what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-03-18 to 2016-03-19

XOOPS 2.5.7.2 Cross Site Request Forgery
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9
XOOPS 2.5.7.2 Directory Traversal
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".

tags | exploit
SHA-256 | 8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18
Solarwinds Dameware Mini Remote Code Execution
Posted Mar 18, 2016
Authored by b0yd

A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.

tags | advisory, remote, overflow
advisories | CVE-2016-2345
SHA-256 | 390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05b
XOOPS 2.5.7.2 Weak Crypto
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.

tags | advisory, cryptography
SHA-256 | 5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
SHA-256 | 5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5
Grandstream Wave 1.0.1.26 Update Redirection
Posted Mar 18, 2016
Authored by Georg Lukas

The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package

tags | exploit
advisories | CVE-2016-1520
SHA-256 | c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447
Grandstream Wave 1.0.1.26 TLS Man-In-The-Middle
Posted Mar 18, 2016
Authored by Georg Lukas

Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.

tags | advisory, remote, web
advisories | CVE-2016-1518, CVE-2016-1519
SHA-256 | e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73
Ubuntu Security Notice USN-2935-3
Posted Mar 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-7041, CVE-2014-2583, CVE-2015-3238
SHA-256 | 3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473
Slackware Security Advisory - mozilla-firefox Updates
Posted Mar 18, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6
Debian Security Advisory 3519-1
Posted Mar 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8550, CVE-2015-8555, CVE-2016-1570, CVE-2016-1571, CVE-2016-2270, CVE-2016-2271
SHA-256 | 83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00c
BigTree 4.2.8 Object Injection / Improper Filename Sanitization
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

BigTree version 4.2.8 suffers from object injection and improper filename sanitization.

tags | exploit
SHA-256 | bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3
PivotX 2.3.11 Shell Upload
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109
PivotX 2.3.11 Directory Traversal
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5e
PivotX 2.3.11 Cross Site Scripting
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485
Zenphoto 1.4.11 Remote File Inclusion
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337a
OWASP AppSec USA 2016 Call For Papers
Posted Mar 18, 2016
Site 2016.appsecusa.org

OWASP is currently soliciting papers for the OWASP AppSec USA 2016 conference that will take place at the Renaissance in Washington, D.C. October 11th through the 14th, 2016.

tags | paper, conference
SHA-256 | ca028335421923ddd06f460662acd29726fc4ad07b6195f52fa8ee3b60b5cbcc
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close