exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 379 RSS Feed

Files Date: 2015-06-01 to 2015-06-30

NETGEAR ProSafe Cross Site Scripting / SQL Injection / Header Injection
Posted Jun 26, 2015
Authored by Juan J. Guelfo

NETGEAR ProSafe suffers from cross site scripting, header injection, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | d2cffb6c14ae7d6d75847a649433d54664550130dd5ffabcc160493696e70230
Cisco Security Advisory 20150625-ironport
Posted Jun 26, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) suffer from a default authorized SSH key vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities.

tags | advisory, web, vulnerability
systems | cisco
SHA-256 | e38fb0ce7d80564472a520ad94e940659c93ba113976a0dacea062720bcd0b67
Download Zip Attachments 1.0 File Download
Posted Jun 26, 2015
Authored by Larry W. Cashdollar

Download Zip Attachments version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2015-4704
SHA-256 | 5c51fdb6e266ef3a8a35172957a3166fd6452e291e1e736475722362e05b938f
WordPress WP-Instance-Rename 1.0 File Download
Posted Jun 26, 2015
Authored by Larry W. Cashdollar

WordPress WP-Instance-Rename plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2015-4703
SHA-256 | 9a24d9b6daa62347b0cb943035d61843dba740d737dd765fd6a8ca7bdea56236
ArcSight Log Poisoning
Posted Jun 26, 2015
Authored by Andrea Menin

ArcSight suffers from a log poisoning vulnerability.

tags | exploit
SHA-256 | fc2f4788f873862fc266d71b5a6c6655034f7c3ae00f59103be393d90706c07b
Htcap Analysis Tool Alpha 0.1
Posted Jun 26, 2015
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

tags | tool, web, javascript, sniffer, python
SHA-256 | 981291a5ddf50d934fe6635ef8364804c1736f0f3495311f538a582c06e131fd
Nucleus CMS 3.65 Cross Site Scripting
Posted Jun 26, 2015
Authored by Sharankumar Somana

Nucleus CMS version 3.65 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 546f34805d04034f047e4144ea4b40a6097badf77ac07bce75855a9b73741bd7
Havij OLE Automation Array Remote Code Execution
Posted Jun 26, 2015
Authored by Mohammad Reza Espargham

Havij OLE automation array remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
SHA-256 | 0b4819a45bd6e1a62245eba921eb17566ff9e73ce344ddff448a2b0e24071756
Linux/x86 Forced rmdir Shellcode
Posted Jun 26, 2015
Authored by B3mB4m

Linux/x86 forced rmdir shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 469f7ff5f741fdd0315a04ed6f346abbcb0f53af634b84d8f389271376f8674e
GeniXCMS 0.0.3 SQL Injection
Posted Jun 25, 2015
Authored by cfreer

GeniXCMS version 0.0.3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3933
SHA-256 | 56b42b89c53ae00854dd56e9d88622dc91c0daaec73811639535c290e2c3f090
Red Hat Security Advisory 2015-1189-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1189-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
SHA-256 | 39d964d6cb4b4dda9a64b2021f7fbd2ea4a581275c0694de8d847d2d82bfa972
Red Hat Security Advisory 2015-1190-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1190-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2015-1805
SHA-256 | 614e331de01ad1a7352b1d4be6b38996c86ac2ef7653cb8f9b14bbfe9b0c580b
Ubuntu Security Notice USN-2653-1
Posted Jun 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2653-1 - It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, imap, protocol, python
systems | linux, ubuntu
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
SHA-256 | c92a23a6c2ffef9c5e260503201c22b883bc893d34393a43e5e16c00a1a6be64
Ubuntu Security Notice USN-2654-1
Posted Jun 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2654-1 - It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2014-0119, CVE-2014-0227, CVE-2014-0230, CVE-2014-7810
SHA-256 | a174f8e325d9828914e2df7525e1cae37224c8bc3844309db620b32444e9b830
Ubuntu Security Notice USN-2655-1
Posted Jun 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2655-1 - It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0227, CVE-2014-0230, CVE-2014-7810
SHA-256 | b61abbda1322386d4a63d2565e2c7fe0a6030b7c311aa23adfc1d91d678321b9
Red Hat Security Advisory 2015-1187-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1187-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605
SHA-256 | b34c749711ea3b7e7d1f8a9142f1a2421a5974fbdf7e052124d26207fc456487
Red Hat Security Advisory 2015-1188-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1188-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.130, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-1266, CVE-2015-1267, CVE-2015-1268, CVE-2015-1269
SHA-256 | 8f05ec4a84f19c3c27147f3c264e74d2c2d5cf43d2f907a1d8b59d6321f7e3b4
Red Hat Security Advisory 2015-1186-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1186-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605
SHA-256 | 0b7187415bdc0d78cd103b4bbf0cb103aecd6b3554e4079ac4b6be16514b3447
Red Hat Security Advisory 2015-1185-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1185-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-4000
SHA-256 | d3b8c8863bc4c06cd8091e672ddb9d95b2f56a995bbc755e9e1dcdbb20c55d3b
AESshell 0.7
Posted Jun 25, 2015
Authored by Marco Lux

AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.

tags | tool, shell, rootkit, python
systems | windows, unix
SHA-256 | b8a137308d0d953152da794073389bc6abb15be5bc89f85eb493f1ec3b0b236e
Linux/x86 Reboot Shellcode
Posted Jun 25, 2015
Authored by B3mB4m

28 bytes small Linux/x86 reboot shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 7df146a137978005f952bff928c8f3817468d009d0206d617cd250f9e02afa00
Joomla Simple Image Upload 1.0 Shell Upload
Posted Jun 25, 2015
Authored by CrashBandicot

Joomla Simple Image Upload component version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 931265d47b183868e79e4e49403102abb2912cafb70d9118ab7b037c561ef649
Find DNS Scanner
Posted Jun 25, 2015
Authored by dash | Site hack4.org

find_dns is a tool that scans networks looking for DNS servers.

tags | tool, scanner
systems | unix
SHA-256 | 4da66d417bfefc4925a3eeb9dd2262ff8c71c6e574b06dbc73d0ff5e977c9405
Red Hat Security Advisory 2015-1184-01
Posted Jun 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1184-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.468.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-3113
SHA-256 | a5c0b99a7d8734c41f64ace706e34ed4275968ddfaa24d8c4aae2728ea6e2b8d
Debian Security Advisory 3295-1
Posted Jun 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3295-1 - Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2015-2665, CVE-2015-4342, CVE-2015-4454
SHA-256 | d2270ddee10b79388cb859232c9460813be0e3e20d67218545961d4dc00d0b4f
Page 2 of 16
Back12345Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close