cisco Security Advisory 20150415-csd
Posted Apr 16, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .jar file is executed. Command execution would occur with the privileges of the user. The Cache Cleaner feature has been deprecated since November 2012. There is no fixed software for this vulnerability. Cisco Secure Desktop packages that includes the affected .jar files have been removed and are not anymore available for download. Because Cisco does not control all existing Cisco Secure Desktop packages customers are advised to ensure to ensure that their Java blacklists controls have been updated to avoid potential exploitation. Refer to the "Workarounds" section of this advisory for additional information on how to mitigate this vulnerability. Customers using Cisco Secure Desktop should migrate to Cisco Host Scan standalone package.

tags | advisory, java, remote, arbitrary
systems | cisco
MD5 | e2ccbd3fab97e37dd833fbd9d3a5e0d5
Cisco Security Advisory 20150415-iosxr
Posted Apr 16, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface (BVI) when any of the following features are configured: Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface. A successful exploit could allow the attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds to address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | 63b16032d0e3a2a647d95e8a0b52da6d
Debian Security Advisory 3226-1
Posted Apr 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3226-1 - adam@anope.org discovered several problems in inspircd, an IRC daemon.

tags | advisory
systems | linux, debian
MD5 | fb2691d9cef7ea622adbf6a7b918f180
Debian Security Advisory 3225-1
Posted Apr 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3225-1 - Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-0797
MD5 | 0ba7486f2de8fc15753d36af6ccc80fa
WordPress WP Statistics 9.1.2 Cross Site Scripting
Posted Apr 16, 2015
Authored by Kaustubh G. Padwad

WordPress WP Statistics plugin version 9.1.2 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ed1090d2a309cf94eb64607f6b91474e
Apache Spark Cluster 1.3.x Arbitrary Code Execution
Posted Apr 16, 2015
Authored by Akhil Das

Apache Spark Cluster version 1.3.x suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 8fac9ef50dbd9ad92f242c7ff1c659e2
Microsoft Windows HTTP.sys Proof Of Concept
Posted Apr 16, 2015
Authored by rhcp011235

Microsoft Windows HTTP.sys proof of concept exploit for MS15-034.

tags | exploit, web, proof of concept
systems | windows
advisories | CVE-2015-1635
MD5 | 0a19a920efc724f7ae7ac80c340767d7
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close