exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2014-08-19 to 2014-08-20

Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting
Posted Aug 19, 2014
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-0232
SHA-256 | fc343b2e9b0b222af9ed2172c74986902a356c06c28a09a1384b4dbecc1d0f5e
RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass
Posted Aug 19, 2014
Site emc.com

RSA Archer GRC Platform 5.5 SP1 contains fixes for multiple security vulnerabilities such as privilege escalation, unauthorized access, cross site request forgery, inclusion of functionality, and embedded component issues.

tags | advisory, vulnerability, csrf
advisories | CVE-2014-0640, CVE-2014-0641, CVE-2014-2505, CVE-2014-2517
SHA-256 | c5cc67563b9eb44815aef96fb982b29d83d634418743e2ceb8f768330e9e1a6b
Maligno 1.2
Posted Aug 19, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Adversary replication profiles, web server error templates included, client migration to httplib, client obfuscation improvements, server configuration file simplified and migrated to XML, hex and bin encoding added, payload flexibility improvements, minor bug fixes.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 54cc82448620ff8fc47306299e2caad4c16257222f08c5ed03811709eb35c40b
BlazeDVD Pro 7.0 Buffer Overflow
Posted Aug 19, 2014
Authored by metacom

BlazeDVD Pro version 7.0 SEH buffer overflow exploit written in python.

tags | exploit, overflow, python
SHA-256 | 28f2e7fae50adf7f22550261f04d46dcf3240ae06a9b830d634a727ddd95e19e
Bulletproof FTP Client 2010 Buffer Overflow
Posted Aug 19, 2014
Authored by metacom

Bulletproof FTP Client 2010 SEH buffer overflow exploit written in python.

tags | exploit, overflow, python
SHA-256 | 7a8c67f6731b5fc356c9ed27d17abe620d1f8a25301d9d30352e7e5587ee33c3
EMC Documentum Code Execution / DQL Injection
Posted Aug 19, 2014
Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618
SHA-256 | 8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34
EMC Documentum D2 Privilege Escalation
Posted Aug 19, 2014
Site emc.com

EMC Documentum D2 contains a fix for a privilege escalation vulnerability that could be potentially exploited by malicious users to compromise the affected system. D2GetAdminTicketMethod and D2RefreshCacheMethod methods serve a superuser ticket to all requesting parties. A remote authenticated unprivileged user could potentially use these methods to request a superuser ticket and then use that ticket to escalate their privileges.

tags | advisory, remote
advisories | CVE-2014-2515
SHA-256 | eb13a7c78f8146524ad5f310c49180d47fd88c3516da4b3e65ccb5913327a113
Red Hat Security Advisory 2014-1076-01
Posted Aug 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1076-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0222, CVE-2014-0223
SHA-256 | 4a3e5a1d3b5d3126257f308d67fc12e3821112ab46c5863333fd74aa06917520
Red Hat Security Advisory 2014-1075-01
Posted Aug 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1075-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0222, CVE-2014-0223
SHA-256 | b35709ab7e9c9bdb86a3f0152027256f58d7211fa345248512524557c113b9bc
Melkor ELF Fuzzer 1.0
Posted Aug 19, 2014
Authored by nitr0us

Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.

tags | tool, fuzzer
systems | unix
SHA-256 | dd37ddae34290ee552fdb5daee71e308b3ff192171694e83af256441719509d2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close