exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-04-05

Sophos Cyberoam NG Series Cross Site Scripting
Posted Apr 5, 2016
Authored by LiquidWorm | Site zeroscience.mk

Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, xss
SHA-256 | 76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9
EMC Documentum D2 4.6 Configuration Object
Posted Apr 5, 2016
Site emc.com

EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform unauthorized updates on any D2 configuration object.

tags | advisory
advisories | CVE-2016-0888
SHA-256 | e75b30e6ca17c7c79757436ea8578d98713bfcf2f9474747642ed22891a2a893
Ubuntu Security Notice USN-2945-1
Posted Apr 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2945-1 - It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory
systems | linux, ubuntu
SHA-256 | dd6f4648c2718ace6da0c48f5654270405ee7be8fbef9a0febf2810c448d3304
Ubuntu Security Notice USN-2944-1
Posted Apr 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2944-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8541, CVE-2015-1872, CVE-2015-3395, CVE-2015-5479, CVE-2015-6818, CVE-2015-6820, CVE-2015-6824, CVE-2015-6826, CVE-2015-8364, CVE-2015-8365, CVE-2016-1897, CVE-2016-1898, CVE-2016-2326, CVE-2016-2330
SHA-256 | b720ac08b0266b887b424168df30f111dda29cc6d404e3fe4dc4554498731134
Optipng Invalid Write
Posted Apr 5, 2016
Authored by Hans Jerry Illikainen

An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes.

tags | advisory
advisories | CVE-2016-2191
SHA-256 | 1bd3364babf6e41d15227faa39e310e80239d98d93e06b8da20ca014c7705af3
Pulse 0.7.0 Final CSRF / Cross Site Scripting
Posted Apr 5, 2016
Authored by Piaox Xiong

Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ea8464956bfa6c42a33165b5b3aba39f84d4fac00ae1a4d00252f2abba47e365
MeshCMS 3.6 Remote Command Execution
Posted Apr 5, 2016
Authored by Piaox Xiong

MeshCMS version 3.6 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | da04f5d5f4b1209e8faff39fb9ec4d95d49dbf0019c36962d2b9433ead3184ac
Quanta LTE Router Code Execution / Backdoor Accounts
Posted Apr 5, 2016
Authored by Pierre Kim

Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.

tags | exploit, remote, denial of service, arbitrary, vulnerability, code execution
SHA-256 | 574a7a5333ba067e960ea26d54102349d8fe190084d3f24d869cdee6d409231f
Hexchat IRC Client 2.11.0 CAP LS Handling Buffer Overflow
Posted Apr 5, 2016
Authored by PizzaHatHacker

Hexchat IRC client version 2.11.0 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2016-2233
SHA-256 | b07b2b6db37675f941c07f3920bcced3c011698ca1f395c81b50c9da27d31a51
Hexchat IRC Client 2.11.0 Directory Traversal
Posted Apr 5, 2016
Authored by PizzaHatHacker

Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-2087
SHA-256 | d85c85fa9d30b29c7550b803c26acb4790dea434b0ea1c53012a436047bc51b1
ARRIS SURFboard 6141 Modem Denial Of Service
Posted Apr 5, 2016
Authored by David Longenecker

ARRIS SURFboard 6141 broadband cable modems suffer from a cross site request forgery vulnerability that allows an attacker to force a reboot.

tags | advisory, csrf
SHA-256 | 9919da43c3cb5ad16850859eff7c17f749d065dc0e9c43a20adad79eb378fda3
DotCMS 3.3 SQL Injection
Posted Apr 5, 2016
Authored by Piaox Xiong

DotCMS version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-3688
SHA-256 | faa63524a8d16e4af5a5bf5641da111cadd20a585bd8aee91ab2604c4c1d63e8
Cacti 0.8.8g SQL Injection
Posted Apr 5, 2016
Authored by Xiaotian Wang

Cacti versions 0.8.8g and below remote SQL injection exploit.

tags | exploit, remote, sql injection
advisories | CVE-2016-3659
SHA-256 | 694fb314b7fd9974acdf0ba7228bc6585d81d00e7d0e2d855c470dd4db4fe97c
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
Posted Apr 5, 2016
Authored by OrwellLabs | Site orwelllabs.com

PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | fe3ed62353addd89a40fbd3f085160b2cf16ac8091c7f26ac31a481f95b1c9bb
Tradukka.com Cross Site Scripting
Posted Apr 5, 2016
Authored by Francisco Javier Santiago Vazquez

Tradukka.com suffered from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 227aefd7dd2303ac6b8c1b12ff0f3df8af995ca725a860b372e2e8462b21d626
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
SHA-256 | 05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares
Posted Apr 5, 2016

This particular vulnerability makes it possible to force a Stratum Mining Pool to accept "invalid" shares by the thousands for each mining pool round. It is possible to make pure money from this vulnerability. The exploit is real but affects only a fraction of Stratum Mining Pools.

tags | exploit
SHA-256 | 98f38f195f99637fa5ba464c0ad0c782f7e5ed9d053eccf6a703a78f9c7c85a6
Suricata IDPE 3.0.1
Posted Apr 5, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Improved support for xbits/hostbits (in particular ip_pair) when running with multiple threads. Various other fixes and changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26
Page 1 of 1

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By