the original cloud security
Showing 1 - 25 of 27 RSS Feed

Files Date: 2015-04-21

WordPress Tune Library 1.5.4 SQL Injection
Posted Apr 21, 2015
Authored by Hannes Trunde

WordPress Tune Library plugin version 1.5.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-3314
MD5 | d25cdd6226389ffcb33fb957a685eee5
MIMEDefang Email Scanner 2.77
Posted Apr 21, 2015
Authored by David F. Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Various updates.
tags | tool
systems | windows, unix
MD5 | b2e840e6b71b2b915d427f87c9b46b04
SevenIT SevDesk 3.10 Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SevenIT SevDesk version 3.10 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7f59c85536b9bfc6f4584f749cd99232
Wifi Drive Pro 1.2 Local File Inclusion
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Wifi Drive Pro version 1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 0b2518ac590abd7ab48e49223fd9b24f
Linkus Photo Manager Pro 4.4.0 Local File Inclusion
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Linkus Photo Manager Pro version 4.4.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | da88c62ffe80494cbd18fc24d054ca82
Mobile Drive HD 1.8 Local File Inclusion
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Mobile Drive HD version 1.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 6ac5702a06a05e4e3effc1ddeccdbace
Linkus Photo Manager Pro 4.4.0 Code Execution
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Linkus Photo Manager Pro version 4.4.0 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 6df1a7330083b6465cbff6905ce9769b
PayPal Cross Site Scripting
Posted Apr 21, 2015
Authored by Milan A Solanki | Site vulnerability-lab.com

PayPal suffered from a cross site scripting vulnerability in the merchant directory functionality.

tags | exploit, xss
MD5 | f1ab0371d9f5163b898afcf8044ebe70
Ebay Xcom Policy CMS / API Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Ebay Policy CMS and API suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cc2ee3504e45fc06b8af933b140280ff
Ebay Magento CMS / API Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Ebay Magento CMS and API suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3e7c44abf47c5b92a8ed7cc0d9fc1f7d
Ebay Xcom Item Preview Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Ebay Xcom Item Preview functionality suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b92b97ca37abaf1fa0099b689557f458
GoAutoDial SQL Injection / Command Execution / File Upload
Posted Apr 21, 2015

GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845
MD5 | 5452a3f1b2d82caabaf2a75df9e270b5
WordPress Yoast Google Analytics Cross Site Scripting
Posted Apr 21, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a3ca19bfeb8216dbb6bbe695834f4ee9
OpenBSD 5.6 Kernel Panic
Posted Apr 21, 2015
Authored by nitr0us

Proof of concept exploit for OpenBSD versions 5.6 and below that causes a kernel panic in sys/uvm/uvm_map.c.

tags | exploit, kernel, proof of concept
systems | openbsd
MD5 | 53f6c88db8a8f280bb35ab1ebc15dea3
WordPress NEX-Forms 3.0 SQL Injection
Posted Apr 21, 2015
Authored by Claudio Viviani

WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b5464890e8416ab1e0869a03d85dbc46
Red Hat Security Advisory 2015-0863-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0863-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-7423, CVE-2015-1781
MD5 | 098773f452a18507c58bae21cb8e7442
Red Hat Security Advisory 2015-0862-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0862-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2015-0297
MD5 | 327006a88bb278150745e533eb0881ed
Red Hat Security Advisory 2015-0860-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0860-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5 year life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. They encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6.

tags | advisory
systems | linux, redhat
MD5 | 3850aee59b273cbeb344704f1f89f3f5
Red Hat Security Advisory 2015-0864-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421
MD5 | cb34cce50ff282a4708151c4579de7c9
HP Security Bulletin HPSBGN03305 1
Posted Apr 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03305 1 - A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, unix
advisories | CVE-2014-3566
MD5 | 0e04663f259e805ea42e676c0364f8f4
Ubuntu Security Notice USN-2573-1
Posted Apr 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2573-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | 8fe9bb26b3f7e673ed5310f4494263bc
Ubuntu Security Notice USN-2575-1
Posted Apr 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2575-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573
MD5 | 891bb712e6319697db0e6de0098a041a
Ubuntu Security Notice USN-2574-1
Posted Apr 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2574-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | 919f3ead14375cf74895fe4e55c28381
ProFTPd 1.3.5 Remote Command Execution
Posted Apr 21, 2015
Authored by R-73eN

ProFTPd version 1.3.5 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2015-3306
MD5 | 4d65c3a1b31af7ba028e1f7c0ad3baf6
WordPress NEX-Forms 3.0 SQL Injection
Posted Apr 21, 2015
Authored by Cleiton Pinheiro

WordPress NEX-Forms plugin version 3.0 remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | 5347cbce32457ac598271ddb58cb21b5
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close