exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-06-29

libpcap 1.7.4
Posted Jun 29, 2015
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

Changes: Included fix for GitHub issue #424.
tags | library
systems | unix
SHA-256 | 7ad3112187e88328b85e46dce7a9b949632af18ee74d97ffc3f2b41fe7f448b0
GetSimple CMS 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 214f9d30727be2c3b2b4aa78f18251e30e604ff0e311e01b438ee81349215f74
MODX Revolution 2.3.3-pl Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cc5594fe51b541c29a67c4f947fe79867dc8f20ce2d1a907d2968a07693ea31e
Fiyo CMS 2.0_1.9.1 SQL Injection
Posted Jun 29, 2015
Authored by cfreer

Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3934
SHA-256 | 88134155e61bdad17b0695015d75b1a5facc81ef1cec5a352d986ba9cfb5b831
Novius OS 5.0.1-elche XSS / LFI / Open Redirect
Posted Jun 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2015-5354, CVE-2015-5353
SHA-256 | f4fd9696fbbf3cb4bb30f39d3adbbe123d467ec115259459a177a9cf9bd7f1e9
CollabNet Subversion Edge Management downloadHook LFI
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603cc
CollabNet Subversion Edge Management Credential Leak
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.

tags | exploit, info disclosure
SHA-256 | 1d88ce5b1e015850cee7a266039f0317d57a1d11a0b2b10402aefdd630149ba1
Microsec e-Szigno / Netlock Mokka XML Signature Wrapping
Posted Jun 29, 2015
Authored by Imre Rad

Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.

tags | advisory
advisories | CVE-2015-3931, CVE-2015-3932
SHA-256 | 7c9175ecb67d017613e97ac84c7dc3741a8dc378d1f6b845cd5bdd140f7d842b
ESRS VE 3.0x Certificate Validation / Insufficient Randomness
Posted Jun 29, 2015
Site emc.com

Secure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.

tags | advisory, remote, spoof
advisories | CVE-2015-0543, CVE-2015-0544
SHA-256 | b38444a20c64e620d0b349751fad79209790fecff7eef46ff991d95560c7f125
Debian Security Advisory 3296-1
Posted Jun 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-2141
SHA-256 | 4707bd24eba3fb745274e22475d0cd9ef7b5c266fc91bff5bcd81208fc794025
HP Security Bulletin HPSBPI03360 2
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03360 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 0546341f2b42c53e897fdb598ca96db659cb38ad0fe2f87fc2fc3ac058009557
HP Security Bulletin HPSBPI03107 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 1eaf6201cf39811c6307c3830ebe77600364691f38ef3a3e6739b079b37a8f34
HP Security Bulletin HPSBGN03362 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 0a328b352df12a13de155069805b9c3849fd9539fffe07ce0faac4caa906a9cf
HP Security Bulletin HPSBMU03267 3
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 7ff5a108a31a43337d5de95d2e79246d6a7bcf81a0b5f4f464ee9d4de1c45e58
HP Security Bulletin HPSBUX03359 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03359 1 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory.

tags | advisory, local
systems | hpux
advisories | CVE-2015-2126
SHA-256 | 3bac40e3ac6cc630596a3687c3baac11a6f456c40c1edb26a503bcf36d021878
HP Security Bulletin HPSBGN03351 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-4000
SHA-256 | 46ca0e4ca7326b1e4d61eab6973ba780752a3ad6ca99d1c36f9123c65ac14560
Huawei Home Gateway HG530 / HG520b Password Disclosure / Change
Posted Jun 29, 2015
Authored by Fady Mohamed Osman

Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.

tags | exploit
SHA-256 | 34153720563cde72b885eab1bf23d3c0496dfd344433d5815451d5624f2154ec
CollabNet Subversion Edge Management Frontend Privilege Escalation
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.

tags | exploit, arbitrary
SHA-256 | 6367d80f85ed6df597af815bf79b0b9c35711023632a3e93c0eae53e289e7171
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close