exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-03-19 to 2014-03-20

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion
Posted Mar 19, 2014
Authored by Hossein Hezami

Ocportal version 9.0.11 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | faede0cb81d60b5fb5a2c35f3e6404feed4e7be0d91a5386bde2e9081d318e46
Red Hat Security Advisory 2014-0316-01
Posted Mar 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0316-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash.

tags | advisory, web, arbitrary, info disclosure
systems | linux, redhat
advisories | CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
SHA-256 | 99f2e830a0ca86b1ef8e7e99ebe9ab5a9e0c7677928998254e8f18529e4d035c
Debian Security Advisory 2881-1
Posted Mar 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2881-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service.

tags | advisory, web, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
SHA-256 | 2af27afd313c8f96d46798f7a9e1133896ee197d30cd669d6f67ec0e83790bc4
MP3Info 0.8.5 SEH Buffer Overflow
Posted Mar 19, 2014
Authored by Ayman Sagy

MP3Info version 0.8.5 SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2006-2465, OSVDB-30945
SHA-256 | 19cc5bebeb794842f80566bba46f2cf2647ae496c2446bf26fea9ff7422221e1
MeiuPic 2.1.2 Local File Inclusion
Posted Mar 19, 2014
Authored by Hossein Hezami

MeiuPic version 2.1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | e8d9c595312499121eac6c52f762299566ae3b6bc2838a48eae0d4375dc224ed
Chat2 Cross Site Scripting / SQL Injection
Posted Mar 19, 2014
Authored by Hossein Hezami

Chat2 suffers from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | f9bba0bfbcbb54ec3bb26fe3d9519eee24aaf05a80384de1ae7a878fe487af26
Bigace 2.7.5 LFI / XSS / SQL Injection
Posted Mar 19, 2014
Authored by Hossein Hezami

Bigace version 2.7.5 suffers from cross site scripting, local file inclusion, and remote blind SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 6563c4a382c4464440d2dde70009479e8fd3db7c9cecf167869d707212b06bd8
GuppY 4.6.26 XSS / CRLF Injection
Posted Mar 19, 2014
Authored by Hossein Hezami

GuppY version 4.6.26 suffers from cross site scripting and CRLF injection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0394a3aa71f089b16be69010836745f0a16a0c951974a25e3d45e1d35bf42bf7
SePortal 2.5 SQL Injection
Posted Mar 19, 2014
Authored by jsass

SePortal version 2.5 suffers from a remote SQL injection vulnerability in the sp_id variable of staticpages.php. This version has already had known SQL injection vulnerabilities noted in 2011.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | 8f4257a80f761be925bfdf6c5c86b1aa0a890871ff237d0be07eb7a35351f1e2
litepublisher 5.72 Cross Site Scripting
Posted Mar 19, 2014
Authored by Hossein Hezami

litepublisher version 5.72 suffers from a cross site scripting vulnerability due to embedding a vulnerable version of swfupload.swf.

tags | exploit, xss
SHA-256 | e1fecdf0b3a7d964162491358ce47cbfab6fd4578e9bf91ad55f835a67d690e1
ChatNess 2.5 Session Fixation
Posted Mar 19, 2014
Authored by Hossein Hezami

ChatNess version 2.5 suffers from a session fixation vulnerability.

tags | exploit
SHA-256 | 90034333e4051eadbc50b8da91b74577db4a06a0ef48059204bac89f9c916e30
Loadbalancer.org Enterprise VA SSH Private Key Exposure
Posted Mar 19, 2014
Authored by xistence | Site metasploit.com

Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

tags | exploit, remote, root
SHA-256 | 1d3d72cce85f2a6161145afa314bf22dc05277449623eed73522cb834e16903a
Secure rm 1.2.13
Posted Mar 19, 2014
Authored by Matthew Gauthier | Site srm.sourceforge.net

Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Changes: OS X resource fork removal was fixed.
tags | tool
systems | unix
SHA-256 | 4caa77fae4d047bf5dcc2b10c8ec1e389406d1a952675528f62ef30a410bedf7
Quantum vmPRO Backdoor Command
Posted Mar 19, 2014
Authored by xistence | Site metasploit.com

This Metasploit module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell.

tags | exploit, shell, root, bash
SHA-256 | bf8c7b893ced9c9f3bf296ad67951d4d007c88f1b2dea9ebce269ae5b6149708
NTP Spoofed "monlist query" Denial Of Service Proof Of Concept
Posted Mar 19, 2014
Authored by Mark Osborne

NTP_SPQUERY.C is a spoofed "monlist query" program which can generate packets like those used in reflected amplification NTP attacks that were common in early 2014. Written entirely in C, it requires no special libs or header files. It has been designed to run on most LINUXs.

tags | exploit, denial of service, spoof, proof of concept
SHA-256 | b2921a12ef46feaba746bf166e1ad786a8a6d84e3174834a115c9770328ac219
LACSEC 2014 Call For Presentations
Posted Mar 19, 2014
Site lacnic.net

LACSEC 2014 Call For Presentations - The 9th Network Security Event for Latin America and the Caribbean will be held in Cancun, Mexico May 4th through the 9th, 2014.

tags | paper, conference
SHA-256 | c7f55e5e669c6136ad5f522091758377e2b9ae6f050f19b7f8a6f40a5119b6c7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close