what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-04-05

Sophos Cyberoam NG Series Cross Site Scripting
Posted Apr 5, 2016
Authored by LiquidWorm | Site zeroscience.mk

Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, xss
SHA-256 | 76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9
EMC Documentum D2 4.6 Configuration Object
Posted Apr 5, 2016
Site emc.com

EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform unauthorized updates on any D2 configuration object.

tags | advisory
advisories | CVE-2016-0888
SHA-256 | e75b30e6ca17c7c79757436ea8578d98713bfcf2f9474747642ed22891a2a893
Ubuntu Security Notice USN-2945-1
Posted Apr 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2945-1 - It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory
systems | linux, ubuntu
SHA-256 | dd6f4648c2718ace6da0c48f5654270405ee7be8fbef9a0febf2810c448d3304
Ubuntu Security Notice USN-2944-1
Posted Apr 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2944-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8541, CVE-2015-1872, CVE-2015-3395, CVE-2015-5479, CVE-2015-6818, CVE-2015-6820, CVE-2015-6824, CVE-2015-6826, CVE-2015-8364, CVE-2015-8365, CVE-2016-1897, CVE-2016-1898, CVE-2016-2326, CVE-2016-2330
SHA-256 | b720ac08b0266b887b424168df30f111dda29cc6d404e3fe4dc4554498731134
Optipng Invalid Write
Posted Apr 5, 2016
Authored by Hans Jerry Illikainen

An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes.

tags | advisory
advisories | CVE-2016-2191
SHA-256 | 1bd3364babf6e41d15227faa39e310e80239d98d93e06b8da20ca014c7705af3
Pulse 0.7.0 Final CSRF / Cross Site Scripting
Posted Apr 5, 2016
Authored by Piaox Xiong

Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ea8464956bfa6c42a33165b5b3aba39f84d4fac00ae1a4d00252f2abba47e365
MeshCMS 3.6 Remote Command Execution
Posted Apr 5, 2016
Authored by Piaox Xiong

MeshCMS version 3.6 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | da04f5d5f4b1209e8faff39fb9ec4d95d49dbf0019c36962d2b9433ead3184ac
Quanta LTE Router Code Execution / Backdoor Accounts
Posted Apr 5, 2016
Authored by Pierre Kim

Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.

tags | exploit, remote, denial of service, arbitrary, vulnerability, code execution
SHA-256 | 574a7a5333ba067e960ea26d54102349d8fe190084d3f24d869cdee6d409231f
Hexchat IRC Client 2.11.0 CAP LS Handling Buffer Overflow
Posted Apr 5, 2016
Authored by PizzaHatHacker

Hexchat IRC client version 2.11.0 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2016-2233
SHA-256 | b07b2b6db37675f941c07f3920bcced3c011698ca1f395c81b50c9da27d31a51
Hexchat IRC Client 2.11.0 Directory Traversal
Posted Apr 5, 2016
Authored by PizzaHatHacker

Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-2087
SHA-256 | d85c85fa9d30b29c7550b803c26acb4790dea434b0ea1c53012a436047bc51b1
ARRIS SURFboard 6141 Modem Denial Of Service
Posted Apr 5, 2016
Authored by David Longenecker

ARRIS SURFboard 6141 broadband cable modems suffer from a cross site request forgery vulnerability that allows an attacker to force a reboot.

tags | advisory, csrf
SHA-256 | 9919da43c3cb5ad16850859eff7c17f749d065dc0e9c43a20adad79eb378fda3
DotCMS 3.3 SQL Injection
Posted Apr 5, 2016
Authored by Piaox Xiong

DotCMS version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-3688
SHA-256 | faa63524a8d16e4af5a5bf5641da111cadd20a585bd8aee91ab2604c4c1d63e8
Cacti 0.8.8g SQL Injection
Posted Apr 5, 2016
Authored by Xiaotian Wang

Cacti versions 0.8.8g and below remote SQL injection exploit.

tags | exploit, remote, sql injection
advisories | CVE-2016-3659
SHA-256 | 694fb314b7fd9974acdf0ba7228bc6585d81d00e7d0e2d855c470dd4db4fe97c
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
Posted Apr 5, 2016
Authored by OrwellLabs | Site orwelllabs.com

PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | fe3ed62353addd89a40fbd3f085160b2cf16ac8091c7f26ac31a481f95b1c9bb
Tradukka.com Cross Site Scripting
Posted Apr 5, 2016
Authored by Francisco Javier Santiago Vazquez

Tradukka.com suffered from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 227aefd7dd2303ac6b8c1b12ff0f3df8af995ca725a860b372e2e8462b21d626
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
SHA-256 | 05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares
Posted Apr 5, 2016

This particular vulnerability makes it possible to force a Stratum Mining Pool to accept "invalid" shares by the thousands for each mining pool round. It is possible to make pure money from this vulnerability. The exploit is real but affects only a fraction of Stratum Mining Pools.

tags | exploit
SHA-256 | 98f38f195f99637fa5ba464c0ad0c782f7e5ed9d053eccf6a703a78f9c7c85a6
Suricata IDPE 3.0.1
Posted Apr 5, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Improved support for xbits/hostbits (in particular ip_pair) when running with multiple threads. Various other fixes and changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close