what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-03-18

XOOPS Cross Site Request Forgery
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9
XOOPS Directory Traversal
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".

tags | exploit
SHA-256 | 8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18
Solarwinds Dameware Mini Remote Code Execution
Posted Mar 18, 2016
Authored by b0yd

A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.

tags | advisory, remote, overflow
advisories | CVE-2016-2345
SHA-256 | 390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05b
XOOPS Weak Crypto
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.

tags | advisory, cryptography
SHA-256 | 5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
SHA-256 | 5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5
Grandstream Wave Update Redirection
Posted Mar 18, 2016
Authored by Georg Lukas

The Grandstream Wave application version periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package

tags | exploit
advisories | CVE-2016-1520
SHA-256 | c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447
Grandstream Wave TLS Man-In-The-Middle
Posted Mar 18, 2016
Authored by Georg Lukas

Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.

tags | advisory, remote, web
advisories | CVE-2016-1518, CVE-2016-1519
SHA-256 | e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73
Ubuntu Security Notice USN-2935-3
Posted Mar 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-7041, CVE-2014-2583, CVE-2015-3238
SHA-256 | 3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473
Slackware Security Advisory - mozilla-firefox Updates
Posted Mar 18, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6
Debian Security Advisory 3519-1
Posted Mar 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8550, CVE-2015-8555, CVE-2016-1570, CVE-2016-1571, CVE-2016-2270, CVE-2016-2271
SHA-256 | 83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00c
BigTree 4.2.8 Object Injection / Improper Filename Sanitization
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

BigTree version 4.2.8 suffers from object injection and improper filename sanitization.

tags | exploit
SHA-256 | bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3
PivotX 2.3.11 Shell Upload
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109
PivotX 2.3.11 Directory Traversal
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5e
PivotX 2.3.11 Cross Site Scripting
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485
Zenphoto 1.4.11 Remote File Inclusion
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337a
OWASP AppSec USA 2016 Call For Papers
Posted Mar 18, 2016
Site 2016.appsecusa.org

OWASP is currently soliciting papers for the OWASP AppSec USA 2016 conference that will take place at the Renaissance in Washington, D.C. October 11th through the 14th, 2016.

tags | paper, conference
SHA-256 | ca028335421923ddd06f460662acd29726fc4ad07b6195f52fa8ee3b60b5cbcc
Page 1 of 1

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By