what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 457 RSS Feed

Files Date: 2015-04-01 to 2015-04-30

WordPress Premium SEO Pack 1.8.0 Shell Upload / File Disclosure
Posted Apr 24, 2015
Authored by Evex

WordPress Premium SEO Pack plugin version 1.8.0 suffers from file disclosure and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | ac5f4c1d1a43f1db2b74fd991cc42657c14e00af6344504e6ebedd072e8cb46d
Encaps PHP/Flash Gallery 2.3.22s Database DoS
Posted Apr 24, 2015
Authored by ZoRLu

Encaps PHP/Flash Gallery version 2.3.22s allows for the database to be filled up due to poor design.

tags | exploit, denial of service, php
SHA-256 | 3c17bd70e22d359fbe5891372b6f80377b6cbe310ce3f5943b086af8b710c1ea
Ubuntu usb-creator 0.2.x Local Privilege Escalation
Posted Apr 23, 2015
Authored by Tavis Ormandy

Ubuntu usb-creator version 0.2.x suffers from a local privilege escalation vulnerability.

tags | exploit, local
systems | linux, ubuntu
SHA-256 | 27e7534406105f4aac22b824922f5877288f2d101993ee3f2c655de195ee6dd6
Red Hat Security Advisory 2015-0884-01
Posted Apr 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0884-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-7436
SHA-256 | 7537486bde6230c7e70cace23d5c5d3bf77dce63d7ddb051bdae0a85496238ff
MIMEDefang Email Scanner 2.78
Posted Apr 23, 2015
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Fixed bug in logic that coalesces multiparts to single-parts if possible; the bug broke DKIM signing. Fix is courtesy of Peter Nagel.
tags | tool
systems | windows, unix
SHA-256 | 8c363063fa6937826f8647e47fc3e5ef999ccb90110e0cb64befdd45cda8372c
Honeywell XLWEB SCADA Path Traversal
Posted Apr 23, 2015
Authored by Martin Jartelius

Honeywell XLWEB SCADA controller suffers from a remote path traversal vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ee6a9dd2740fbab23901b5e759ec313b5cebd9ef618a61394f8d8704f2189df1
Ubuntu Security Notice USN-2577-1
Posted Apr 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2577-1 - It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1863
SHA-256 | 2279e6e2ac03ad8f13aa40eceaf5e03cab1e3b0eb08e72e03a747b70f05a2ffc
Ubuntu Security Notice USN-2576-1
Posted Apr 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2576-1 - Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | e4168614543efb3387f9b85d0e927ff750f006c5190161c6b8ba4fc4b5c04da2
Ubuntu Security Notice USN-2576-2
Posted Apr 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2576-2 - USN-2576-1 fixed a vulnerability in usb-creator. This update provides the corresponding fix for Ubuntu 15.04. Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | e8d76a6c30bc2003f499f1da7592ef43ae21b9dc020edfc72a2265a142333221
Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload
Posted Apr 23, 2015
Authored by ZoRLu

Avsarsoft Matbaa Script suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 66d3454214fa484ffc9e57110b11324f1f1dae0d839287ad32694e041cc64bed
Pligg CMS 2.0.2 Cross Site Scripting
Posted Apr 23, 2015
Authored by Vadodil Joel Varghese

Pligg CMS version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f1df25d6bd296cf443cd0a2ec4f50554b65c1ab71679ebb6e90c7982ab54faa6
ZYXEL P-660HN-T1H_IPv6 Denial Of Service
Posted Apr 23, 2015
Authored by Koorosh Ghorbani

ZYXEL P-660HN-T1H_IPv6 remote configuration editor / web service denial of service exploit.

tags | exploit, remote, web, denial of service
SHA-256 | 8813feb1830fa068aa80eccbe2bace47ee9518e75012d7355ca4cf61c035dbf0
Free MP3 CD Ripper 2.6 / 2.8 Buffer Overflow
Posted Apr 23, 2015
Authored by TUNISIAN CYBER, ThreatActor

Free MP3 CD Ripper versions 2.6 and 2.8 .wav SEH-based buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 373482138ce00dfe1ff90d3548d03d8d3b56c24f77088b12e099501be649772a
Android wpa_supplicant Heap Overflow
Posted Apr 23, 2015
Authored by Alibaba Security Team

wpa_supplicant version 2.x on Android suffers from a heap overflow that can lead to memory information leaks and remote code execution.

tags | advisory, remote, overflow, code execution
advisories | CVE-2015-1863
SHA-256 | 01ee6f07cd1dc7ed4b4d9fe43c5c2e39e7896e387437595d2ed70ee28df47ecb
Dnsmasq 2.72 Unchecked Return Value
Posted Apr 23, 2015
Authored by Nick Sampanis

Dnsmasq version 2.72 does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client's connection. This may lead, upon successful exploitation, to reading the heap memory of dnsmasq.

tags | advisory, tcp
SHA-256 | 15ce37ec8c0427813ec7b2856b386f96b7f86c6dd544e1d7626c85e4d9919940
Socrata Online Service Script Insertion
Posted Apr 23, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Socrata Online Service suffers from a script insertion vulnerability.

tags | exploit
SHA-256 | 00abdd243861d3f2dc99eff7e496437710ed8714f01a0e953dabdfe6818b6a52
Magento eCommerce SQL Injection / RFI / LFI / Command Execution
Posted Apr 23, 2015
Authored by Shahar Tal

Magento eCommerce suffers from authentication bypass, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.

tags | advisory, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | b1bb0bc0421bad1545aa417e1a52602a15ab67d91412ccd0951fcf453a82a036
tcpdump 4.7.4
Posted Apr 22, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Capsicum fixes for FreeBSD 10.
tags | tool, sniffer
systems | unix
SHA-256 | 6be520269a89036f99c0b2126713a60965953eab921002b07608ccfc0c47d9af
libpcap 1.7.3
Posted Apr 22, 2015
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump.

Changes: Added support for filtering Geneve encapsulated packets.
tags | library
systems | unix
SHA-256 | dd9f85213dc8e948068405b55dd20f8b32e3083e9e0e186f833bd0372e559e2f
FreePBX 12.0.43 Cross Site Scripting
Posted Apr 22, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

FreePBX version 12.0.43 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2690
SHA-256 | d9d53b3b7599d87fc38d7ee9ff08ed12b0135076e823739c358307a8c50d03b8
Netgear WNR2000v4 Abuse / XSS / Command Injection
Posted Apr 22, 2015
Authored by endeavor

Netgear WNR2000v4 suffers from code execution, missing abuse control, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
SHA-256 | a60514e037b94556a4f79c31a7216ae19ad9a00ce40e4aca9b35cf6a3a16c094
Debian Security Advisory 3232-1
Posted Apr 22, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148
SHA-256 | 6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31
Red Hat Security Advisory 2015-0869-01
Posted Apr 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0869-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-3610, CVE-2014-3611
SHA-256 | 26225351ab56061b5da1791a123ec8764b904a911c83218c2500c2ca7e8fef8f
Red Hat Security Advisory 2015-0870-01
Posted Apr 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0870-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159
SHA-256 | 9f2d0329dd85d46f5eed463422fa259961159397119b8a8180ae691e2b71e409
Slackware Security Advisory - openssl Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
SHA-256 | 7c17abb86d4231b87b033da9d23176208cda435cc8ac6d37f56333750ace636f
Page 4 of 19
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close