Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-06-17

Red Hat Security Advisory 2015-1123-01
Posted Jun 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1123-01 - CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface.

tags | advisory, web, arbitrary, xss
systems | linux, redhat, unix
advisories | CVE-2014-9679, CVE-2015-1158, CVE-2015-1159
MD5 | 2e32d194ff392fe52ad5b04920e23958
HP Security Bulletin HPSBGN03338 1
Posted Jun 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03338 1 - A potential security vulnerability has been identified with HP Service Manager running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as RC4 cipher Bar Mitzvah vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
MD5 | 853ad870a64c4e18fd5977944e0d2662
HP Security Bulletin HPSBGN03350 1
Posted Jun 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03350 1 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2802, CVE-2015-2808
MD5 | b14ae01017e088967f09f817a8d812e0
Wireshark Analyzer 1.12.6
Posted Jun 17, 2015
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes and updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 25ad2bc1c2a21396827c238fcff51bf3
Vesta Control Panel 0.9.8 OS Command Injection
Posted Jun 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.

tags | exploit
advisories | CVE-2015-4117
MD5 | fb3a3c212342c3db095b9b1a561d048b
SearchBlox 8.2 Cross Site Scripting
Posted Jun 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.ch

SearchBlox version 8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-3422
MD5 | 4db941079c61936d5658f09ace5d1b1a
VCE Vision(TM) Intelligent Operations Cryptographic / Cleartext Issues
Posted Jun 17, 2015
Site support.vce.com

VCE Vision(TM) software versions prior to 2.6.5 have been identified to contain security vulnerabilities that may potentially be leveraged by a malicious user to obtain sensitive information. A weak cryptographic scheme exists in the system library and a cleartext transmission issue exists in the plugin for VMware vCenter.

tags | advisory, vulnerability
advisories | CVE-2015-4056, CVE-2015-4057
MD5 | 98d9d170eeb9b1635d904c56157cc8cd
Symantec Encryption Gateway Remote Command Injection
Posted Jun 17, 2015
Authored by Mohammad Reza Espargham

Symantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected.

tags | exploit, remote
advisories | CVE-2014-7288
MD5 | 7fc7e78c2d1a60dbaadea1f0a6dfebb0
BIGACE 2.7.8 Cross Site Scripting / File Upload
Posted Jun 17, 2015
Authored by indoushka

BIGACE version 2.7.8 suffers from cross site scripting and file upload vulnerabilities.

tags | exploit, vulnerability, xss, file upload
MD5 | 335f4ac5301b78ce7de799bfd591bfa0
Audio Share 2.0.2 Cross Site Scripting / Remote File Inclusion
Posted Jun 17, 2015
Authored by indoushka

Audio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
MD5 | 87dbe5654f1bb499c6f36ba0ce6edf90
Alitalk 1.80 SQL Injection / Bypass
Posted Jun 17, 2015
Authored by indoushka

Alitalk version 1.80 suffers from various bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
MD5 | 9343d26348f07100a77faaa97d16f0a1
4images 1.7.11 File Inclusion
Posted Jun 17, 2015
Authored by indoushka

4images version 1.7.11 suffers from inclusion vulnerabilities due to trusting the host header.

tags | exploit, vulnerability, code execution, file inclusion
MD5 | 9ec83b71fff45ac0a1c71dd4cf38a54c
Imagevue 2.8.9 XSS / Password Disclosure
Posted Jun 17, 2015
Authored by indoushka

Imagevue version 2.8.9 suffers from cross site scripting and password disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 5b62dace2781d0409f04d07462e9bb1e
MantisBT 1.3.0 File Download
Posted Jun 17, 2015
Authored by indoushka

MantisBT version 1.3.0 suffers from a remote file download vulnerability.

tags | exploit, remote, info disclosure
MD5 | ea987d3cd74615d333154825305e064a
Linux/x86 chmod('/etc/gshadow','777') Shellcode
Posted Jun 17, 2015
Authored by Mohammad Reza Espargham

37 bytes small Linux/x86 chmod('/etc/gshadow','777') shellcode.

tags | x86, shellcode
systems | linux
MD5 | 1b10e6eedde05cfb7136e46c0b829726
Unauthorized Cross-App Resource Access On Mac OS X And iOS
Posted Jun 17, 2015
Authored by XiaoFeng Wang, Xiaojing Liao, Kai Chen, Luyi Xing, Xiaolong Bai, Tongxin Li

The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.

tags | paper
systems | cisco, apple, osx, ios
MD5 | 34ca33c5c84fc14daeecd87c3ead4da7
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close