all things security
Showing 1 - 25 of 389 RSS Feed

Files Date: 2015-05-01 to 2015-05-31

Dolibarr 3.5 / 3.6 HTML Injection
Posted May 30, 2015
Authored by NaxoneZ

Dolibarr versions 3.5 and 3.6 suffer from an html injection vulnerability.

tags | exploit, xss
advisories | CVE-2015-3935
MD5 | 6178584ea0c1af3b9763b6856eca434b
PonyOS 3.0 ELF Loader Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below ELF loader privilege escalation exploit.

tags | exploit
systems | linux
MD5 | a91393a17d0b0be780043e13a8e5bc2a
PonyOS 3.0 VFS Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below VFS privilege escalation exploit.

tags | exploit
MD5 | 2ba0e89bd2b09e240d23ec4d69a1fa7b
HP Security Bulletin HPSBMU03263 3
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | 4dcf9410e2b2d05ded7c38ebaa8868bd
HP Security Bulletin HPSBGN03332 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-3566
MD5 | f2d66a55f98bcf0d0b7b594b659a35ad
Debian Security Advisory 3274-1
Posted May 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2015-3456
MD5 | 71443fc7c69bfcab20e7eb1ab88349bb
HP Security Bulletin HPSBMU03223 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567
MD5 | 0df3665f2e015d12453d2d569d1f0ca3
HP Security Bulletin HPSBMU03261 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | 388033c447c7f33f34f8050665d2febf
HP Security Bulletin HPSBMU03267 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | 4d4224e68626e86dd98e27f95e93ecda
Realtek SDK Miniigd UPnP SOAP Command Execution
Posted May 29, 2015
Authored by Michael Messner, Ricky Lawshae | Site metasploit.com

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.

tags | exploit
advisories | CVE-2014-8361
MD5 | 72b8fb778fd1fdd823f1a701f3594e09
Airties login-cgi Buffer Overflow
Posted May 29, 2015
Authored by Michael Messner, Batuhan Burakcin | Site metasploit.com

This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.

tags | exploit, remote, web, overflow, cgi
MD5 | 24fc892e9293e536950a82cf2c9c2bc1
D-Link Devices UPnP SOAPAction-Header Command Execution
Posted May 29, 2015
Authored by Craig Heffner, Samuel Huntley | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR

tags | exploit
MD5 | 9120bc404ccb10c6abc177860b52fe17
Flash Timing Side-Channel Data Exfiltration
Posted May 29, 2015
Authored by Jann Horn

Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.

tags | exploit, remote, arbitrary, local
systems | linux
MD5 | bf466e892df822f79e5d6bdb528cc1cf
ESC 8832 Data Controller Session Hijacking
Posted May 29, 2015
Authored by Balazs Makany

ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.

tags | exploit
MD5 | 6ce1da56bad1f48c668cb9252a4e75b4
Smart PCAP Replay 1.0
Posted May 29, 2015
Authored by Srinivas Naik

This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.

tags | tool, sniffer, python
systems | unix
MD5 | f67567bc74e9ae13b343617007b2eec8
Sypex Dumper 2.0.11 Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | bb25866ae6bb9ac5cdc4f226fbd896dc
JSPAdmin 1.1 SQL Injection / CSRF / Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

JSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 2edcffd18bcf1a67406d14393098f47c
60+ Vulnerabilities In 22 SOHO Routers
Posted May 29, 2015
Authored by Ivan Sanz de Castro, Alvaro Folgado Rueda, Jose Antonio Rodriguez Garcia

SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
MD5 | 883b458f340bf4b144ed04e1de200778
HP Security Bulletin HPSBHF03340 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.

tags | advisory, local
systems | linux
advisories | CVE-2015-2124
MD5 | bf1c8f23e4e798b47e992453b1f3e499
Invision Power Board 3.4.7 SQL Injection
Posted May 29, 2015
Authored by ZeroDay

Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c6b333a75080c99e68840b1e0f23508b
Vevocart 6.1.0 Open Redirect
Posted May 29, 2015
Authored by Provensec

Vevocart version 6.1.0 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 7f2c968a5b692ef42facdc007e1114fc
Red Hat Security Advisory 2015-1036-01
Posted May 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1036-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.

tags | advisory
systems | linux, redhat
MD5 | daecefa60d857eabb4e76720055c7576
IBM Cognos Business Intelligence Developer 10.2.1 Open Redirect
Posted May 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

IBM Cognos Business Intelligence Developer version 10.2.1 suffers from an open redirect vulnerability.

tags | exploit
MD5 | d0f597d01edffb1a8baa3020c640a149
Red Hat Security Advisory 2015-1035-01
Posted May 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1035-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.

tags | advisory
systems | linux, redhat
MD5 | dfad7c2a9c4f88fef266d79df6e92138
D-Link Bypass / Buffer Overflow
Posted May 28, 2015
Authored by Gergely Eberhardt

SEARCH-LAB performed an independent security assessment on four different D-Link devices. The assessment has identified altogether 53 unique vulnerabilities in the latest firmware (dated 30-07-2014). Several vulnerabilities can be abused by a remote attacker to execute arbitrary code and gain full control over the devices.

tags | advisory, remote, overflow, arbitrary, vulnerability, bypass
advisories | CVE-2014-7857, CVE-2014-7858, CVE-2014-7859, CVE-2014-7860
MD5 | a1ae8e94119cb1bfb84853acb7bcd65e
Page 1 of 16
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close