exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2014-08-27 to 2014-08-28

Firefox WebIDL Privileged Javascript Injection
Posted Aug 27, 2014
Authored by joev, Marius Mlynski | Site metasploit.com

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2014-1510, CVE-2014-1511
SHA-256 | d5cc945e074cb09855a57374de57a97262b3ec3bd1140179dace08bfcb49db35
Microsoft Security Bulletin Re-Release For August, 2014
Posted Aug 27, 2014
Site microsoft.com

This bulletin summary notes that MS14-045 has undergone a major revision increment as of August 27, 2014.

tags | advisory
SHA-256 | 81b4c6695e127a3c88b4a69d1dce7b9431e665641f9a479bb33ffaf52b7885f8
ManageEngine DeviceExpert 5.9 Credential Disclosure
Posted Aug 27, 2014
Authored by Pedro Ribeiro

ManageEngine DeviceExpert version 5.9 suffers from a user credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 51e22c92f98a813a1c5ec8301f8d7ed43adbe8dcd3be82e7f05dd0b625342ecf
ICETC2014 Call For Papers
Posted Aug 27, 2014

The International Conference on Education Technologies and Computers (ICETC2014) will be held at Lodz University of Technology, Lodz, Poland on September 22-24, 2014.

tags | paper, conference
SHA-256 | 961258d9a7a88a7e3de346c9f81e72d213430bf373f696e22bb1e383d448ea9b
ManageEngine EventLog Analyzer 7 Cross Site Scripting
Posted Aug 27, 2014
Authored by Rodrigo Contarino

ManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-4930
SHA-256 | 0bf36f68da768952108b58e9e72774b2bf741922f4c175919319cf299d4fe76d
Debian Security Advisory 3012-1
Posted Aug 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-5119
SHA-256 | 1fda609b5a3bc772a28814203d914f8516efd24910c2e122c8383a3dc3d5a4dd
Red Hat Security Advisory 2014-1102-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1102-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2014-3514
SHA-256 | 2cd25f0dba5c66d9dc2d6f4a7e6c235747fedffc056844c7ef6d7252249588e3
Red Hat Security Advisory 2014-1101-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | c91898517a883dd6f082a85ce083d572bdff42dd7fb6a67daf132005f8cc8545
WooCommerce Store Exporter 1.7.5 Cross Site Scripting
Posted Aug 27, 2014
Authored by Mike Manzotti

WooCommerce Store Exporter version 1.7.5 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a5d12f02986706a41c3f927c97bff470f809205d60722035a0a4da41540c4874
RedHat Checklist Script
Posted Aug 27, 2014
Authored by Marcos M Garcia

This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author's workplace would comply with specific policies. As this tool was designed specifically for this purpose, "lynis" was not used for the task.

tags | tool
systems | linux, redhat
SHA-256 | 32e6a9c01f7cf352857b0a5a607d304b8c100b32f0166340a6a68c41595b9e97
Encore Discovery Solution 4.3 Open Redirect / Session Token In URL
Posted Aug 27, 2014
Authored by CAaNES

Encore Discovery Solution version 4.3 suffers from an open redirect vulnerability. It also passes the session token in the URL.

tags | advisory, info disclosure
advisories | CVE-2014-5127, CVE-2014-5128
SHA-256 | e0920eb1e2d0150ca74c5e507a7c2eac753594fae2d4c3fb55d5150e27fe6b15
RFC7359 - Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages In Dual-Stack Hosts/Networks
Posted Aug 27, 2014
Authored by Fernando Gont

The subtle way in which the IPv6 and IPv4 protocols coexist in typical networks, together with the lack of proper IPv6 support in popular Virtual Private Network (VPN) tunnel products, may inadvertently result in VPN tunnel traffic leakages. That is, traffic meant to be transferred over an encrypted and integrity- protected VPN tunnel may leak out of such a tunnel and be sent in the clear on the local network towards the final destination. This document discusses some scenarios in which such VPN tunnel traffic leakages may occur as a result of employing IPv6-unaware VPN software. Additionally, this document offers possible mitigations for this issue.

tags | paper, local, protocol
SHA-256 | fa98023a273f3231dab648bba72fdf7f52dd2a529b75297420d89773222e1c25
Furniture Site Manager SQL Injection
Posted Aug 27, 2014
Authored by KnocKout

Furniture Site Manager suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | eed7a3816e2b07e5e69779e732c4e7fb71add6fcbc27a1090a52dcf96ec86c59
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close