what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-06-17

Red Hat Security Advisory 2015-1123-01
Posted Jun 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1123-01 - CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface.

tags | advisory, web, arbitrary, xss
systems | linux, redhat, unix
advisories | CVE-2014-9679, CVE-2015-1158, CVE-2015-1159
SHA-256 | b8be18fe93feda9e83358ade06c07fbf33652b9dedfb62d9a8e3b997ce16a542
HP Security Bulletin HPSBGN03338 1
Posted Jun 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03338 1 - A potential security vulnerability has been identified with HP Service Manager running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as RC4 cipher Bar Mitzvah vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | f73faeaa3c71b97758427a435b20b04199bd569651d10e0bdb1c92b0a1354ca4
HP Security Bulletin HPSBGN03350 1
Posted Jun 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03350 1 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2802, CVE-2015-2808
SHA-256 | fe1d558fbe29c55c7783573f0e8ce2e327d549008101137a3d8ffbedd47b5e51
Wireshark Analyzer 1.12.6
Posted Jun 17, 2015
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes and updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 22ac0cc872f12cef9bb2cacfe0720eed8533dc5cea102d21de511620606cb3b6
Vesta Control Panel 0.9.8 OS Command Injection
Posted Jun 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.

tags | exploit
advisories | CVE-2015-4117
SHA-256 | 8afef03dc758fc7e9258cea86f2165628c4ee859debcb92aa2ea90cfb8973453
SearchBlox 8.2 Cross Site Scripting
Posted Jun 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.ch

SearchBlox version 8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-3422
SHA-256 | c50cf93766fdeb247be5b7f551e3e1f70a06620929967b43da8b53e840f1e73c
VCE Vision(TM) Intelligent Operations Cryptographic / Cleartext Issues
Posted Jun 17, 2015
Site support.vce.com

VCE Vision(TM) software versions prior to 2.6.5 have been identified to contain security vulnerabilities that may potentially be leveraged by a malicious user to obtain sensitive information. A weak cryptographic scheme exists in the system library and a cleartext transmission issue exists in the plugin for VMware vCenter.

tags | advisory, vulnerability
advisories | CVE-2015-4056, CVE-2015-4057
SHA-256 | 51ade347570617484b11d1238e172c175ac13263924dc5c99651107083d0793c
Symantec Encryption Gateway Remote Command Injection
Posted Jun 17, 2015
Authored by Mohammad Reza Espargham

Symantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected.

tags | exploit, remote
advisories | CVE-2014-7288
SHA-256 | e6ac92a40468adfad041080b0dc12276912bcdfa8a08e999f17136b0003f5f9e
BIGACE 2.7.8 Cross Site Scripting / File Upload
Posted Jun 17, 2015
Authored by indoushka

BIGACE version 2.7.8 suffers from cross site scripting and file upload vulnerabilities.

tags | exploit, vulnerability, xss, file upload
SHA-256 | 33159b3a9180da99ad88ee3d773bbc6ec6a99088dc5297a33bf65aaf68c6079d
Audio Share 2.0.2 Cross Site Scripting / Remote File Inclusion
Posted Jun 17, 2015
Authored by indoushka

Audio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | a3a8905088e570ff7fa1984524f21cf56f5f55619ab6518165d24f7c5f880f37
Alitalk 1.80 SQL Injection / Bypass
Posted Jun 17, 2015
Authored by indoushka

Alitalk version 1.80 suffers from various bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 8471cf9736c040db77b8cbf37badbcfdb3f137f9f3664d06af4cbb5b1d6b2457
4images 1.7.11 File Inclusion
Posted Jun 17, 2015
Authored by indoushka

4images version 1.7.11 suffers from inclusion vulnerabilities due to trusting the host header.

tags | exploit, vulnerability, code execution, file inclusion
SHA-256 | 58c8498e8bf4f00d45c7e52fd8d323c053bb404232140cfc9cb9537707c06ec0
Imagevue 2.8.9 XSS / Password Disclosure
Posted Jun 17, 2015
Authored by indoushka

Imagevue version 2.8.9 suffers from cross site scripting and password disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | da17b864a9c9189ea39befb9d3b0dd1691517d8f6afb17b6cddc81e4e0716486
MantisBT 1.3.0 File Download
Posted Jun 17, 2015
Authored by indoushka

MantisBT version 1.3.0 suffers from a remote file download vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1e
Linux/x86 chmod('/etc/gshadow','777') Shellcode
Posted Jun 17, 2015
Authored by Mohammad Reza Espargham

37 bytes small Linux/x86 chmod('/etc/gshadow','777') shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 7835ef8dd303091aaa34f09e786f8af1c69d6250ccbffb724347d83a9ab3dcce
Unauthorized Cross-App Resource Access On Mac OS X And iOS
Posted Jun 17, 2015
Authored by XiaoFeng Wang, Xiaojing Liao, Kai Chen, Luyi Xing, Xiaolong Bai, Tongxin Li

The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.

tags | paper
systems | cisco, apple, osx, ios
SHA-256 | ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4f
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close