Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-06-12

FreeBSD Security Advisory - OpenSSL
Posted Jun 12, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 3fb8aa902f8c2dc20a490d919de2a423
ZENWorks Mobile Management 3.1.0 Cross Site Scripting
Posted Jun 12, 2015
Authored by Ludwig Stage

ZENWorks Mobile Management version 3.1.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 375993c89ce698acd323f96f226d1299
ZCMS 1.1 Cross Site Scripting / SQL Injection
Posted Jun 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ZCMS version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2015-7346, CVE-2015-7347
MD5 | cec4ab905829c9ba8b78bd6255a8a89d
Slackware Security Advisory - openssl Updates
Posted Jun 12, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | dc381c79496ca87aed7db7712ab261e3
Slackware Security Advisory - php Updates
Posted Jun 12, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2006-7243, CVE-2015-2325, CVE-2015-2326, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026
MD5 | 6660c288fd43787965cfe1f0492a8995
OpenSSL Toolkit 1.0.2b
Posted Jun 12, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Infinite loop on malformed ECParameters structure addressed. PKCS7 crash addressed. Various other issues addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 7729b259e2dea7d60b32fc3934d6984b
TOR Virtual Network Tunneling Tool 0.2.6.9
Posted Jun 12, 2015
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the requirements for receiving an HSDir flag, and addresses some other small bugs in the systemd and sandbox code. Clients using circuit isolation should upgrade; all directory authorities should upgrade.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 4a1b334c30d7b37ea72fa33425220d5d
Concrete5 5.7.4 SQL Injection
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a86a67533b104a9a04ac54e69e6dbc4c
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 52fa2b017d1038fdac8e8eb582abd41a
Nakid CMS CSRF / XSS / Local File Inclusion
Posted Jun 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Nakid CMS suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion, csrf
MD5 | e1a9ae46cba41fc7fcc223b398b90a32
Concrete5 5.7.3.1 sendmail Remote Code Execution
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 39c25351d8a9a7d81649b89b2338e528
HP WebInspect 10.4 XML External Entity
Posted Jun 12, 2015
Authored by Jakub Palaczynski

HP WebInspect versions 7.x, 8.x, 9.x, and 10.0 through 10.4 suffer from an XML external entity vulnerability.

tags | exploit, xxe
advisories | CVE-2015-2125
MD5 | 83df9347b4144f3dc5ec49faef846253
D-Link DSP-W110 Command Execution / SQL Injection / File Upload
Posted Jun 12, 2015
Authored by Peter Adkins

D-Link DSP-W110 suffers from command execution, remote file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
MD5 | 60368f45a9e5e9dc027e8f88c36e226f
OSSEC 2.8.1 Local Root Escalation
Posted Jun 12, 2015
Authored by Andrew Widdersheim

OSSEC versions 2.7 through 2.8.1 suffer from a local root escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2015-3222
MD5 | 4e2e051bb58c0f799efb726e9f508404
WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read
Posted Jun 12, 2015
Authored by Kuroi SH

WordPress Paypal Currency Converter Basic For Woocommerce plugin version 1.3 suffers from a remote file read vulnerability.

tags | exploit, remote
MD5 | f6d641605b706b985da50764f54ed853
WordPress History Collection 1.1.1 Arbitrary File Download
Posted Jun 12, 2015
Authored by Kuroi SH

WordPress History Collection versions 1.1.1 and below suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 323cb6564cb020abffd15ee013021e37
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close