exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-03-18

XOOPS 2.5.7.2 Cross Site Request Forgery
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9
XOOPS 2.5.7.2 Directory Traversal
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".

tags | exploit
SHA-256 | 8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18
Solarwinds Dameware Mini Remote Code Execution
Posted Mar 18, 2016
Authored by b0yd

A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.

tags | advisory, remote, overflow
advisories | CVE-2016-2345
SHA-256 | 390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05b
XOOPS 2.5.7.2 Weak Crypto
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.

tags | advisory, crypto
SHA-256 | 5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
SHA-256 | 5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5
Grandstream Wave 1.0.1.26 Update Redirection
Posted Mar 18, 2016
Authored by Georg Lukas

The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package

tags | exploit
advisories | CVE-2016-1520
SHA-256 | c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447
Grandstream Wave 1.0.1.26 TLS Man-In-The-Middle
Posted Mar 18, 2016
Authored by Georg Lukas

Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.

tags | advisory, remote, web
advisories | CVE-2016-1518, CVE-2016-1519
SHA-256 | e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73
Ubuntu Security Notice USN-2935-3
Posted Mar 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-7041, CVE-2014-2583, CVE-2015-3238
SHA-256 | 3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473
Slackware Security Advisory - mozilla-firefox Updates
Posted Mar 18, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6
Debian Security Advisory 3519-1
Posted Mar 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8550, CVE-2015-8555, CVE-2016-1570, CVE-2016-1571, CVE-2016-2270, CVE-2016-2271
SHA-256 | 83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00c
BigTree 4.2.8 Object Injection / Improper Filename Sanitization
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

BigTree version 4.2.8 suffers from object injection and improper filename sanitization.

tags | exploit
SHA-256 | bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3
PivotX 2.3.11 Shell Upload
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109
PivotX 2.3.11 Directory Traversal
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5e
PivotX 2.3.11 Cross Site Scripting
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485
Zenphoto 1.4.11 Remote File Inclusion
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337a
OWASP AppSec USA 2016 Call For Papers
Posted Mar 18, 2016
Site 2016.appsecusa.org

OWASP is currently soliciting papers for the OWASP AppSec USA 2016 conference that will take place at the Renaissance in Washington, D.C. October 11th through the 14th, 2016.

tags | paper, conference
SHA-256 | ca028335421923ddd06f460662acd29726fc4ad07b6195f52fa8ee3b60b5cbcc
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close