exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-06-29

libpcap 1.7.4
Posted Jun 29, 2015
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

Changes: Included fix for GitHub issue #424.
tags | library
systems | unix
MD5 | b2e13142bbaba857ab1c6894aedaf547
GetSimple CMS 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7c4ef3ce65c1d171e0e683df45de5422
MODX Revolution 2.3.3-pl Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 47fa7a928e892b39aca73f0575aaa4b1
Fiyo CMS 2.0_1.9.1 SQL Injection
Posted Jun 29, 2015
Authored by cfreer

Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3934
MD5 | 84b1de5448b1f7473baa16ed1a94373f
Novius OS 5.0.1-elche XSS / LFI / Open Redirect
Posted Jun 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2015-5354, CVE-2015-5353
MD5 | 1ba733e4bbbd7191237d66f6a53bebdd
CollabNet Subversion Edge Management downloadHook LFI
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.

tags | exploit, arbitrary, local, file inclusion
MD5 | d5ce5862a5fb534d071ac3f51a8f83b5
CollabNet Subversion Edge Management Credential Leak
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.

tags | exploit, info disclosure
MD5 | da6edffc6850b8f6549b321fba26329f
Microsec e-Szigno / Netlock Mokka XML Signature Wrapping
Posted Jun 29, 2015
Authored by Imre Rad

Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.

tags | advisory
advisories | CVE-2015-3931, CVE-2015-3932
MD5 | 47183f89b14f6e7c9b5b026c7106b06d
ESRS VE 3.0x Certificate Validation / Insufficient Randomness
Posted Jun 29, 2015
Site emc.com

Secure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.

tags | advisory, remote, spoof
advisories | CVE-2015-0543, CVE-2015-0544
MD5 | da19ab19bdcb3356ed22c692dab516a8
Debian Security Advisory 3296-1
Posted Jun 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-2141
MD5 | 453ae21ea5cd8dd0d927d2967d2c5371
HP Security Bulletin HPSBPI03360 2
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03360 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 51dba08e3e7c9d04460c18720ff4cd1c
HP Security Bulletin HPSBPI03107 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | b374de59b2daf2912e6ff07c3ec3a972
HP Security Bulletin HPSBGN03362 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | 0a67598c67d86cbb659b552704703e06
HP Security Bulletin HPSBMU03267 3
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | 1d915b8324ef08916206b474bc901b91
HP Security Bulletin HPSBUX03359 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03359 1 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory.

tags | advisory, local
systems | hpux
advisories | CVE-2015-2126
MD5 | 70e9131a7cc33b5dbeb1660f27f46850
HP Security Bulletin HPSBGN03351 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-4000
MD5 | fecfd03520186267322244256b55056d
Huawei Home Gateway HG530 / HG520b Password Disclosure / Change
Posted Jun 29, 2015
Authored by Fady Mohamed Osman

Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.

tags | exploit
MD5 | 6d106f4154aa32cdc42b0ed65297b56e
CollabNet Subversion Edge Management Frontend Privilege Escalation
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.

tags | exploit, arbitrary
MD5 | 4eda3184e2653b0f46d537fb0c3ec862
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close