what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2015-01-06 to 2015-01-07

Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure
Posted Jan 6, 2015
Authored by Eduardo Novella

ADB BroadBand Pirelli ADSL2/2+ wireless router version P.DGA4001N suffers from multiple unauthenticated remote information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
advisories | CVE-2015-0554
SHA-256 | c27420c6214c07d113f42f92de3a862da4bb8a1e2801fa4986abbf6126b86985
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure
Posted Jan 6, 2015
Authored by Brandon Perry | Site metasploit.com

This Metasploit module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user created during installation. This password is encrypted with a static key, and is encrypted using a weak cipher at that (ECB).

tags | exploit, xxe
SHA-256 | 01a438afa7dd5e3323cf3bdca6d5720f8815799cc27eaf5498b39b69ad28f5a5
Kajona CMS 4.6 Cross Site Scripting
Posted Jan 6, 2015
Authored by Steffen Roesemann

Kajona CMS version 4.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0a9afff33b043d1dce49be4bee3d8a88e722ad843059aa024c313f2a461663cf
Sefrengo CMS 1.6.0 Cross Site Scripting
Posted Jan 6, 2015
Authored by Steffen Roesemann

Sefrengo CMS version 1.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 82b880a1d59e56fc12889e13abf84b6cfa6e85f85e486bf1b0a2fcc3729532eb
Sefrengo CMS 1.6.0 SQL Injection
Posted Jan 6, 2015
Authored by Steffen Roesemann

Sefrengo CMS version 1.6.0 suffers from a remote SQL injection in the administrative backend.

tags | exploit, remote, sql injection
SHA-256 | 307542e83bb0371fc65a2729e107d796f2c0ad96654f0edbe4970f8ab2b22bbd
BulletProof FTP Client BPS Buffer Overflow
Posted Jan 6, 2015
Authored by Gabor Seljan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in BulletProof FTP Client 2010, caused by an overly long hostname. By persuading the victim to open a specially-crafted .BPS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.

tags | exploit, remote, overflow, arbitrary
systems | windows
advisories | CVE-2014-2973
SHA-256 | e5d33406aeb9e2aa88598b1dd18462a9ef67a59bb67577584d10ed7cf7894210
EMC Documentum Web Development Kit XSS / CSRF / Redirection / Injection
Posted Jan 6, 2015
Site emc.com

Documentum Web Development Kit (WDK) and WDK-based clients contain cross site scripting, cross site request forgery, URL redirection, insufficient randomness, and frame injection vulnerabilities.

tags | advisory, web, vulnerability, xss, csrf
advisories | CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639
SHA-256 | 5723d492c782836a6ea35341d64a0bc9cd8f7b71e77c2cdeae6a36557bb3eb80
Mandriva Linux Security Advisory 2015-005
Posted Jan 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-005 - A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3580, CVE-2014-8108
SHA-256 | d13ea010371425cf8a9fd6eb8987085bef55351cbb1da6f338800d6a56ee2ebd
Debian Security Advisory 3119-1
Posted Jan 6, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3119-1 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2014-6272
SHA-256 | ba981464d57b711de3d7ce967eb091055c67eccec9d191c924fbdf642b319abe
Ubuntu Security Notice USN-2451-1
Posted Jan 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2451-1 - Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-1425
SHA-256 | 21b3dfa60d85c13fffa18b591a2a6ebfd566166d299f3f83dff8cadced9419ea
Handling The Problems In Biometrics
Posted Jan 6, 2015
Authored by Varun Mamillapalli

This paper describes some of the common problems faced in biometrics and possible solutions to these problems.

tags | paper
SHA-256 | 1e2342519676a56045378295699ec80a758236ce205376eff99f6166e1ce8163
Pirelli Router P.DG-A4001N WPA Key Reverse Engineering
Posted Jan 6, 2015
Authored by Eduardo Novella

This is proof of concept code that demonstrates reverse-engineering of the default WPA key generation algorithm used in ADB broadband Pirelli routers in Argentina. Model P.DG-A4001N is affected.

tags | exploit, proof of concept
advisories | CVE-2015-0558
SHA-256 | 9527c73ee36d4ee8f486e3120f240ad2de3454591ef889ad7519aa54f4242c5a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close