exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-06-11

Adobe Connect 9.3 Cross Site Scripting
Posted Jun 11, 2015
Authored by Stas Volfus

Adobe Connect version 9.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-0343
MD5 | 8b5ec98948680db8013e07e9c0c10ace
SAP XXE / Hardcoded Credentials / SQL Injection / Overflow
Posted Jun 11, 2015
Authored by Darya Maenkova, Diana Grigorieva, Rustem Gazizov, Vahagn Vardanyan

SAP has released the monthly critical patch update for June 2015. This patch update closes buffer overflow, remote SQL injection, XML eXternal Entity, and hardcoded credentials vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection, xxe
advisories | CVE-2015-0204
MD5 | 680c9cc97c7b164193a3f73ab1a62590
Subversion HTTP Servers svn:author Spoofing
Posted Jun 11, 2015
Authored by Bruno Luiz

Subversion's mod_dav_svn server allows setting arbitrary svn:author property values when committing new revisions. This can be accomplished using a specially crafted sequence of requests. An evil-doer can fake svn:author values on his commits. However, as authorization rules are applied to the evil-doer's true username, forged svn:author values can only happen on commits that touch the paths the evil-doer has write access to.

tags | advisory, arbitrary
advisories | CVE-2015-0251
MD5 | 4d10a37d4cdda913b01f920dc6d7b199
WordPress SE HTML5 Album Audio Player 1.1.0 Directory Traversal
Posted Jun 11, 2015
Authored by Larry W. Cashdollar

WordPress SE HTML5 Album Audio Player plugin version 1.1.0 suffers from a traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-4414
MD5 | 2e58e9129fd23166f3d0f0b4ccdd7f8d
Cisco Security Advisory 20150611-iosxr
Posted Jun 11, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet. The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition. Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.

tags | advisory, remote
systems | cisco, osx
MD5 | 0edeb62a9b31598a5564ccf5818e288a
Red Hat Security Advisory 2015-1092-01
Posted Jun 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1092-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. All ceph-deploy users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3010, CVE-2015-4053
MD5 | bbf120a69ec36a7ab9d55ff99ab219f3
HP Security Bulletin HPSBUX03337 SSRT102066 1
Posted Jun 11, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
systems | hpux
advisories | CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0227, CVE-2014-0231, CVE-2014-8142, CVE-2014-9709, CVE-2015-0231, CVE-2015-0273, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2783
MD5 | 9fa4f2401a0eae76949782536773bbd8
Red Hat Security Advisory 2015-1090-01
Posted Jun 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1090-01 - The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-1863, CVE-2015-4142
MD5 | d6ce4c7cd93ea368d6457fb311096ab6
Red Hat Security Advisory 2015-1091-01
Posted Jun 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1091-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808
MD5 | 10f6ceb686ef62dd74df4c19f1801f24
Ubuntu Security Notice USN-2639-1
Posted Jun 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2639-1 - Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 2c3551d061da6c9e5814baac637399ce
6kbbs 7.1 / 8.0 Weak Cryptography
Posted Jun 11, 2015
Authored by Jing Wang

6kbbs versions 7.1 and 8.0 suffer from a weak cryptography implementation due to using md5.

tags | advisory
MD5 | 29ee208ba72305cc7d9ca01647878d0c
FC2 / Rakuten Cross Site Scripting
Posted Jun 11, 2015
Authored by Jing Wang

FC2 and Rakuten Online websites suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 6b6de2c51c6d19958a96a738705b7c9a
Linux/x86 execve /bin/sh Shellcode
Posted Jun 11, 2015
Authored by B3mB4m

21 bytes small Linux/x86 execve /bin/sh shellcode.

tags | x86, shellcode
systems | linux
MD5 | c287bc92808aa63cab5bb9fa97fafde7
Projectsend r572 Cross Site Scripting
Posted Jun 11, 2015
Authored by Matt Landers

Projectsend r572 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c89965c9ead52a5fdcbead6f5eecf9e7
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
MD5 | 1df4218448d7ac2e97f07d47f005d627
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload
Posted Jun 11, 2015
Authored by Larry W. Cashdollar

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2015-4455
MD5 | c2522a04cd0e6678c71b6b5169fd37cb
Heroku Session Validation Issue
Posted Jun 11, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

An application-side re-auth session bypass vulnerability has been discovered in the official Heroku API and web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re-authentication module.

tags | exploit, web, bypass
MD5 | a5cb4ed98ef51941dc4509bb79775d71
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close