exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2015-08-26

WordPress YouTube Embed 3.3.2 Cross Site Scripting
Posted Aug 26, 2015

WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6535
MD5 | b337a0d202939c3829cb9a4f4256ceea
HP Security Bulletin HPSBGN03411 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03411 1 - A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | d9d18d1ecd244ad0bbb5a7d6271006f0
HP Security Bulletin HPSBGN03405 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | 1b1f300abd5f9e471e7d5736c25d31ad
HP Security Bulletin HPSBGN03399 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | 39929a18ddcfaa311630199c238cd731
FreeBSD Security Advisory - IRET Handler Privilege Escalation
Posted Aug 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2015-5675
MD5 | d5d0c2195194e85821432831db9e3e56
FreeBSD Security Advisory - OpenSSH Issues
Posted Aug 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.

tags | advisory
systems | freebsd
MD5 | 560af56953e2f87247cba46c3c23c38c
nullcon se7en Call For Papers
Posted Aug 26, 2015
Site nullcon.net

nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 4th through the 5th, 2016.

tags | paper, conference
MD5 | 56cbf1c03b9dece978bcdbdc5ad1fce6
Debian Security Advisory 3343-1
Posted Aug 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3343-1 - James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.

tags | advisory, remote, php, code execution
systems | linux, debian
MD5 | 4acd12541803bfde3f9920969cd6b8a5
Ubuntu Security Notice USN-2722-1
Posted Aug 26, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2722-1 - Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4491
MD5 | b1e0411f4dea2f6c4c1852c6574969ec
HP Security Bulletin HPSBGN03415 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03415 1 - Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808
MD5 | af402e4206eae3444c62f0fca5be3122
HP Security Bulletin HPSBGN03414 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03414 1 - Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808
MD5 | 0a97fd59b2014180b135066397b3d997
ZSNES 1.51 Stack-Based Buffer Overflow
Posted Aug 26, 2015
Authored by Juan Sacco

ZSNES version 1.51 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 519f31c3eded4065ceee95fd7f22f2a1
Fwknop Port Knocking Utility 2.6.7
Posted Aug 26, 2015
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: When command execution is enabled with ENABLE_CMD_EXEC for an access.conf stanza, added support for running commands via sudo. Added --key-gen to fwknopd. Added a script from Jonathan Bennett at extras/console-qr/console-qr.sh to generate QR codes from fwknopd access.conf keys. Various other updates.
tags | tool, scanner, vulnerability
systems | unix
MD5 | fddca1a80a2fa4ffe79e9c6612242c0e
HP Security Bulletin HPSBMU03409 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2013-0248, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-3523, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8142, CVE-2014-8275, CVE-2014-9427, CVE-2014-9652, CVE-2014-9653, CVE-2014-9705, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-0285, CVE-2015-0286
MD5 | 803b9c7e2ca2ac7e0f7cdcd643e8585b
HP Security Bulletin HPSBGN03404 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | c8210517d713923eb32600885d6adea7
Ubuntu Security Notice USN-2712-1
Posted Aug 26, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2712-1 - Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491
MD5 | a651410c6d6f0358782ab01e65a1203b
Red Hat Security Advisory 2015-1682-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1682-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird .

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491
MD5 | dbfb02393bf0b08dc960b5aab304ba99
Red Hat Security Advisory 2015-1685-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1685-01 - Python-keystoneclient is a client library and a command-line utility for interacting with the OpenStack Identity API. It was discovered that some items in the S3Token configuration as used by python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option was set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: The "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2015-1852
MD5 | a6778f90539556cef89581a6bc165ce0
Red Hat Security Advisory 2015-1683-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1683-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5165
MD5 | 14a0ad282e71cf2546d6c68337d0e2bf
Red Hat Security Advisory 2015-1684-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1684-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-1856
MD5 | 5c6d77041039a15a1405b67046295c7c
HP Security Bulletin HPSBMU03397 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | 0d9bf4c34505c4e8f90c075c2409ec29
HP Security Bulletin HPSBMU03413 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03413 1 - Potential security vulnerabilities have been identified with HP Virtual Connect Enterprise Manager SDK. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-5432, CVE-2015-5433
MD5 | 1ca40323fe3beaf08902c8d5c86abdcd
HP Security Bulletin HPSBMU03396 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03396 1 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information, cross-site request forgery (CSRF), or elevation of privilege. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-5409, CVE-2015-5410, CVE-2015-5411, CVE-2015-5412, CVE-2015-5413
MD5 | 477da3c7a30a989603f2334d1889181b
Red Hat Security Advisory 2015-1686-01
Posted Aug 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1686-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store.

tags | advisory, web, denial of service, python
systems | linux, redhat
advisories | CVE-2015-5143
MD5 | 0a3ebb7921a57f07a35bdcd80b2f7814
WordPress Car Rental System SQL Injection
Posted Aug 26, 2015
Authored by Manish Tanwar

WordPress Car Rental System plugin versions prior to 3.1 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 28cd7b85021f62f10ac68a6a90830ea1
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close