what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-03-18 to 2014-03-19

McAfee Cloud SSO / Asset Manager Issues
Posted Mar 18, 2014
Authored by Brandon Perry

McAfee Cloud SSO is vulnerable to cross site scripting. McAfee Asset Manager version 6.6 is susceptible to a traversal that allows for arbitrary file read and remote SQL injection.

tags | exploit, remote, arbitrary, xss, sql injection, file inclusion
SHA-256 | 235fa0a455346bf78fc185e183a6d715c8696783a2e2e500e8bac0e9db5f3156
Red Hat Security Advisory 2014-0310-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0310-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.

tags | advisory, web, arbitrary, info disclosure
systems | linux, redhat
advisories | CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
SHA-256 | 38c9a08689793ed4fe17d61018e3aa8c675fa8d5b8dc57eae2c8e68f9abd7d0d
Red Hat Security Advisory 2014-0312-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2009-0689
SHA-256 | ed152ea19937dfd772c59ba8bdad4a73bae67c13b28bf59e21e0dec3e764f158
Red Hat Security Advisory 2014-0311-01
Posted Mar 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.

tags | advisory, remote, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2006-7243, CVE-2009-0689
SHA-256 | 2a64c8f53e6dc048bca206f2a449803fc371f77164f14a295802d4991566105c
Ubuntu Security Notice USN-2150-1
Posted Mar 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2150-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1493, CVE-2014-1494, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
SHA-256 | 9fd46be9a10b917dc455961f9ebfaefd537de7a30d8809e8ea6f33183e56470c
ShadowIRCd 6.3+ / Elemental-IRCd 6.5+ Out Of Bounds
Posted Mar 18, 2014
Authored by Sam Dodrill

A vulnerability has been discovered in Elemental-IRCd/ShadowIRCd all the way back to version 6.3. If a client does a SASL authentication before the server is ready for it, a race condition will be met and the ircd will segfault to an address out of bounds error. Demonstration exploit included.

tags | exploit
SHA-256 | 4501916be0db906cac09b9b45bff1dbbfb26c9183a28a1ff168f52adf5ceb358
VLC 2.1.3 Cross Site Scripting
Posted Mar 18, 2014
Authored by Pietro Minniti, Francisco Perna

The web interface for VLC version 2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | d4f9ce54a51d0d689fe5c695c1fece0859bbe08ffca2fd732d3918b7d5054ec8
BarracudaDrive 6.6 Cross Site Scripting
Posted Mar 18, 2014
Authored by Prabhu S Angadi | Site secpod.com

BarracudaDrive version 6.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9e9889ce63421a5123d2e2412d4c58b6d58a521e54123e508a9b2b6f5d249aed
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
Posted Mar 18, 2014
Authored by Martin Braun

Open-Xchange AppSuite versions 7.4.1 and 7.4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-2077
SHA-256 | fa92825ba91c0472654c533544c6b2eb942b65f4321430779dddde151bb3a5a1
ExSoul Browser 3.2.2 Remote Code Execution
Posted Mar 18, 2014
Authored by Keith Makan

ExSoul Browser version 3.2.2 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | fdf3bd0df3ea66b9e281fffe25c9e152f5c20c599e6d56fc5a375d9e32c8a578
Maligno 1.0
Posted Mar 18, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Bug fixes, simplified payload delivery method, client autogeneration, extended documentation.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 9a76b32967b2325f985c66790565d295d147840f3b9d6ca95d5850990a00cfef
Gold MP4 Player 3.3 Universal SEH Buffer Overflow
Posted Mar 18, 2014
Authored by Gabor Seljan, Revin Hadi S | Site metasploit.com

This Metasploit module exploits a buffer overflow in Gold MP4 Player version 3.3. When this application loads a specially crafted flash URL, a buffer overflow can occur that allows for arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | 3da8325ad16a545338d4432ea3ca98df98052bedd020b25d70f23015fcfd6ab8
Array Networks vxAG / xAPV Privilege Escalation
Posted Mar 18, 2014
Authored by xistence

Array Networks vxAG version 9.2.0.34 and vAPV version 8.3.2.17 appliances suffer from poor permissions, default and weak user credentials, and ssh key handling issues.

tags | exploit
SHA-256 | 424281c262881d13818d8b421e2b8079d01b94b35e76add57e3557344aa28c2f
Quantum vmPRO 3.1.2 Root Shell
Posted Mar 18, 2014
Authored by xistence

Quantum vmPRO versions 3.1.2 and below suffer from a remote shell backdoor command that lets anyone ssh in and escalate to root.

tags | exploit, remote, shell, root
SHA-256 | 86021585379df42396f7ae8a9afbc5718765133267144a1045108c43792f706f
1XTRA Browser 1.0 Remote Code Execution
Posted Mar 18, 2014
Authored by Keith Makan

XTRA Browser suffers from a remote code execution vulnerability stemming from insecure use of the addJavascriptInterface functionality. The vulnerability allows attackers to execute code through targeted browsing attacks to pages hosting malicious JavaScript or by loading up a malicious file into the affected application from the local storage.

tags | advisory, remote, local, javascript, code execution
SHA-256 | 2a98b20d83883200c6dd809b0710b1bd174a2d328fd9b4671132306164912b5d
nginx 1.4.0 64-bit Linux Remote Code Execution
Posted Mar 18, 2014
Authored by Sorbo

nginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).

tags | exploit, remote, code execution
systems | linux
advisories | CVE-2013-2028
SHA-256 | 8352b0f536d1d2db731dbea6ffe0990452b85c17e1de3830432937e8c4173ec3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close