exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 457 RSS Feed

Files Date: 2015-04-01 to 2015-04-30

Debian Security Advisory 3238-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3238-1 - Several vulnerabilities were discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3336
SHA-256 | 914899feb17ca95c0602b6f2f4f452518d9f4ae92cfda0698f1e2f62822782c3
Debian Security Advisory 3237-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-8159, CVE-2014-9715, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3332, CVE-2015-3339
SHA-256 | aa8f1362fe2b1e520df3774e9b5a3562a1ce08175dfc089a7a41b13a71abdb2e
Ubuntu Security Notice USN-2578-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2578-1 - Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were tricked into opening a specially crafted HWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9093, CVE-2015-1774
SHA-256 | 71ac5f10710fff2f31331f2c65bc2031d90e66ec9887af391ff933321248c56e
MiniUPnPd 1.0 Stack Overflow
Posted Apr 27, 2015
Authored by Onur Alanbel

MiniUPnPd version 1.0 stack overflow remote code execution exploit for AirTies RT Series. Provides a reverse shell.

tags | exploit, remote, overflow, shell, code execution
advisories | CVE-2013-0230
SHA-256 | 498f2c5bf24844ab26545a5525a97f66a570ba969b3a46e477e4b93e5982d9b2
OTRS 3.x Cross Site Scripting
Posted Apr 27, 2015
Authored by Adam Ziaja

OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1695
SHA-256 | 2e3f4aa9bd8270be5647e928e03c289520cddaae59e541df172d313c213650b7
VideoSpirit Pro 1.91 Buffer Overflow
Posted Apr 27, 2015
Authored by evil_comrade

VideoSpirit Pro version 1.91 buffer overflow with SEH bypass exploit.

tags | exploit, overflow
SHA-256 | 4a610b7c8fb559b4026157db23297421051705f258bfe8264267c8d6838a889f
Legend Perl IRC Bot Remote Code Execution
Posted Apr 27, 2015
Authored by Jay Turla

Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.

tags | exploit, remote, perl, code execution, proof of concept
SHA-256 | 7ed64a03ba8a28e4a3162e46f413835566f71dbc30233138782e899686ac85d9
Commix Command Injection Tool
Posted Apr 26, 2015
Authored by Anastasios Stasinopoulos | Site github.com

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

tags | tool, web, scanner, vulnerability, python
systems | unix
SHA-256 | ebfd7aa7484ac7375a5fd08220e7a2f8ebe5623a98d5baf8305a57d0c0f9f85b
WordPress WooCommerce Amazon Affiliates 7.0 Shell Upload / File Disclosure
Posted Apr 26, 2015
Authored by Evex

WordPress WooCommerce Amazon Affiliates plugin version 7.0 suffers from file disclosure and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, info disclosure
SHA-256 | 6bf85916f8328ca14bfba59426f65b3d54e44bb1f87dfe285d315cafe7390693
Debian Security Advisory 3236-1
Posted Apr 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3236-1 - It was discovered that missing input sanitising in Libreoffice's filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2015-1774
SHA-256 | c77dd6afcab68062a457b065150401c354358678553b7b0f31c38b3269e3b29f
Debian Security Advisory 3235-1
Posted Apr 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3235-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 7f63fd15e24f32bf99334d534a5089daac7730ea3359f45be9d8eabcf4eba4e8
Debian Security Advisory 3234-1
Posted Apr 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3234-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | def56cbcb5f101f29f12a80e59378f7d3c5ab84852759f935899affe26802977
HP Security Bulletin HPSBHF03272 1
Posted Apr 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03272 1 - A potential security vulnerability has been identified with certain HP Servers with NVidia GPU Computing Driver running Windows Server 2008. This vulnerability could be exploited resulting in elevation of privilege. Revision 1 of this advisory.

tags | advisory
systems | windows
advisories | CVE-2015-1170
SHA-256 | 6f1f421351008007e3a045e814596974c41a38fe81042dad57f84ddde4fac716
HP Security Bulletin HPSBPI03315 1
Posted Apr 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03315 1 - A potential security vulnerability has been identified with HP Capture and Route Software. The vulnerability could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.

tags | advisory, info disclosure
advisories | CVE-2015-2115
SHA-256 | 0f53330b8863493f6bd516603fdd709e7343a9179ad79258fa39a93bd5f98e51
Debian Security Advisory 3233-1
Posted Apr 24, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3233-1 - The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2015-1863
SHA-256 | cbf11d3c2811cfc3822a030648d7fd3606b6426e0b3081e97749187e44a2873a
Fwknop Port Knocking Utility 2.6.6
Posted Apr 24, 2015
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: fwknopd can now function as a generic SPA gateway. Various bug fixes.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | bb1d6613c5df7d0723b1a1100ed5cf195677a314d64b50433da90882a491b074
WordPress WPshop eCommerce 1.3.9.5 Shell Upload
Posted Apr 24, 2015
Authored by g0blin | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress WPshop eCommerce plugin versions 1.3.3.3 to 1.3.9.5. It allows you to upload arbitrary PHP code and get remote code execution. This Metasploit module has been tested successfully on WordPress WPshop eCommerce 1.3.9.5 with WordPress 4.1.3 on Ubuntu 14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
SHA-256 | f619d802b93d34eebff17a8861709268616692a3263b82947bee155839965331
Packet Fence 5.0.1
Posted Apr 24, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Various updates.
tags | tool, remote
systems | unix
SHA-256 | e8a7557d87d5e758c987601028f15c2f3cf15c72d7bef351c79af1484d74b841
WordPress InBoundio Marketing 2.0 Shell Upload
Posted Apr 24, 2015
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress InBoundio Marketing plugin version 2.0. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress InBoundio Marketing 2.0.3 with Wordpress 4.1.3 on Ubuntu 14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
SHA-256 | 114356930e9c145630aeafa00184f2b3246d456a0167279e09bbfc184d6c975e
WooThemes WooFramework 4.5.1 Cross Site Scripting
Posted Apr 24, 2015
Authored by Evex

WooThemes WooFramework version 4.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5d124409091d48c2939ad588a90764b38d2a4484f4d89a3139fb746c2c995abf
OpenFire XMPP 3.9.3 Certificate Handling
Posted Apr 24, 2015
Authored by Simon Waters, Kim Alvefur

OpenFire XMPP versions 3.9.3 and below incorrectly accepts self-signed certificates potentially allowing for spoofing attacks.

tags | advisory, spoof
advisories | CVE-2014-3451, CVE-2015-2080
SHA-256 | d26c2fe0c0cc3b4027d438b3b2eba60b5fcea46aa1cc48496aed16c4a47ece9e
Xoops CMS 2.5.7.1 Cross Site Scripting
Posted Apr 24, 2015
Authored by Vadodil Joel Varghese

Xoops CMS version 2.5.7.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6d96a583b5517d793a50ea4d7ed9518604a1e1041b363fdc87ac95943b0e4919
Ubuntu Security Notice USN-2571-1
Posted Apr 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2571-1 - Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-2706
SHA-256 | d1ecdc8415b2df26cb92c366dca7a5d657231bb6a63cd603887be34dc22916d4
FlatPress 1.0 Cross Site Scripting
Posted Apr 24, 2015
Authored by Provensec

FlatPress version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 31b2ba9333b2e1336dd35c959bdfed46dda097275be00da883f6f3d2461edddd
WordPress QAEngine Theme 1.4 Privilege Escalation
Posted Apr 24, 2015
Authored by Evex

WordPress QAEngine Theme version 1.4 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 83976326087c31c7102e2646fc3829eb8a1f6ff16ade8fae6f4bec7ea6e1d799
Page 3 of 19
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close