exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-02-18

Red Hat Security Advisory 2016-0266-01
Posted Feb 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0266-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-5295
MD5 | ae870acf9b88c96cc9fcb741ce263ed5
Ubuntu Security Notice USN-2895-1
Posted Feb 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2895-1 - The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1623, CVE-2016-1624
MD5 | 60eebd7e9305b397d2efbc1f785457bd
Red Hat Security Advisory 2016-0258-01
Posted Feb 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0258-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1930, CVE-2016-1935
MD5 | 78641ac0c61d8cac5f59f4d76556ecbf
CJExploiter 1.0.0
Posted Feb 18, 2016
Authored by Farzin

CJExploiter is a drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by clicking the "Exploit It" button you can see the proof of concept.

tags | tool, proof of concept
systems | unix
MD5 | 96e52b02022b5e8833c2248ad07b0b24
DirectAdmin 1.491 Cross Site Request Forgery
Posted Feb 18, 2016
Authored by Necmettin COSKUN

DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7818a9dda728bf8437d3ab341f34c03b
WeBid 1.1.2P2 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b7ce6c8ac29d6858e2d7389151ac3cff
webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | abe5bea61e0a53a1872d59135dbfdaa2
DOKEOS ce30 Authentication Bypass
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

DOKEOS version ce30 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d36eb7fe534b82f3ca33b170e128302b
TestLink 1.9.14 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cb7059801cdd028bd43dc678378e521b
Osclass 3.5.9 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b6aef944d48314eb29c41ba306d9a3cf
osCmax 2.5.4 Code Execution / CSRF / Local File Inclusion
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion, csrf
MD5 | 150a9ff03e73955d8c914edc983b598a
osCommerce 2.3.4 Local File Inclusion / Cross Site Request Forgery
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 1ed0b74d5301a7f57ce8995a27e77f9e
Comodo Internet Security VNC Server Exposure
Posted Feb 18, 2016
Authored by Tavis Ormandy, Google Security Research

Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.

tags | exploit
systems | linux
advisories | CVE-2014-7872
MD5 | bd59db8f62b6906ab04f6511b9585911
Umbraco SSRF / Cross Site Request Forgery / Cross Site Scripting
Posted Feb 18, 2016
Authored by Sandeep Kamble

Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | d89f97af46e00b5db144a690e5dc7532
Debian Security Advisory 3482-1
Posted Feb 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3482-1 - An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-0794, CVE-2016-0795
MD5 | 6256594fbbe6047708089604f06dd979
HPE Security Bulletin HPSBUX03437 SSRT110025 1
Posted Feb 18, 2016
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03437 SSRT110025 1 - A potential security vulnerability has been identified with HP-UX running HP-UX IPFilter. The vulnerability could be remotely exploited to cause a denial of service (DoS). Note: The vulnerability only exists when HP-UX IPFilter rules are configured for UDP protocol packets and the keep state option is used in that IPFilter rule. Revision 1 of this advisory.

tags | advisory, denial of service, udp, protocol
systems | hpux
advisories | CVE-2016-1987
MD5 | a0b952716736eae9deccebaba016327f
Apache Hive Authorization Bypass
Posted Feb 18, 2016
Authored by Sushanth Sowmyan

Apache Hive fails to perform a particular authorization check. Versions affected include 0.13.x, 0.14.x, 1.0.0 through 1.0.1, 1.1.0 through 1.1.1, and 1.2.0 through 1.2.1.

tags | advisory
advisories | CVE-2015-7521
MD5 | 6060276099caed23424dad09899b5f68
Vesta Control Panel 0.9.8-15 Cross Site Scripting
Posted Feb 18, 2016
Authored by Necmettin COSKUN

Vesta Control Panel versions 0.9.8-15 and below suffer from a persistent cross site scripting vulnerability via the user agent.

tags | exploit, xss
MD5 | 46a86f200b0629dfa2b96fe5ba70ffc1
Ebay Cross Site Scripting
Posted Feb 18, 2016
Authored by Alexander Korznikov

ebay.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f22325f70c0453829b7c51ea4c24031
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    2 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close