what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-04-05

Sophos Cyberoam NG Series Cross Site Scripting
Posted Apr 5, 2016
Authored by LiquidWorm | Site zeroscience.mk

Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, xss
MD5 | ad5333d418103da4353a469eec05bb13
EMC Documentum D2 4.6 Configuration Object
Posted Apr 5, 2016
Site emc.com

EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform unauthorized updates on any D2 configuration object.

tags | advisory
advisories | CVE-2016-0888
MD5 | d5ef346d5db8e49d3b491778d30fff8d
Ubuntu Security Notice USN-2945-1
Posted Apr 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2945-1 - It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory
systems | linux, ubuntu
MD5 | 3e0687125310e9b6a8bab68f11d96ecf
Ubuntu Security Notice USN-2944-1
Posted Apr 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2944-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8541, CVE-2015-1872, CVE-2015-3395, CVE-2015-5479, CVE-2015-6818, CVE-2015-6820, CVE-2015-6824, CVE-2015-6826, CVE-2015-8364, CVE-2015-8365, CVE-2016-1897, CVE-2016-1898, CVE-2016-2326, CVE-2016-2330
MD5 | 03843528b551df16da7b17bd54b118a6
Optipng Invalid Write
Posted Apr 5, 2016
Authored by Hans Jerry Illikainen

An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes.

tags | advisory
advisories | CVE-2016-2191
MD5 | 652a269ac45b0937a4f3a2dcadc3d8ab
Pulse 0.7.0 Final CSRF / Cross Site Scripting
Posted Apr 5, 2016
Authored by Piaox Xiong

Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 478d4cc4f6e9c358a01b5c419f2249b5
MeshCMS 3.6 Remote Command Execution
Posted Apr 5, 2016
Authored by Piaox Xiong

MeshCMS version 3.6 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | f8c6c7f05e0a2378f8708609cdc28884
Quanta LTE Router Code Execution / Backdoor Accounts
Posted Apr 5, 2016
Authored by Pierre Kim

Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.

tags | exploit, remote, denial of service, arbitrary, vulnerability, code execution
MD5 | af3f20b956c147737af1e201febb9559
Hexchat IRC Client 2.11.0 CAP LS Handling Buffer Overflow
Posted Apr 5, 2016
Authored by PizzaHatHacker

Hexchat IRC client version 2.11.0 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2016-2233
MD5 | 1fcd8b74487e9c6c9548b10d474e92f4
Hexchat IRC Client 2.11.0 Directory Traversal
Posted Apr 5, 2016
Authored by PizzaHatHacker

Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-2087
MD5 | b279d58b947f184c303594be3d35e0e9
ARRIS SURFboard 6141 Modem Denial Of Service
Posted Apr 5, 2016
Authored by David Longenecker

ARRIS SURFboard 6141 broadband cable modems suffer from a cross site request forgery vulnerability that allows an attacker to force a reboot.

tags | advisory, csrf
MD5 | 41e06da698d6ea142cc66aa52be28084
DotCMS 3.3 SQL Injection
Posted Apr 5, 2016
Authored by Piaox Xiong

DotCMS version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-3688
MD5 | eaaa2739b996a9e27f8c6db9fa1437c0
Cacti 0.8.8g SQL Injection
Posted Apr 5, 2016
Authored by Xiaotian Wang

Cacti versions 0.8.8g and below remote SQL injection exploit.

tags | exploit, remote, sql injection
advisories | CVE-2016-3659
MD5 | 819ef3ca9e6d150e04369787beb730e7
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
Posted Apr 5, 2016
Authored by OrwellLabs | Site orwelllabs.com

PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 8c77724b9ebb3ec7d750cea85b810753
Tradukka.com Cross Site Scripting
Posted Apr 5, 2016
Authored by Francisco Javier Santiago Vazquez

Tradukka.com suffered from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 055a58e90404dfee97357cfe82351baa
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
MD5 | ed2de4cdbbff3d22aad9553050f8325b
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares
Posted Apr 5, 2016

This particular vulnerability makes it possible to force a Stratum Mining Pool to accept "invalid" shares by the thousands for each mining pool round. It is possible to make pure money from this vulnerability. The exploit is real but affects only a fraction of Stratum Mining Pools.

tags | exploit
MD5 | 22d3e5bf0714b0b8e037783686e00b6c
Suricata IDPE 3.0.1
Posted Apr 5, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Improved support for xbits/hostbits (in particular ip_pair) when running with multiple threads. Various other fixes and changes.
tags | tool, intrusion detection
systems | unix
MD5 | c5c8e5846b54546257954f3c759d9675
Page 1 of 1

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By