exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2015-04-16

WordPress Ajax Store Locator 1.2 SQL Injection
Posted Apr 16, 2015
Authored by Claudio Viviani

WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fd61a90ff71456bbb57803a78ab4b9979a249f8fe9d9954c7d0fb7e5c79ff6de
D-Link/TRENDnet NCC Service Command Injection
Posted Apr 16, 2015
Authored by Michael Messner, Peter Adkins, Tiago Caetano Henriques | Site metasploit.com

This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01

tags | exploit, remote
advisories | CVE-2015-1187
SHA-256 | 35d9cdabfd053fc6c2ff7f2de254f832a73dc49048156c4f453d8ba4b3f21bc9
EMC NetWorker Buffer Overflow
Posted Apr 16, 2015
Site emc.com

EMC NetWorker contains a buffer overflow vulnerability that may potentially be exploited by attackers to launch arbitrary programs on the affected system. Versions prior to 8.0.4.3, 8.1.2.6, and 8.2.1.2 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2015-0530
SHA-256 | 9b29ea39871e0f387e2e9f76a70a44485eba4d5e2af867e099217ee1c22726a4
Huawei SEQ Analyst Cross Site Scripting
Posted Apr 16, 2015
Authored by Ugur Cihan KOC

Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2347
SHA-256 | 23d7a6ced961a189c2a32abecdb8ca98c500a122e3542a1ccc4efa230928e57e
Huawei SEQ Analyst XXE Injection
Posted Apr 16, 2015
Authored by Ugur Cihan KOC

Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-2346
SHA-256 | c7c2407779c7f1a975e407883855dddb3f3c26e41f43b310f77c4493aaafe71b
Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption
Posted Apr 16, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-1645
SHA-256 | ed3d517ee666d030f5df6830cf8981005659fc92cb0c554af44305ac144591c1
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Posted Apr 16, 2015
Authored by Jing Wang

Comsenz SupeSite CMS version 7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 691f7c89b1caa0472c8a9be37459934f77fb1772af283aa43f8a6085dcae26c0
Opoint Media Intelligence Open Redirect
Posted Apr 16, 2015
Authored by Jing Wang

Opoint Media Intelligence suffers from an open redirect vulnerability.

tags | exploit
SHA-256 | 97726adab38a15cdc9d6396ef6393518664b286821d2b8b6a2235a7c8ff95f2c
Webs ID Cross Site Scripting
Posted Apr 16, 2015
Authored by Jing Wang

Webs ID suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | aaef7499cb1976d0bbee37571ec5fba3821d04da8aff958ec521f45274f8f211
NetCat CMS 3.12 HTML Injection
Posted Apr 16, 2015
Authored by Jing Wang

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from an html injection vulnerability.

tags | exploit
SHA-256 | 431273588a8007d8827bc1ced3c02b81d49af8135143df355265d68abb2c4abf
NetCat CMS 3.12 Directory Traversal
Posted Apr 16, 2015
Authored by Jing Wang

NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | e33e315fb4f1085ac945c6ef7b991ad9217af60eb79756cf09747d1d6ddd857c
Red Hat Security Advisory 2015-0813-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0813-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
SHA-256 | 95ef1d09fff932e5503e61d52f340ec04358a2809cf0d826824d84ae441f3b0c
Debian Security Advisory 3227-1
Posted Apr 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3227-1 - John Lightsey discovered a format string injection vulnerability in the localization of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user.

tags | advisory, remote, web, arbitrary
systems | linux, debian
advisories | CVE-2015-0845
SHA-256 | 59a9b12ffa6df63a5fa049823d455c93824eaada64684d8d3ba770278ff254f6
Red Hat Security Advisory 2015-0808-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0808-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 3a0ef66142ddc689cba44201a56eaa2c9e8347b91997bee60a9a71c63fa527f3
Red Hat Security Advisory 2015-0809-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0809-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 4b311f2046eff7dae79683115dba1e897b0cf1cbe235a54fdd949b6b19abbb0f
Red Hat Security Advisory 2015-0807-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0807-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 039106c41849667381adfd1c4098bfaa8e16795be6379a83d48bb1db44757ff1
Red Hat Security Advisory 2015-0806-01
Posted Apr 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0806-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 0b4f8377127fadf61fa672c3d60031b3007cd49e491ac2c847d9a8eef1d58624
Cisco Security Advisory 20150415-csd
Posted Apr 16, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .jar file is executed. Command execution would occur with the privileges of the user. The Cache Cleaner feature has been deprecated since November 2012. There is no fixed software for this vulnerability. Cisco Secure Desktop packages that includes the affected .jar files have been removed and are not anymore available for download. Because Cisco does not control all existing Cisco Secure Desktop packages customers are advised to ensure to ensure that their Java blacklists controls have been updated to avoid potential exploitation. Refer to the "Workarounds" section of this advisory for additional information on how to mitigate this vulnerability. Customers using Cisco Secure Desktop should migrate to Cisco Host Scan standalone package.

tags | advisory, java, remote, arbitrary
systems | cisco
SHA-256 | 8428e5e7a588c0c0b16739510e6bafd25dbac9beca940e4731343b4b44cf7f15
Cisco Security Advisory 20150415-iosxr
Posted Apr 16, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface (BVI) when any of the following features are configured: Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface. A successful exploit could allow the attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds to address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 410793f468915a72f1daf1e5dc382917bf041ac8801144663e6dce5cc384f294
Debian Security Advisory 3226-1
Posted Apr 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3226-1 - adam@anope.org discovered several problems in inspircd, an IRC daemon.

tags | advisory
systems | linux, debian
SHA-256 | 0fb369c4d51c1b4aadbe940f16de4aa1a1b9830b126ce3a0ad63d3215d7dac17
Debian Security Advisory 3225-1
Posted Apr 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3225-1 - Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-0797
SHA-256 | 778d55fd27bc3cb118fb4bc6d961491b737acd09627e83c6790ae97b677852d6
WordPress WP Statistics 9.1.2 Cross Site Scripting
Posted Apr 16, 2015
Authored by Kaustubh G. Padwad

WordPress WP Statistics plugin version 9.1.2 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7417199952c4f4c2dfe0f63ea7723e48742cb4ca58d9e91e2dd4096de4abde78
Apache Spark Cluster 1.3.x Arbitrary Code Execution
Posted Apr 16, 2015
Authored by Akhil Das

Apache Spark Cluster version 1.3.x suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | fa52b7d291365e260eefbd50b902865d8d250fb29a92eebfc41a473b27334295
Microsoft Windows HTTP.sys Proof Of Concept
Posted Apr 16, 2015
Authored by rhcp011235

Microsoft Windows HTTP.sys proof of concept exploit for MS15-034.

tags | exploit, web, proof of concept
systems | windows
advisories | CVE-2015-1635
SHA-256 | b962eb94796643c1f7df4412502d1acc226c3e768498d683a56c3660db367cc2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close