what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files Date: 2015-07-21

Packet Fence 5.3.0
Posted Jul 21, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Various fixes and updates.
tags | tool, remote
systems | unix
MD5 | bc45575979279a11eb0d600d5fe3b3cc
Ubuntu Security Notice USN-2674-1
Posted Jul 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2674-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772
MD5 | 0bd0887d7185c1b9d76514494767c7ab
Counter-Strike 1.6 GameInfo Query Reflection Denial Of Service
Posted Jul 21, 2015
Authored by Todor Donev

Counter-Strike version 1.6 GameInfo query reflection denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 80653c46a034cac11fedfb2e8469471f
Logstash 1.5.2 SSL/TLS FREAK
Posted Jul 21, 2015
Authored by Kevin Kluge, Accenture Security Team

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Logstash server.

tags | advisory
advisories | CVE-2015-5378
MD5 | f9c6b4f4813a1baeb082e3a6628ddd9f
Capstone 3.0.4
Posted Jul 21, 2015
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: Release 3.0.4 is a stable version with important fixes in the core and Python bindings.
tags | tool
systems | unix
MD5 | 203a3593552afd844b0d7da0f56d21d2
Joomla Helpdesk Pro XSS / File Disclosure / SQL Injection
Posted Jul 21, 2015
Authored by Gregor Mynarsky, Kristian Varnai, Simon Rawet

Joomla Helpdesk Pro versions prior to 1.4.0 suffers from cross site scripting, local file disclosure, remote file upload, remote SQL injection, and insecure direct object reference vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion, file upload
advisories | CVE-2015-4071, CVE-2015-4072, CVE-2015-4073, CVE-2015-4074, CVE-2015-4075
MD5 | 6d7a836f375efa881a6df1548d76e536
WordPress Portfolio 1.0 Cross Site Request Forgery
Posted Jul 21, 2015
Authored by Nitin Venkatesh

WordPress Portfolio plugin version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c088aed7911af7891aed49bcd4d45cbe
Axigen Cross Site Scripting
Posted Jul 21, 2015
Authored by Ioan Indreias

Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expose an Axigen WebMail Ajax user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.

tags | advisory, arbitrary, javascript, xss
advisories | CVE-2015-5379
MD5 | dbddf61e5cc73846d231e6e6916e73d7
HP Security Bulletin HPSBMU03380 1
Posted Jul 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03380 1 - Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289
MD5 | 232c27986c4a5f1ba05b2a3a34fba784
tcpdump rpki_rtr_pdu_print Out-Of-Bounds Denial Of Service
Posted Jul 21, 2015
Authored by Luke Arntson

tcpdump suffers from a rpki_rtr_pdu_print denial of service vulnerability. Versions affected include 4.6.2, 4.5.1, and 4.4.0.

tags | exploit, denial of service
advisories | CVE-2015-2153
MD5 | 0c839f706f16976bea45e9ffe36427be
Microsoft Word Local Machine Zone Remote Code Execution
Posted Jul 21, 2015
Authored by Eduardo Braun Prado

Microsoft Word, Excel, and Powerpoint 2007 contain a remote code execution vulnerability because it is possible to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary code execution. By persuading users into opening eg. specially crafted .WPS, ".doc ", ".RTF " (with a space at the end) it is possible to trigger the vulnerability and run arbitrary code in the context of the logged on Windows user. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, arbitrary, local, code execution
systems | windows
advisories | CVE-2015-0097
MD5 | e59aef6fcb1d5f48ddca084672ddfa46
Internet Download Manager OLE Automation Array Remote Code Execution
Posted Jul 21, 2015
Authored by Mohammad Reza Espargham

Internet Download Manager OLE automation array remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
MD5 | f8413e1ca27e572a76f781872c67a99f
Page 1 of 1

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By