what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 379 RSS Feed

Files Date: 2015-06-01 to 2015-06-30

libpcap 1.7.4
Posted Jun 29, 2015
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

Changes: Included fix for GitHub issue #424.
tags | library
systems | unix
SHA-256 | 7ad3112187e88328b85e46dce7a9b949632af18ee74d97ffc3f2b41fe7f448b0
GetSimple CMS 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 214f9d30727be2c3b2b4aa78f18251e30e604ff0e311e01b438ee81349215f74
MODX Revolution 2.3.3-pl Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cc5594fe51b541c29a67c4f947fe79867dc8f20ce2d1a907d2968a07693ea31e
Fiyo CMS 2.0_1.9.1 SQL Injection
Posted Jun 29, 2015
Authored by cfreer

Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3934
SHA-256 | 88134155e61bdad17b0695015d75b1a5facc81ef1cec5a352d986ba9cfb5b831
Novius OS 5.0.1-elche XSS / LFI / Open Redirect
Posted Jun 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2015-5354, CVE-2015-5353
SHA-256 | f4fd9696fbbf3cb4bb30f39d3adbbe123d467ec115259459a177a9cf9bd7f1e9
CollabNet Subversion Edge Management downloadHook LFI
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603cc
CollabNet Subversion Edge Management Credential Leak
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.

tags | exploit, info disclosure
SHA-256 | 1d88ce5b1e015850cee7a266039f0317d57a1d11a0b2b10402aefdd630149ba1
Microsec e-Szigno / Netlock Mokka XML Signature Wrapping
Posted Jun 29, 2015
Authored by Imre Rad

Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.

tags | advisory
advisories | CVE-2015-3931, CVE-2015-3932
SHA-256 | 7c9175ecb67d017613e97ac84c7dc3741a8dc378d1f6b845cd5bdd140f7d842b
ESRS VE 3.0x Certificate Validation / Insufficient Randomness
Posted Jun 29, 2015
Site emc.com

Secure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.

tags | advisory, remote, spoof
advisories | CVE-2015-0543, CVE-2015-0544
SHA-256 | b38444a20c64e620d0b349751fad79209790fecff7eef46ff991d95560c7f125
Debian Security Advisory 3296-1
Posted Jun 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-2141
SHA-256 | 4707bd24eba3fb745274e22475d0cd9ef7b5c266fc91bff5bcd81208fc794025
HP Security Bulletin HPSBPI03360 2
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03360 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 0546341f2b42c53e897fdb598ca96db659cb38ad0fe2f87fc2fc3ac058009557
HP Security Bulletin HPSBPI03107 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 1eaf6201cf39811c6307c3830ebe77600364691f38ef3a3e6739b079b37a8f34
HP Security Bulletin HPSBGN03362 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 0a328b352df12a13de155069805b9c3849fd9539fffe07ce0faac4caa906a9cf
HP Security Bulletin HPSBMU03267 3
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 7ff5a108a31a43337d5de95d2e79246d6a7bcf81a0b5f4f464ee9d4de1c45e58
HP Security Bulletin HPSBUX03359 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03359 1 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory.

tags | advisory, local
systems | hpux
advisories | CVE-2015-2126
SHA-256 | 3bac40e3ac6cc630596a3687c3baac11a6f456c40c1edb26a503bcf36d021878
HP Security Bulletin HPSBGN03351 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-4000
SHA-256 | 46ca0e4ca7326b1e4d61eab6973ba780752a3ad6ca99d1c36f9123c65ac14560
Huawei Home Gateway HG530 / HG520b Password Disclosure / Change
Posted Jun 29, 2015
Authored by Fady Mohamed Osman

Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.

tags | exploit
SHA-256 | 34153720563cde72b885eab1bf23d3c0496dfd344433d5815451d5624f2154ec
CollabNet Subversion Edge Management Frontend Privilege Escalation
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.

tags | exploit, arbitrary
SHA-256 | 6367d80f85ed6df597af815bf79b0b9c35711023632a3e93c0eae53e289e7171
C2Box 4.0.0 r19171 Cross Site Request Forgery
Posted Jun 28, 2015
Authored by Wissam Bashour

C2Box version 4.0.0 r19171 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-4460
SHA-256 | 3260a9f8f243512939cde597aee57f84fbc49ba76f322ad99d963ca8720153cc
PivotX 2.3.10 Session Fixation / XSS / Code Execution
Posted Jun 28, 2015
Authored by Tim Coen

PivotX version 2.3.10 suffers from session fixation, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
SHA-256 | 46674e4415ac3578e9c37660f047a58b4394e048c244adbc09b59b34d6626102
TRENDnet TEW-818RDU PIN Disclosure
Posted Jun 28, 2015
Authored by kcdtv

TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.

tags | tool, wireless
SHA-256 | 009d8d367598cb87819d868de644c6b1b9cfadd95a5147b5bc510f5a951e0427
Adobe Flash Player Drawing Fill Shader Memory Corruption
Posted Jun 27, 2015
Authored by Chris Evans, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.

tags | exploit
systems | linux, windows
advisories | CVE-2015-3105
SHA-256 | a2184f47ed1174e50ad69f7fd1808a0bfb8843fb0450d0e5bd5891aa520131cd
Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal
Posted Jun 26, 2015
Authored by Rene Freingruber | Site sec-consult.com

By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.

tags | exploit, remote, root, vulnerability
advisories | CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684, CVE-2015-4685
SHA-256 | 1d5b03ba6b9a7b0e1ff5623237c28661b4f890d43709aa901df21c57464f2cf6
EMC Unisphere For VMAX 8.0.x Remote Code Execution
Posted Jun 26, 2015
Site emc.com

EMC Unisphere for VMAX version 8.0.3.4 contains a fix for a remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 8.0.0, 8.0.1, and 8.0.2 are affected.

tags | advisory, remote, code execution
advisories | CVE-2015-0545
SHA-256 | dd26bb1f3f1a79a0085a4c0fc0d186a5ec9968c910963ab1d6a7e4b98b20715e
Koha ILS 3.20.x CSRF / XSS / Traversal / SQL Injection
Posted Jun 26, 2015
Authored by Raschin Tavakoli

Koha ILS suffers from cross site request forgery, cross site scripting, remote SQL injection, and path traversal vulnerabilities. Versions 3.20.x less than or equal to 3.20.1, 3.18.x less than or equal to 3.18.8, and 3.16.x less than or equal to 3.16.12 are affected.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2015-4631, CVE-2015-4632, CVE-2015-4633
SHA-256 | db2ddcd34b4c592559253b1b3c6f3e7e83b307e30c13455c3c11e7c181ea9384
Page 1 of 16
Back12345Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close