exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-02-18

Red Hat Security Advisory 2016-0266-01
Posted Feb 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0266-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-5295
MD5 | ae870acf9b88c96cc9fcb741ce263ed5
Ubuntu Security Notice USN-2895-1
Posted Feb 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2895-1 - The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1623, CVE-2016-1624
MD5 | 60eebd7e9305b397d2efbc1f785457bd
Red Hat Security Advisory 2016-0258-01
Posted Feb 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0258-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1930, CVE-2016-1935
MD5 | 78641ac0c61d8cac5f59f4d76556ecbf
CJExploiter 1.0.0
Posted Feb 18, 2016
Authored by Farzin

CJExploiter is a drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by clicking the "Exploit It" button you can see the proof of concept.

tags | tool, proof of concept
systems | unix
MD5 | 96e52b02022b5e8833c2248ad07b0b24
DirectAdmin 1.491 Cross Site Request Forgery
Posted Feb 18, 2016
Authored by Necmettin COSKUN

DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7818a9dda728bf8437d3ab341f34c03b
WeBid 1.1.2P2 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b7ce6c8ac29d6858e2d7389151ac3cff
webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | abe5bea61e0a53a1872d59135dbfdaa2
DOKEOS ce30 Authentication Bypass
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

DOKEOS version ce30 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d36eb7fe534b82f3ca33b170e128302b
TestLink 1.9.14 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cb7059801cdd028bd43dc678378e521b
Osclass 3.5.9 SQL Injection
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b6aef944d48314eb29c41ba306d9a3cf
osCmax 2.5.4 Code Execution / CSRF / Local File Inclusion
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion, csrf
MD5 | 150a9ff03e73955d8c914edc983b598a
osCommerce 2.3.4 Local File Inclusion / Cross Site Request Forgery
Posted Feb 18, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 1ed0b74d5301a7f57ce8995a27e77f9e
Comodo Internet Security VNC Server Exposure
Posted Feb 18, 2016
Authored by Tavis Ormandy, Google Security Research

Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.

tags | exploit
systems | linux
advisories | CVE-2014-7872
MD5 | bd59db8f62b6906ab04f6511b9585911
Umbraco SSRF / Cross Site Request Forgery / Cross Site Scripting
Posted Feb 18, 2016
Authored by Sandeep Kamble

Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | d89f97af46e00b5db144a690e5dc7532
Debian Security Advisory 3482-1
Posted Feb 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3482-1 - An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-0794, CVE-2016-0795
MD5 | 6256594fbbe6047708089604f06dd979
HPE Security Bulletin HPSBUX03437 SSRT110025 1
Posted Feb 18, 2016
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03437 SSRT110025 1 - A potential security vulnerability has been identified with HP-UX running HP-UX IPFilter. The vulnerability could be remotely exploited to cause a denial of service (DoS). Note: The vulnerability only exists when HP-UX IPFilter rules are configured for UDP protocol packets and the keep state option is used in that IPFilter rule. Revision 1 of this advisory.

tags | advisory, denial of service, udp, protocol
systems | hpux
advisories | CVE-2016-1987
MD5 | a0b952716736eae9deccebaba016327f
Apache Hive Authorization Bypass
Posted Feb 18, 2016
Authored by Sushanth Sowmyan

Apache Hive fails to perform a particular authorization check. Versions affected include 0.13.x, 0.14.x, 1.0.0 through 1.0.1, 1.1.0 through 1.1.1, and 1.2.0 through 1.2.1.

tags | advisory
advisories | CVE-2015-7521
MD5 | 6060276099caed23424dad09899b5f68
Vesta Control Panel 0.9.8-15 Cross Site Scripting
Posted Feb 18, 2016
Authored by Necmettin COSKUN

Vesta Control Panel versions 0.9.8-15 and below suffer from a persistent cross site scripting vulnerability via the user agent.

tags | exploit, xss
MD5 | 46a86f200b0629dfa2b96fe5ba70ffc1
Ebay Cross Site Scripting
Posted Feb 18, 2016
Authored by Alexander Korznikov

ebay.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f22325f70c0453829b7c51ea4c24031
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close