exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2014-08-22 to 2014-08-23

OpenOffice Targeted Data Exposure Using Crafted OLE Objects
Posted Aug 22, 2014

OpenOffice suffers from a targeted data exposure vulnerability that can be performed using crafted OLE objects. Apache OpenOffice versions 4.1.0 and older on Windows and OpenOffice versions may be affected.

tags | advisory
systems | windows
advisories | CVE-2014-3575
SHA-256 | 10f659f2eaf7982f9213c965e5ff1425f2181c74d43d89553fc3a5d81570745c
Innovaphone PBX Cross Site Request Forgery
Posted Aug 22, 2014
Authored by Rainer Giedat

Innovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface.

tags | exploit, vulnerability, csrf
advisories | CVE-2014-5335
SHA-256 | 2c0df44e0bd7ea867e3d05730352bfb283978ace1116d35dc39ded95dd584dec
Fatt Free CRM Cross Site Scripting
Posted Aug 22, 2014
Authored by Provensec

Fatt Free CRM suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 075c9364c40e51879675adf412d10c0e60eaba645367a9036c80e3b0415405c3
HP Security Bulletin HPSBST03098
Posted Aug 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03098 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running OpenSSL. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 6b12926594ba8f7c8d70b5d90a9ce15f32ac8dc1659bf4d15b061fb5f94c66a3
OpenOffice 4.1.0 Calc Command Injection
Posted Aug 22, 2014
Authored by James Kettle, Rohan Durve

Apache OpenOffice versions 4.1.0 and below on Windows suffers from a command injection vulnerability when loading calc spreadsheets. OpenOffice.org versions may also be affected.

tags | advisory
systems | windows
advisories | CVE-2014-3524
SHA-256 | 86a77c478eecf9bc2d12a53ac552a95f0f16445270b7fd1fc0bc882821dbcac6
IPv6 Extension Headers In The Real World
Posted Aug 22, 2014
Authored by Fernando Gont

This is a draft of IPv6 Extension Headers in the Real World. IPv6 Extension Headers allow for the extension of the IPv6 protocol, and provide support for some core functionality such as IPv6 fragmentation. However, IPv6 Extension Headers are deemed to present a challenge to IPv6 implementations and networks, and are known to be intentionally filtered in some existing IPv6 deployments. This summarizes the issues associated with IPv6 extension headers, and presents real-world data regarding the extent to which packets with IPv6 extension headers are filtered in the public Internet, and where in the network such filtering occurs. Additionally, it provides some guidance to operators in troubleshooting IPv6 blackholes resulting from the use of IPv6 extension headers. Finally, this document provides some advice to protocol designers, and discusses areas where further work might be needed.

tags | paper, protocol
SHA-256 | 4f100808cfb77d0cea54d4c5b190d179c17b9bd141d9d61bb6013c9766d28960
ManageEngine Password Manager MetadataServlet.dat SQL Injection
Posted Aug 22, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.

tags | exploit, remote, web, root, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-3996
SHA-256 | 2303a20c633607820360bf175e8ddcfcf3d6b6b09c0f821b088c81147d0f9348
Debian Security Advisory 3009-1
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3009-1 - Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2014-3589
SHA-256 | e43894f4abd1d3c313b7872270168b4c04b61d3f2bc1d935f7e2d7b89f1395f0
Debian Security Advisory 3008-2
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-2 - This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced.

tags | advisory
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
SHA-256 | f4adb38398d8f31b4ca819dc326b884e46dbfc8381b62be571d21fceb9b1f9c6
MyBB 1.6.15 Cross Site Request Forgery
Posted Aug 22, 2014
Authored by Vagineer

MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 1d3cbd754819ecc59f45d3c06619581f1198302e0b64245967e18910a34dda88
CMS Agencija O2 Cross Site Scripting / SQL Injection
Posted Aug 22, 2014
Authored by Renzi

CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | f07d37bc985640df912af83e027860dfb44dd82b807aa4a00588820ffcce80d3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close