Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-28

NIELD (Network Interface Events Logging Daemon) 0.6.1
Posted Apr 28, 2015
Authored by t2mune | Site nield.sourceforge.net

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.

Changes: This release includes some bug fixes.
tags | tool, kernel, system logging
systems | unix
MD5 | 9b0b45741bcdaf2d03b9ed6728f5ec3a
Red Hat Security Advisory 2015-0891-01
Posted Apr 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0891-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was found by Paolo Bonzini of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8106
MD5 | b3a0fcd7ae2ba8bd8662e011ef7ac883
Wing FTP Server Admin 4.4.5 CSRF / Cross Site Scripting
Posted Apr 28, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Wing FTP Server Admin version 4.4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 17198b67bf04123bd49be9fc5a91bacb
Red Hat Security Advisory 2015-0888-01
Posted Apr 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0888-01 - Red Hat Enterprise Virtualization Manager 3.5.1 is now available. It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-0237, CVE-2015-0257
MD5 | f8537c0f31e8dd501e224858d2413bcc
Ubuntu Security Notice USN-2581-1
Posted Apr 28, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2581-1 - Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-1322
MD5 | b95f5a502864d8faab21a70a057a19e3
Libarchive Malformed cpio Archive Crash
Posted Apr 28, 2015
Authored by Project Zero Labs, Paris Zoumpouloglou

Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19]. If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts.

tags | exploit, denial of service
systems | linux
MD5 | 202494b3df158caf728e2f3def35a83c
Untangle Cross Site Scripting / Information Disclosure
Posted Apr 28, 2015
Authored by Calum Hutton

Untangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root. They also suffer from an information disclosure vulnerability. This is a follow up discussing additional attack vectors not previously disclosed in the prior advisory.

tags | exploit, remote, root, code execution, xss, info disclosure
MD5 | eb4e53cef7fdf997f36e0a08806fb4c2
PayPal JDWP Remote Code Execution
Posted Apr 28, 2015
Authored by Milan A Solanki | Site vulnerability-lab.com

PayPal's Marketing web service suffered from a remote code execution vulnerability due to running a JDWP server.

tags | exploit, remote, web, code execution
MD5 | 0df30ada655f6262ffa2093c6145240f
SonicWall SonicOS 7.5.0.12 / 6.x Cross Site Scripting
Posted Apr 28, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SonicWall SonicOS versions 7.5.0.12 and 6.x suffer from a client-side cross site scripting vulnerability.

tags | exploit, xss
MD5 | e70b188fea42dfb0e5bd539ddae7e318
0d1n 2.0
Posted Apr 28, 2015
Authored by Cooler

0d1n is a web security tool for fuzzing various HTTP payloads. It's written in C and uses libcurl.

tags | tool, web, scanner
systems | unix
MD5 | 91899d02aa379af9550e8dcc6182ff44
InFocus IN3128HD Projector Missing Authentication
Posted Apr 28, 2015
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.

tags | exploit, web, cgi
advisories | CVE-2014-8383, CVE-2014-8384
MD5 | e263ea03f930df38de1f6bc467a26735
Mandriva Linux Security Advisory 2015-212
Posted Apr 28, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.

tags | advisory, java, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
MD5 | 92b43428127c95d9679280e8313c528a
DAWIN - Distributed Audit and Wireless Intrustion Notification 2.0
Posted Apr 28, 2015
Authored by Mark Osborne | Site loud-fat-bloke.co.uk

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

Changes: Bug fixes.
tags | tool, wireless
systems | unix
MD5 | 4f51e2e8b3f990e1704e4d30a881a3b5
ProjectSend r561 CSRF / XSS / Shell Upload
Posted Apr 28, 2015
Authored by TUNISIAN CYBER

ProjectSend version r561 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
MD5 | 1bd909727e65c9b2220c4b4786060ff9
WordPress Exquisite Ultimate Newspaper 1.3.3 Cross Site Scripting
Posted Apr 28, 2015
Authored by Osama Mahmood

WordPress Exquisite Ultimate Newspaper theme version 1.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 96783ec388e2a7ce632feecb9cfbd926
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close