exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 475 RSS Feed

Files Date: 2014-05-01 to 2014-05-31

Zed Attack Proxy 2.3.1 Linux Release
Posted May 22, 2014
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

Changes: Bug fixes.
tags | tool, web, vulnerability
systems | linux, unix
SHA-256 | 89c9d3e50ff99273c1579e1abf9894e4d2d42ebfbcc35f57d5fc35a54be4a428
WordPress Conversion Ninja Cross Site Scripting
Posted May 22, 2014
Authored by Ashiyane Digital Security Team

WordPress Conversion Ninja plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 0bfb7dbc417cfd5c7380ab708fe11a4521d81a62380978265ae01c7fb6d10f8c
WordPress bib2html 0.9.3 Cross Site Scripting
Posted May 22, 2014
Authored by Ashiyane Digital Security Team

WordPress bib2html plugin version 0.9.3 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | a4eadb29a9ee0fe5cc72b51220221339d9488e699962c0abddc7b56cc660e24f
rcrypt 1.4
Posted May 22, 2014
Authored by rage | Site 0xrage.com

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.

Changes: Version 1.4 adds support for eof data.
tags | tool
systems | windows
SHA-256 | 23829d9b1462518ce5a905745304ab65132b7ff256f08771ac7d918e69d1d89c
CoSoSys Endpoint Protector 4 SQL Injection / Backdoor
Posted May 22, 2014
Authored by S. Viehbock | Site sec-consult.com

CoSoSys Endpoint Protector 4 suffers from remote SQL injection, unauthenticated access, information disclosure, and backdoor vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | ee59c852aa9ec9b54cfb17cac2c30abf6fbb5c230308e6bbdca47b9cb0f61f3e
Dotclear 2.6.2 SQL Injection
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3783
SHA-256 | 2067441f7e53b38ccded93a55914eb552ab0546ea50c16e0ae0faf9cda833960
Dotclear 2.6.2 Arbitrary File Upload
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-3782
SHA-256 | 31ef78e04a371a4e90bcaf14ef4a3350c0869ac317a39cdbeb7a37d65897f61e
Dotclear 2.6.2 Authentication Bypass
Posted May 22, 2014
Authored by EgiX | Site karmainsecurity.com

Dotclear versions 2.6.2 and below suffer from an XML-RPC interface authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2014-3781
SHA-256 | 0ba9c89e27c9ba118a254a769b3bfb910bbbcfd3ba96f87cd6f39126a26f52b7
Suricata IDPE 2.0.1
Posted May 22, 2014
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release adds TLS Heartbleed detection. It fixes the Unix socket runmode, fixes AF_PACKET IPS mode, and fixes various DNS handling issues. Many other issues were fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | 2e9b6c04e3affaf652ec6a25f56fbabe85ee3ff890d082b6c0a0f239338c22cf
XML Schema, DTD, And Entity Attacks
Posted May 22, 2014
Authored by Timothy D. Morgan | Site vsecurity.com

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.

tags | paper, vulnerability
SHA-256 | 8e82def158ebfbe41cc7595829128a612d02d271dadd2f1c5596bfb75b802a36
NULL Page Mitigations On Windows 8 x86
Posted May 22, 2014
Authored by Tavis Ormandy

This is a brief write up that discusses NULL page mitigations on Windows 8 and includes a piece of proof of concept code.

tags | exploit, proof of concept
systems | linux, windows
SHA-256 | a7d45dd13990e785f7ee6bbec647ae6693fc0348799ef70a34911098b0fb2da6
MIMEDefang Email Scanner 2.75
Posted May 22, 2014
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: There have been many cosmetic improvements to watch-multiple-mimedefangs.tcl. The "md_get_bogus_mx_hosts" function now checks A records if a domain has no MX records. A forward declaration of rebuild_entity was added to avoid warnings on recent Perl versions.
tags | tool
systems | windows, unix
SHA-256 | 7852da1039ed22bc8df4e43c3094ee8c6d6ba154479efd37b643d488a3c85a42
Binatone DT 850W Router Cross Site Request Forgery
Posted May 22, 2014
Authored by Samandeep Singh

Binatone DT 850W wireless router suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 8d9c3eeed475845a253f821c47a2ce2c767601f741f279d533f68fce54e765dc
Easy Address Book Web Server 1.6 Buffer Overflow
Posted May 22, 2014
Authored by superkojiman

Easy Address Book Web Server version 1.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, web, overflow
SHA-256 | eb3749421af48dd72ae5531d12a661999239e19e1c8b9971b9aeb7d94178bfa8
Easy File Management Web Server 5.3 Buffer Overflow
Posted May 22, 2014
Authored by superkojiman

Easy File Management Web Server version 5.3 suffers from a stack buffer overflow vulnerability.

tags | exploit, web, overflow
SHA-256 | 01960135cf899303cf1fae8be238f11e79604d56f7f20d97c009897fa7e524b9
Red Hat Security Advisory 2014-0527-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0527-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
SHA-256 | 9fb819c8451770487a087050ba776284f3144e50d3ec95a8c17a734b3130b477
Ubuntu Security Notice USN-2217-1
Posted May 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2217-1 - It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2014-3146
SHA-256 | 7117f75f37f74cb8144e237ee206d15a04b0be006cc53d7a29c7c0989a82f056
Ubuntu Security Notice USN-2215-1
Posted May 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2215-1 - It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3775
SHA-256 | 9ec14266dd00638ce01decec4aed62bb9860586fae5fadcfe49e9de5ab42c55a
Ubuntu Security Notice USN-2216-1
Posted May 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2216-1 - It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3775
SHA-256 | 61f14300a62299cd50efce5700362ece2d7b215429cb91d6d934e63d2287820f
Ubuntu Security Notice USN-2218-1
Posted May 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2218-1 - Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources.

tags | advisory, java, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0107
SHA-256 | 1323147313066b484ee5b52d71d153ee6004625cdbbfd1832e83c4fe24e53415
Red Hat Security Advisory 2014-0526-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0526-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
SHA-256 | c1e9ffa1b6b350b58747812efb219474e10395a552896a59069ce8b1d24f05fa
Red Hat Security Advisory 2014-0530-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0530-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2014-0233
SHA-256 | de34346940361343ae95ffefd8645ce90411e0a494e6ddc0b04b5f5c70f3a02f
Red Hat Security Advisory 2014-0529-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0529-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2014-0233
SHA-256 | 254a71155ea09c0d3018088efb69aeccb585bf706d95a39a5a4041737d3ddf9d
Red Hat Security Advisory 2014-0525-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0525-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050
SHA-256 | 37b4e3425277b7016817fdf155a03c83226e8297ca34a53c49d26f5266d14cda
Red Hat Security Advisory 2014-0528-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0528-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050
SHA-256 | 665c8003d5fa01b9594d0a03ae8df4ebc09edf6ea6f0254bba9dd07db6c66f80
Page 5 of 19
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close