exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-08-12

SAP Mobile Platform DataVault Predictable Encryption Password
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault has a special mechanism to generate a default set of credentials if no password/salt is supplied during the creation of the secure storage. In this mode of operation the password/salt is derived from a combination of fixed values and the VaultID belonging to the secure storage.

tags | advisory
SHA-256 | 32913d9c0e2b94e7527b9505f766bc7240c4bd0dc83949976a4b1580dfab6d6d
SAP Mobile Platform DataVault Predictable Passwords
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault uses a special password derived from well-known values to encrypt some configuration values like the count of invalid attempts to unlock a secure store. This password is a composition of a value which is available in plaintext form inside the secure store container, and a fixed value. Also, the salt used is fixed. Both values are statically defined by the SAP DataVault implementation, and do not depend neither on the installation nor on the usage of the DataVault.

tags | advisory
SHA-256 | ca2a1ef0f9df48466ca59b88143c1cb70baf5e0e78eae224f7995bf13e67bc92
SAP Mobile Platform DataVault Keystream Recovery
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. Due to an incorrect implementation of the cryptographic algorithms and parameters, it is possible to recover the keystream for the encrypted data. As a result, it is possible to recover part of the plaintext corresponding to an encrypted piece of data thus reverting the encryption process of some values inside the DataVault without needing the original secret key. Furthermore, due to the lack of cryptographic integrity mechanisms in the SAP DataVault an attacker recovering this keystream has the possibility of re-encrypting (or modifying in practical terms) with some limitations, some values previously encrypted inside the DataVault.

tags | advisory
SHA-256 | cd43a3f66a460ba3e471e6f03fe9bed24f562a9b22ab386dc9a02fc1929d34f9
Microsoft Internet Explorer CTreeNode::GetCascadedLang Use-After-Free
Posted Aug 12, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

Microsoft Internet Explorer 11 is prone to a use-after-free vulnerability in the MSHTML!CTreeNode::GetCascadedLang function. The following analysis was performed on Internet Explorer 11 on Windows 8.1 (x64). If an attacker succeeds in bypassing the Memory Protector and Isolated Heap protection mechanisms this vulnerability allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-2444
SHA-256 | 1ab54ed16c416f2c380415334ef8a0ac58296c12aa60e0f295c012e60b25b90f
PHPfileNavigator 2.3.3 Cross Site Scripting
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHPfileNavigator version 2.3.3 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5815874170b9516cf4e62d32e0afe351829e48d087c53f68f365c101940d6a1e
Coppermine Photo Gallery 1.5.36 Cross Site Scripting
Posted Aug 12, 2015
Authored by Ehsan Hosseini

Coppermine Photo Gallery version 1.5.36 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 54a48675fed618344a21a3a602ef9a002f64e968254114fa766dc30ccc060d72
BizIdea Design CMS 2015Q3 SQL Injection
Posted Aug 12, 2015
Authored by Vulnerability Laboratory, Wild Soldier | Site vulnerability-lab.com

BizIdea Design CMS 2015Q3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d8bc3410d7997463debfbb7a631c529e4a9860d70990584a02c0c606e4c30e5c
PHPfileNavigator 2.3.3 Cross Site Request Forgery
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHPfileNavigator version 2.3.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 824a9b21eb92e3ce50c103b58fc5f91b41856de38ba02f89f03740393a2ec917
phpipam 1.1.010 Cross Site Scripting
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

phpipam version 1.1.010 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6529
SHA-256 | 0ac3e3f76fe4e80bb29992153be26016c28cb47b36e189a2da4302be49184732
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
Posted Aug 12, 2015
Authored by Ramon de C Valle | Site metasploit.com

This Metasploit module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS session with the client. This plaintext SSL/TLS session is then proxied to the server using a second SSL/TLS session from the proxy to the server (or an alternate fake server) allowing the session to continue normally and plaintext application data transmitted between the peers to be saved. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, java
advisories | CVE-2014-6593
SHA-256 | 22a68679289289a147b9ebdb5f0ea0fe01da2e11c5941c4f87b8111257d42ea5
WiFi Pineapple Predictable CSRF Token
Posted Aug 12, 2015
Authored by catatonicprime

WiFi Pineapples with firmware versions 2.3.0 and below suffer from using a predictable cross site request forgery token.

tags | exploit, csrf
advisories | CVE-2015-4624
SHA-256 | d28d69f0685d472bf2f32a107ab1c86929af0af281983fb44aed43ba9dda6a3d
Thomson Reuters FATCA Local File Inclusion
Posted Aug 12, 2015
Authored by Jakub Palaczynski

Thomson Reuters FATCA versions below 5.2 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-5952
SHA-256 | 6231d7b2832f5bc3406aa4e011ca416b6b92a2d444f6499aa1e7c831611cba6f
Debian Security Advisory 3332-1
Posted Aug 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3332-1 - Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-2213, CVE-2015-5622, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732, CVE-2015-5734
SHA-256 | 6d5a19211864c9c93e85d89e3fb384d351998dc0b6d449d78e47e7c509626838
Debian Security Advisory 3333-1
Posted Aug 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3333-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-4473, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4484, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492, CVE-2015-4493
SHA-256 | 1914d9021425e5a81517041f84f4d799a523f07f26b6ba049890663d5686fc9b
Red Hat Security Advisory 2015-1604-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1604-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 7c6c5c7a3ee00a76bfdd63d54c49691b252e690306bacc92fa688726f97e566f
Debian Security Advisory 3334-1
Posted Aug 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3334-1 - Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
SHA-256 | 5d813d575e9bf5135e8fef0639708202974c1db43743e556ddf90160df0688eb
Red Hat Security Advisory 2015-1603-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1603-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560
SHA-256 | 5326dc2279cf8b5e1ca0ec7aba396f0ecf664faba08017576f9107e2de5026db
Red Hat Security Advisory 2015-1592-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1592-01 - It was discovered that, in Foreman, the edit_users permission (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permission could use this flaw to access an admin user account, leading to an escalation of privileges. It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie. Various other issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235
SHA-256 | cdf608cfa24fc22871609d6f9df93cee67aa4d00fbeb3d9416c2eab226a6977d
Red Hat Security Advisory 2015-1591-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1591-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating environments. This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7. It was discovered that in Foreman the edit_users permissions allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235
SHA-256 | d641fc01d148890ec2b254ae48c610e9aeb533b6def3d3db37be60887824569f
PHPfileNavigator 2.3.3 Privilege Escalation
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHPfileNavigator version 2.3.3 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 17d63ec8d8527a986b92332095cb51924b9fff66ff354e11ec1f8917580d96a6
Linux x86 /bin/sh ROL/ROR Encoded Shellcode
Posted Aug 12, 2015
Authored by Anastasios Monachos

Custom Linux/x86 shellcode encoder/decoder that switches between ROL and ROR and spawns a /bin/sh shell using execve.

tags | shell, x86, shellcode
systems | linux
SHA-256 | f750d9d5724990b37f5c69dafcca7b214a405a569bf14bf2fefb63f2833e02d7
WordPress OAuth2 Complete 3.1.3 Insecure Random
Posted Aug 12, 2015
Authored by Tom Adams

OAuth Complete for WordPress version 3.1.3 uses a pseudorandom number generator which is non-cryptographically secure.

tags | advisory
SHA-256 | ccfcafdacba8b2d81d2bd3c376141e4d320efff33fafc4ebcfbea1b96d247dc9
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close