exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2015-12-07

sysPass 1.0.9 Insecure Direct Object Reference
Posted Dec 7, 2015
Authored by Daniele Salaris | Site syss.de

sysPass versions 1.0.9 and below allow for system backups to be downloaded by an external attacker.

tags | exploit
SHA-256 | 3f4f1197fb6b356561f3a5d4c13b670af0b0739a649d539b75953ebc8ae7b8d5
WordPress Poll Widget 1.0.7 SQL Injection
Posted Dec 7, 2015
Authored by WICS

WordPress Poll Widget plugin version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8cef17c3a45fb59b1baaff188889f9426f628927178c3eb55bcaa7d12636b139
Red Hat Security Advisory 2015-2560-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2560-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0250, CVE-2015-6748, CVE-2015-7501
SHA-256 | b31590bd5428473b82cac74a3e51a9ceeb6c65e056d08c5a155284cc088e7457
Red Hat Security Advisory 2015-2557-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2557-01 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.1 is a micro product release that updates Red Hat JBoss A-MQ 6.2.0, and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3253, CVE-2015-5181, CVE-2015-7501
SHA-256 | 28cad0dd0104739c3ad7b7dd395f265103b51b4d72b5188b28db0b5ee73e6f47
Red Hat Security Advisory 2015-2559-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2559-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0250, CVE-2015-6748, CVE-2015-7501
SHA-256 | 8e929ffd0869a3d98996e4284a5dff64f0935663f5489c95527f4db30aa478bd
Red Hat Security Advisory 2015-2556-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2556-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss Fuse 6.2.1 is a micro product release that updates Red Hat JBoss Fuse 6.2.0, and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3253, CVE-2015-5181, CVE-2015-7501
SHA-256 | b1396b19aadb57fd2a1b208aef3c84d9a22ce455c5fafafe4a08f679ba817a7b
Red Hat Security Advisory 2015-2558-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2558-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This release of Red Hat JBoss Fuse Service Works 6.2.1 serves as a replacement for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: A flaw was discovered that when an application uses Groovy and uses the standard Java serialization mechanism, an attacker can bake a special serialized object that executes code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0263, CVE-2015-0264, CVE-2015-3253
SHA-256 | 1f63b4efd1d1fc7ee6d8922bf1f514818f400e5a6fa74ef50cd2ef956ecb5966
Ubuntu Security Notice USN-2832-1
Posted Dec 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2832-1 - It was discovered that libsndfile incorrectly handled memory when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Joshua Rogers discovered that libsndfile incorrectly handled division when parsing malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9496, CVE-2014-9756, CVE-2015-7805
SHA-256 | 8b2c9916eb31485e1eae69a4db670a32eaa699f5ab89bf58a3b23c828cebd9ec
Edimax BR-6478AC Privilege Escalation
Posted Dec 7, 2015
Authored by Michael Winstead

There exists in the Edimax BR-6478AC (firmware version 2.15) small office, home office (SOHO) WiFi router a number of security flaws which allow an authenticated user to perform additional actions beyond what is permitted from the standard web interface at the highest privilege level. These security flaws may be exploited by a malicious actor in order to redirect critical personal internet traffic from its intended recipient to a location operated by said actor for nefarious purposes. Unfortunately, these flaws seem to have originated from a number of poor software development practices which are specifically addressed as the number one issue in the Open Web Application Security Project (OWASP) top web application security awareness document. By allowing these flaws to go unpatched, it places the customers of Edimax at a greater level of risk for safe and private internet use.

tags | advisory, web
SHA-256 | 3d71b2101a50050ebd91fc860cd110414d3e48c1a572c5f9f58919615dc47318
GEOVAP Reliance 4 Control Server Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
SHA-256 | ac148d35f351f1c159caa57c68553290699c2005cd34744205e1dd5f633435f6
iniNet SpiderControl SCADA Web Server Service 2.02 Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

SpiderControl SCADA Web Server Service suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' and 'Authenticated Users' group making the entire directory 'WWW' and its files and sub-dirs world-writable. Version 2.02.0000 is affected.

tags | exploit, web
SHA-256 | 02e5720b36528ac99e8271f42613ddf43f8b16d17912411545e772eee35e910f
iniNet SpiderControl PLC Editor Simatic 6.30.04 Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

SpiderControl PLC Editor Simatic suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, and 'C' flag (Change) for 'Authenticated Users' group making the entire directory 'PLCEditorSimatic_6300400' and its files and sub-dirs world-writable. Version 6.30.04 is affected.

tags | exploit
SHA-256 | bb9580a515d983f1c6a6cada9159924897125c12e46e40a3d242e11a1bfc1d2e
iniNet SpiderControl SCADA Editor 6.30.01 Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

iniNet SpiderControl SCADA Editor version 6.30.01 suffers from an insecure file permission vulnerability that can lead to privilege escalation.

tags | exploit
SHA-256 | f5a8eaf90b14310aa70398ca3cf3b63f72ec34a45eb723175e016bf2de427b31
Bluffing Network Scan Tools
Posted Dec 7, 2015
Authored by Emeric Nasi

Whitepaper called Bluffing Network Scan Tools - What You See May Not Be What You Get. This is a little paper to remind people that results from automatic tools are always interpretations of incoming data. Tools expect a certain behaviour from systems, and will make some assumptions. If you do not know this, you may be fooled by false positives or worse loose your valuable time.

tags | paper
SHA-256 | 5d150e80887b974f0f88fa3e467f154bc6418ef8b8d2e211081dd93297989286
Circutor PowerStudio SCADA 4.0.5 Privilege Escalation
Posted Dec 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Circutor PowerStudio SCADA version 4.0.5 suffers from an unquoted search path issue impacting the services 'CircutorPowerStudioScadaServer' and 'CircutorPowerStudioServer' for Windows deployed as part of PowerStudio Series. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
SHA-256 | 8a83a322c6a5db201a46c4771735b93a609d7fb9c7b9fdab9713bc4dcf1c646d
Red Hat Security Advisory 2015-2550-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2550-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317
SHA-256 | 1a8f2ff7ad12af8e16356c2f4f8ac69f49c003a715d9e5612e17b2ee9a0a16c0
Ubuntu Security Notice USN-2831-1
Posted Dec 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2831-1 - Michal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2015-8327
SHA-256 | 13fc9a5b7a351043ce247a20ce0df124cc06ec74262ddd5dc735be8d877cadc9
Ubuntu Security Notice USN-2831-2
Posted Dec 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2831-2 - Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2015-8327
SHA-256 | c7505bab251e5fe1f41a4e43073792ba3d27df28a6997befef75ff9cb5d7f178
Ubuntu Security Notice USN-2830-1
Posted Dec 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2830-1 - Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. Hanno B=C3=B6ck discovered that the OpenSSL Montgomery squaring procedure algorithm may produce incorrect results when being used on x86_64. A remote attacker could possibly use this issue to break encryption. This issue only applied to Ubuntu 15.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
SHA-256 | 761017edeff7bb2093ce7156fbf414bd65c92ad0dc41998bcfdcc88bf2e0d511
Red Hat Security Advisory 2015-2549-01
Posted Dec 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2549-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317
SHA-256 | 686603171c4674cb416e1dee251706e5f7377a18c9c047d8329f88ea05255153
Docebo LMS 4.0.3 Cross Site Scripting
Posted Dec 7, 2015
Authored by indoushka

Docebo LMS version 4.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2051abc7ed5d46c9c6bb827fb812f09c9ba961b28a4de57bfe2f6a22eaa4025e
DMarket 1.0 Remote PHP Code Injection
Posted Dec 7, 2015
Authored by indoushka

DMarket version 1.0 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | 5d5ecdeb84b7f814206a4385932249068e342d09a297bcb51226363cd73728bd
Deadlock 1.01 Arbitrary File Upload
Posted Dec 7, 2015
Authored by indoushka

Deadlock version 1.01 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 844a323491602be8e2218899884f5e9925d72809dda30b0471d974f30b72c316
EvolutionScript 5.0 SQL Injection / Cross Site Scripting
Posted Dec 7, 2015
Authored by indoushka

EvolutionScript version 5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | c5a59b8a7d547e7c6ffb6b56fa66103d03b9b1b4c7641daccd5e845822ad604b
ChromiumCart 0.8.1 Arbitrary File Upload
Posted Dec 7, 2015
Authored by indoushka

ChromiumCart version 0.8.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 431c9218e3df7991289aa9a65e8d34c7fcd38bbc2919c8030e205a17cd2b085f
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close