exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-06-18

SAP Afaria 7 Missing Authorization Check
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP Afaria version 7 suffers from a missing authorization check vulnerability. An attacker can use a missing authorization check to access the service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks.

tags | advisory, info disclosure
advisories | CVE-2015-2816
SHA-256 | c31ed536e135ffd5dbbb2b9995e77c71bf0e3b40facee2e84ca09d91541fb8f9
SAP Afaria 7 Denial Of Service
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP Afaria version 7 suffers from a denial of service vulnerability in the XcListener module XeClient.Dll.

tags | advisory, denial of service
advisories | CVE-2015-2820
SHA-256 | 4503c9ec3011161fd5c3290385f680e3e08aa75980cccaccad5ba5c7f657478f
SAP Management Console Information Disclosure
Posted Jun 18, 2015
Authored by Dmitry Chastukhin

The management console of SAP NW version 7.4 suffers from an information disclosure vulnerability. It is possible to get some information from the web interface of CCMS without authentication. An attacker can use the information for subsequent attacks which will lead to illegal access to business-critical information.

tags | advisory, web, info disclosure
advisories | CVE-2015-2817
SHA-256 | 73f02099e08e2e93992dacd4aa1f75a2d6f6808869ba2d42d24272d2af5847e5
SAP NetWeaver Portal 7.31 XXE Injection
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

tags | advisory, denial of service, xxe
advisories | CVE-2015-2811
SHA-256 | b46458ceeb29478ddffbd1e176b6e2695088708178f75445d879b1a591dbce9f
SAP Mobile Platform 2.3 XXE Injection
Posted Jun 18, 2015
Authored by Dmitry Chastukhin

SAP Mobile Platform version 2.3 suffers from an XXE injection vulnerability. An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. An attacker can perform a DoS attack (for example, an XML Entity Expansion attack). A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access.

tags | advisory, web, arbitrary, xxe
advisories | CVE-2015-2813
SHA-256 | af39f3b02d6f59a59ac9adee1be7f700f929d9f74faaf58a79ef76213342f7ab
Debian Security Advisory 3291-1
Posted Jun 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3291-1 - Several vulnerabilities were found in drupal7, a content management platform used to power websites.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234
SHA-256 | 398bb888b259027615866997ab92ee63422e667b90163d54e5414e98edb42dd1
Packet Fence 5.2.0
Posted Jun 18, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Debian packages will now stop services preinstallation. Added drop and recreate trigger for forgotten temporary_password trigger in upgrade to 5.0. Various other fixes and updates.
tags | tool, remote
systems | unix
SHA-256 | 0f3535012548c15bcf909d7f76a066881278751704c6118f74ab92879809e3fc
SAP NetWeaver Dispatcher Buffer Overflow
Posted Jun 18, 2015
Authored by George Nosenko

SAP NetWeaver Dispatcher has the function sapac01_sapgparam() that processes the ABAP kernel call C_SAPGPARAM. This function has a buffer overflow vulnerability. The vulnerability can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
advisories | CVE-2015-2815
SHA-256 | e0d91a9cfd6ae4da1cf1d65a172beb169596c06658d1838fb88f8be6eda0f0f7
Debian Security Advisory 3290-1
Posted Jun 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3290-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-1805, CVE-2015-3636, CVE-2015-4167
SHA-256 | 0fbb263c4d3f8891b1c58ec40a1bf47156f434e76c2141d84c6407ec9eb0c713
SAP NetWeaver Portal 7.31 XXE Injection
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

tags | advisory, denial of service, xxe
advisories | CVE-2015-2812
SHA-256 | 9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059
Wonder CMS 0.6-Beta File Inclusion / Traversal / Disclosure
Posted Jun 18, 2015
Authored by indoushka

Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
SHA-256 | 397399516a0b38c8578b9229ed23840b442e7ec378ee95438a4c113226f252da
Vitubo CMS 2.3 Database Disclosure
Posted Jun 18, 2015
Authored by indoushka

Vitubo CMS version 2.3 suffers from a backup related database disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | ff364b84ea8625fba97d912d8dd6331b0c0dd9676463163ef07e5caaea3f8ae8
WordPress Revslider 4.2.2 XSS / Information Disclosure
Posted Jun 18, 2015
Authored by indoushka

WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a234
Linux/x86 NetCat Bindshell Shellcode
Posted Jun 18, 2015
Authored by B3mB4m

60 bytes small Linux/x86 netcat bindshell shellcode that attaches to port 5555.

tags | x86, shellcode
systems | linux
SHA-256 | a448460fd0c86ff40315a54f88404738d49ecd0c1b2ffbca47171f6ced35203b
Just A Forum 2.1.1 Cross Site Scripting
Posted Jun 18, 2015
Authored by indoushka

Just A Forum version 2.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f942628108d16b6d63256b6d0445ec551ce6bb7db1df80e6b5741033053809cd
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close