what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-08-28 to 2014-08-29

In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux
Posted Aug 28, 2014
Authored by Andrew Case, Golden G. Richard III

Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.

tags | paper, forensics
systems | linux, apple, osx
SHA-256 | 1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862a
NRPE 2.15 Remote Command Execution
Posted Aug 28, 2014
Authored by Dawid Golunski, Claudio Viviani

NRPE version 2.15 remote command execution exploit written in Python.

tags | exploit, remote, python
advisories | CVE-2014-2913
SHA-256 | c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38
DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS
Posted Aug 28, 2014
Authored by Haider Mahmood

DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 9e1d059a854c7452d4e992af1f56cbf73f5ba81749003700ac74a405686063b5
Jappix Cross Site Scripting
Posted Aug 28, 2014
Authored by Provensec

Jappix suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 107180118407f89e40bf1d31d9e71d1f970b1b47742016591ef2b1a27d8e20e1
Lynis Auditing Tool 1.6.0
Posted Aug 28, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added several new plugins to default profile. HostID detection for AIX added. Improvements for log file added and the GetHostID function improved. Various other updates.
tags | tool, scanner
systems | unix
SHA-256 | ccac50d8d03ae7c81314aa8188dda0dc4684861462b8f91c845daaa662548bda
F5 BIG-IP 11.5.1 Cross Site Scripting
Posted Aug 28, 2014
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4023
SHA-256 | 90bc183e4916362d71c4474e9345d2f9d2041b58846f35012b0a395feaf2417a
Aerohive Hive Manager / Hive OS Complete Fail
Posted Aug 28, 2014
Authored by Nick Freeman, Thomas Hibbert, Denis Andzakovic, Carl Purvis, Pedro Worcel, Scott Bell | Site security-assessment.com

Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.

tags | advisory, arbitrary, local, vulnerability, code execution, xss, file inclusion, file upload
SHA-256 | cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800
ActualAnalyzer Remote Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

ActualAnalyzer remote command execution exploit that leverages an eval.

tags | exploit, remote
SHA-256 | 8f2990bbfd3d05f330dbb9f7a0d5dc5d2bde4218361df5492b6297038b4bc115
PhpWiki Ploticus Command Injection
Posted Aug 28, 2014
Authored by Benjamin Harris

Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.

tags | exploit, remote, proof of concept
SHA-256 | 0537e551a6510f8813c0b1364ed2c664f69c09d7a2daea939ae50369296e203f
XRMS Blind SQL Injection / Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

XRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.

tags | exploit, remote, sql injection
SHA-256 | 22da305ed8f31ea31597071bebb8862e1bbef05d26a2868faaa7c5cd07486cbe
Debian Security Advisory 3014-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.

tags | advisory, remote, web, denial of service
systems | linux, debian
advisories | CVE-2014-3609
SHA-256 | 5e351a1d139585fb9520a9884e38270f9aa23af5afaf97f0010e61ce08fc9064
Red Hat Security Advisory 2014-1103-01
Posted Aug 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
SHA-256 | 184a842d7a169d9032e982dd7804cbf9c1439b4ed8e0214ae3b6c70cd5f0dfde
Debian Security Advisory 3013-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3013-1 - Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

tags | advisory, arbitrary, python
systems | linux, debian
advisories | CVE-2014-0485
SHA-256 | 08ee1cc3f772b3107bc3b05694ec1d5a52965bb043eb604501975e46017a5876
Ubuntu Security Notice USN-2327-1
Posted Aug 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3609
SHA-256 | 916e29698c752224a8cbb7a9c77d542b4db061a30ba237e61be04fcc7764a84f
Plogger Authenticated Arbitrary File Upload
Posted Aug 28, 2014
Authored by b0z

Plogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2014-2223
SHA-256 | 2229ede1572118bc72b109ff7e6d3bbcc1f082c43c519ec37c7328ee927f4032
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close