what you don't know can hurt you
Showing 1 - 25 of 27 RSS Feed

Files Date: 2015-04-21

WordPress Tune Library 1.5.4 SQL Injection
Posted Apr 21, 2015
Authored by Hannes Trunde

WordPress Tune Library plugin version 1.5.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-3314
SHA-256 | 2931fb6c373d55fd921ef587bf5ef92aa275394f123b701795f90f8bc9d6476d
MIMEDefang Email Scanner 2.77
Posted Apr 21, 2015
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Various updates.
tags | tool
systems | windows, unix
SHA-256 | d5f85301af3dffe3b4bd14bf60a3e2180bbd06498604df89c6458c561238d3fe
SevenIT SevDesk 3.10 Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SevenIT SevDesk version 3.10 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 32901659aaff584a67884ca5d0a5cbdbd7d3030eac6aeec3e5f69e47058f4e08
Wifi Drive Pro 1.2 Local File Inclusion
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Wifi Drive Pro version 1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | c5cf5d3f463bf90cc37405e42f2ed0f1feba8800be2c7df9bc9363ef6c8a6500
Linkus Photo Manager Pro 4.4.0 Local File Inclusion
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Linkus Photo Manager Pro version 4.4.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b614388f9b4c56cef7c47d2b254c9e8138617bec9ef83f17c6453718b3ce62ab
Mobile Drive HD 1.8 Local File Inclusion
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Mobile Drive HD version 1.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 5666a93c4bdae7dc1cd57519a7bbf8bf25003b817d748de7aa3502b66c378287
Linkus Photo Manager Pro 4.4.0 Code Execution
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Linkus Photo Manager Pro version 4.4.0 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 17f43a96d245003246de2b030644e3fb197c4bc15ff7079485eb6279503bef62
PayPal Cross Site Scripting
Posted Apr 21, 2015
Authored by Vulnerability Laboratory, Milan A Solanki | Site vulnerability-lab.com

PayPal suffered from a cross site scripting vulnerability in the merchant directory functionality.

tags | exploit, xss
SHA-256 | cb16d835e91864e2fd12a56e0f8d4b54c672986a7f464fbd094742ce8da23445
Ebay Xcom Policy CMS / API Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Ebay Policy CMS and API suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 640f7802754c69626702ae63de020270df5f0b938065c4221335903f9286ca71
Ebay Magento CMS / API Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Ebay Magento CMS and API suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 79dddf1cb7c553ddf29b677cd9a9b41786da11bff0463642c273fbe7690594d9
Ebay Xcom Item Preview Cross Site Scripting
Posted Apr 21, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Ebay Xcom Item Preview functionality suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6a48404cf1eebbb0f5b22ddcaa8f5c2dae1874b532ef5baa0057bd698d548ad4
GoAutoDial SQL Injection / Command Execution / File Upload
Posted Apr 21, 2015

GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845
SHA-256 | 7256456084495a4dbe3a66cfe151aa2d0781d6b24ed4d1d7335c61904ecd970c
WordPress Yoast Google Analytics Cross Site Scripting
Posted Apr 21, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8
OpenBSD 5.6 Kernel Panic
Posted Apr 21, 2015
Authored by nitr0us

Proof of concept exploit for OpenBSD versions 5.6 and below that causes a kernel panic in sys/uvm/uvm_map.c.

tags | exploit, kernel, proof of concept
systems | openbsd
SHA-256 | 85418d5d6e75f156c9e54a0e8d83c42c375ef65d5592db9ab51ada3a7746d9f6
WordPress NEX-Forms 3.0 SQL Injection
Posted Apr 21, 2015
Authored by Claudio Viviani

WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f3d2ee0169a4862b50a26f4db64ebb0dd910007cf1db21e531bf128f5fd07b11
Red Hat Security Advisory 2015-0863-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0863-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-7423, CVE-2015-1781
SHA-256 | 3fda2d2de3dbc012f471e38333e69c22019fc8670e36541d0d45378234b7d9c9
Red Hat Security Advisory 2015-0862-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0862-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2015-0297
SHA-256 | 8eda90a855ac3577489468360a9085f7348941cc9faa95b71d882d2291f4609d
Red Hat Security Advisory 2015-0860-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0860-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5 year life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. They encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6.

tags | advisory
systems | linux, redhat
SHA-256 | 67a38b67f6434c96462afc823db59e7213b4f71c7938118b7b4627462d8b5991
Red Hat Security Advisory 2015-0864-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421
SHA-256 | 24e7a0f27ae4cfb8cbaeef49a7e9203298bb317a8eb324c5b8f16adb18278828
HP Security Bulletin HPSBGN03305 1
Posted Apr 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03305 1 - A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, unix
advisories | CVE-2014-3566
SHA-256 | 5fb16d90b23b1ad2f3685f6f2de7e6587f649473276261eb9d829f2bebb968f5
Ubuntu Security Notice USN-2573-1
Posted Apr 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2573-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 096e77766a83ea828d4b314e6b7b24c9ce7b6edc5965bc693fcea4a155666ee0
Ubuntu Security Notice USN-2575-1
Posted Apr 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2575-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573
SHA-256 | bf0daf90f0197bb158b3217908da68b65033335c6f6a3f5ab6b2f4607c225707
Ubuntu Security Notice USN-2574-1
Posted Apr 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2574-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 0683424e8df590c4b914011d9c5b55a874444f3daa07b619898decc714cd7093
ProFTPd 1.3.5 Remote Command Execution
Posted Apr 21, 2015
Authored by R-73eN

ProFTPd version 1.3.5 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2015-3306
SHA-256 | 33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9
WordPress NEX-Forms 3.0 SQL Injection
Posted Apr 21, 2015
Authored by Cleiton Pinheiro

WordPress NEX-Forms plugin version 3.0 remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | ea15e9b2d9dd075be1540595aba9beb5f09e85bb2b6295eb3c61de9681bde77b
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close