what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2015-11-09

SAP HANA SQL Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2015-7994
MD5 | 87c6ab0d16d32f13512459ca2eab53b2
SAP HANA HTTP Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, web, denial of service, arbitrary
advisories | CVE-2015-7993
MD5 | bb998eaaeca8875d2a710e5f16aa6bba
WordPress Ajax Load More PHP Upload
Posted Nov 9, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
MD5 | 3ccb8b1da98de9f443c1c6e265a148eb
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote
advisories | CVE-2015-7992
MD5 | e79efb7a313fea4cc3ab554c5cafc302
SAP HANA Remote Trace Disclosure
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

Due to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.

tags | advisory, remote
advisories | CVE-2015-7991
MD5 | 20418d4337d05109892d3a3ffa53a6ae
Ubuntu Security Notice USN-2788-2
Posted Nov 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2788-2 - USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-7696, CVE-2015-7697
MD5 | 95c2ea13b4b16656c461c7e52be433b1
SAP HANA TrexNet Command Execution
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

Using the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.

tags | advisory, remote, arbitrary, protocol, python
advisories | CVE-2015-7828
MD5 | 2bd2e126c0c597ab90ac3829e6b06ded
TestLink 1.9.14 Cross Site Request Forgery
Posted Nov 9, 2015
Authored by Aravind C Ajayan, Balagopal N

TestLink version 1.9.14 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 747c110b1951cc64b621f74302224921
TestLink 1.9.14 Cross Site Scripting
Posted Nov 9, 2015
Authored by Aravind C Ajayan, Boney S Kalarickal

TestLink version 1.9.14 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8ee9ba354ed980afb54167014f6db4ed
Google AdWords API PHP Client Library 6.2.0 XXE Injection
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability.

tags | exploit, php, xxe
MD5 | bcaf052025f820d0e5bbdc884390bd16
Google AdWords API PHP Client Library 6.2.0 Code Execution
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an arbitrary PHP code execution vulnerability.

tags | exploit, arbitrary, php, code execution
MD5 | 7dcda7270d54bed93974eace12678dfa
FreeType 2.6.1 TrueType Parsing Heap-Based Out Of Bounds Read
Posted Nov 9, 2015
Authored by Google Security Research, mjurczyk

A heap-based out-of-bounds memory read has been encountered in FreeType. It has been reproduced with the current version of freetype2 from master git branch, with a 64-bit build of the ftbench utility compiled with AddressSanitizer. Three proof of concepts are included.

tags | exploit, proof of concept
systems | linux
MD5 | bd57d35619a54a475bd054970de2edf3
BloomCON Call For Papers
Posted Nov 9, 2015
Authored by Philip Polstra

The first BloomCON Forensics and Security conference will be held February 5th through the 6th, 2016 in Bloomsburg, PA, USA. The Call For Papers has been announced.

tags | paper, conference
MD5 | adee941b9a5bfde02b7079fec9202c71
Debian Security Advisory 3394-1
Posted Nov 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3394-1 - Multiple vulnerabilities have been discovered in LibreOffice, a full-featured office productivity.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214
MD5 | a90c78d53d0eff408533ce08d255fbda
Debian Security Advisory 3395-1
Posted Nov 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3395-1 - Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-2695, CVE-2015-2696, CVE-2015-2697
MD5 | 4873c5b2b9d78f4a9965a8fcc8da2df9
Slackware Security Advisory - mozilla-firefox Updates
Posted Nov 9, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | bc31122bd51b4c2ee2a3648fdb1b52ca
Slackware Security Advisory - mozilla-nss Updates
Posted Nov 9, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-7181, CVE-2015-7182, CVE-2015-7183
MD5 | 65c015d423283360f26d59b28192e816
NXFilter 3.0.3 Cross Site Scripting
Posted Nov 9, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NXFilter version 3.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b2988034e09d46cac255dcd9d5f4e03d
NXFilter 3.0.3 Cross Site Request Forgery
Posted Nov 9, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NXFilter version 3.0.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | dc3020116d4e90df39935a8156debb45
Apache ActiveMQ 5.10.1 Denial Of Service
Posted Nov 9, 2015
Site activemq.apache.org

It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, the attack will be possible. Apache ActiveMQ versions 5.0.0 through 5.10.1 are affected.

tags | advisory, denial of service
advisories | CVE-2014-3576
MD5 | 38f30b1ad522bdd89d526c0bc761b0ad
Arris TG1682G Modem Cross Site Scripting
Posted Nov 9, 2015
Authored by Nu11By73

Arris TG1682G modem suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 78fd99a289bc3c2d93d0b0e460ebb7e9
SolarWinds LEM 6.1.0 Remote Command Execution
Posted Nov 9, 2015
Authored by Chris Graham

Solarwinds Log and Event Manager version 6.1.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | linux
MD5 | 18783d3efcc5db12081cb4276e3cd97d
TheHostingTool 1.2.6 Cross Site Scripting
Posted Nov 9, 2015
Authored by Tim Coen | Site curesec.com

TheHostingTool version 1.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 64e5057719c99562101bdae964b024a2
TheHostingTool 1.2.6 SQL Injection
Posted Nov 9, 2015
Authored by Tim Coen | Site curesec.com

TheHostingTool version 1.2.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 38807c252ea6ca3f4e07b845d917f167
TheHostingTool 1.2.6 Code Execution
Posted Nov 9, 2015
Authored by Tim Coen | Site curesec.com

TheHostingTool version 1.2.6 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 5f3681f9fa86175c1aaa94f19720ebe9
Page 1 of 2
Back12Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close