what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 389 RSS Feed

Files Date: 2015-05-01 to 2015-05-31

Dolibarr 3.5 / 3.6 HTML Injection
Posted May 30, 2015
Authored by NaxoneZ

Dolibarr versions 3.5 and 3.6 suffer from an html injection vulnerability.

tags | exploit, xss
advisories | CVE-2015-3935
SHA-256 | 9f00b2420b60681ea925cc5da4b190b35ab50e4a25ec8237ea484ea6ff025c54
PonyOS 3.0 ELF Loader Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below ELF loader privilege escalation exploit.

tags | exploit
systems | linux
SHA-256 | 5c60cb1d2f49bf795a8889604606129d0372cc6882e3aade50ddafda87ca714c
PonyOS 3.0 VFS Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below VFS privilege escalation exploit.

tags | exploit
SHA-256 | ef480619bfd3cba06fec4e08ff8068c41ddf33aebf80b9fb5a1574099b479586
HP Security Bulletin HPSBMU03263 3
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3
HP Security Bulletin HPSBGN03332 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-3566
SHA-256 | cb810cc00faa60f39ac5e93a3c429e996fe9dc854eeaed218dbb42a7380d0270
Debian Security Advisory 3274-1
Posted May 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2015-3456
SHA-256 | e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551e
HP Security Bulletin HPSBMU03223 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567
SHA-256 | 36ba059b9acedf2bacaf76b60979c8057c5973ea903070f309a681ca4a388e4a
HP Security Bulletin HPSBMU03261 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489
HP Security Bulletin HPSBMU03267 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597d
Realtek SDK Miniigd UPnP SOAP Command Execution
Posted May 29, 2015
Authored by Michael Messner, Ricky Lawshae | Site metasploit.com

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.

tags | exploit
advisories | CVE-2014-8361
SHA-256 | a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bff
Airties login-cgi Buffer Overflow
Posted May 29, 2015
Authored by Michael Messner, Batuhan Burakcin | Site metasploit.com

This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.

tags | exploit, remote, web, overflow, cgi
SHA-256 | e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9a
D-Link Devices UPnP SOAPAction-Header Command Execution
Posted May 29, 2015
Authored by Craig Heffner, Samuel Huntley | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR

tags | exploit
SHA-256 | e20ef0dd89ff88caf92c753721ba8454b95e56f6cc1668c930745008c71c7246
Flash Timing Side-Channel Data Exfiltration
Posted May 29, 2015
Authored by Jann Horn

Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.

tags | exploit, remote, arbitrary, local
systems | linux
SHA-256 | 4020cca47ad48bad8205cc27d4fc29cfb9c596aa0ec345c05d58ff93a38af714
ESC 8832 Data Controller Session Hijacking
Posted May 29, 2015
Authored by Balazs Makany

ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.

tags | exploit
SHA-256 | ca946d1c96a67953dcdbf356af61138199a591b19f2e94b31632830e11113290
Smart PCAP Replay 1.0
Posted May 29, 2015
Authored by Srinivas Naik

This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.

tags | tool, sniffer, python
systems | unix
SHA-256 | bbc82f1d4197ab39b95472137a8ac96adbcfc361152b02976825089cc906d144
Sypex Dumper 2.0.11 Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a557a41cc14f0fa4371e88173d14cc9d2536437e1d9f3a70dba00fcae55b4b4b
JSPAdmin 1.1 SQL Injection / CSRF / Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

JSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 8c8845746909deb94bd650f31176c3002998cc354834cd3fceef8f287bc9ffb3
60+ Vulnerabilities In 22 SOHO Routers
Posted May 29, 2015
Authored by Ivan Sanz de Castro, Alvaro Folgado Rueda, Jose Antonio Rodriguez Garcia

SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
SHA-256 | b2f2c880262864949aed2787d7dbd1a1af58648ac6dc6fce4d75c119ce30c8a3
HP Security Bulletin HPSBHF03340 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.

tags | advisory, local
systems | linux
advisories | CVE-2015-2124
SHA-256 | 355c585f8c958b94f6362d293f801561c9df1b4c0315d1c836d83e169585da08
Invision Power Board 3.4.7 SQL Injection
Posted May 29, 2015
Authored by ZeroDay

Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ccc8d7042208971ccc1a5b517c5d3acce70ae9a88bb02dfb50ca9bb3a7a31ca2
Vevocart 6.1.0 Open Redirect
Posted May 29, 2015
Authored by Provensec

Vevocart version 6.1.0 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | d7f23912aab51e824ef12b4488419191ca88592fdd7e16d5a9c8952118503303
Red Hat Security Advisory 2015-1036-01
Posted May 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1036-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.

tags | advisory
systems | linux, redhat
SHA-256 | d2e0c17affa830afe1a1ad1eff98ae0f3a89714fee0222c369f3e0e243d70634
IBM Cognos Business Intelligence Developer 10.2.1 Open Redirect
Posted May 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

IBM Cognos Business Intelligence Developer version 10.2.1 suffers from an open redirect vulnerability.

tags | exploit
SHA-256 | 28924269aaba0ce326079ba87bd57cf6995c1fd3254a0b20b6537b162200cbc8
Red Hat Security Advisory 2015-1035-01
Posted May 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1035-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.

tags | advisory
systems | linux, redhat
SHA-256 | e694d8ca9b7e3ffb1d3dd16773c21b80781c27b7ec0d8faf9f2bbe5dfdb9323a
D-Link Bypass / Buffer Overflow
Posted May 28, 2015
Authored by Gergely Eberhardt

SEARCH-LAB performed an independent security assessment on four different D-Link devices. The assessment has identified altogether 53 unique vulnerabilities in the latest firmware (dated 30-07-2014). Several vulnerabilities can be abused by a remote attacker to execute arbitrary code and gain full control over the devices.

tags | advisory, remote, overflow, arbitrary, vulnerability, bypass
advisories | CVE-2014-7857, CVE-2014-7858, CVE-2014-7859, CVE-2014-7860
SHA-256 | 1171f7b6ef3b9988b436da7e93b267aab8de442398c22cf0acfa717cbfa2ab37
Page 1 of 16
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close