exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-09-12

Debian Security Advisory 3024-1
Posted Sep 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3024-1 - Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys.

tags | advisory
systems | linux, debian
advisories | CVE-2014-5270
SHA-256 | b2346aef46332e7dd3e40eb0441330ae17335baff74358e7b56dfc81b92896c8
Debian Security Advisory 3023-1
Posted Sep 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3023-1 - Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2014-0591
SHA-256 | 0c747ab33b05927c81ed21001fd7ebc7f8d6980413af8ba29ccff7c19a76ee10
Rooted SSH/SFTP Daemon Default Login Credentials
Posted Sep 12, 2014
Authored by Larry W. Cashdollar

Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.

tags | exploit, root
SHA-256 | 04c4d92a411b17314d846f4d2d72d2c504c386afce4fbd9c2181d3687821c1dc
Joomla Spider Form Maker 3.4 SQL Injection
Posted Sep 12, 2014
Authored by Claudio Viviani

Joomla Spider Form Maker versions 3.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5c25d9bbb458923098a56f057354dcfed35e345f3b132afb9cfcd72b197098bc
Food Order Portal 8.3 Cross Site Request Forgery
Posted Sep 12, 2014
Authored by KnocKout

Food Order Portal version 8.3 suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.

tags | exploit, csrf
SHA-256 | 1ea1544a5ebc5aaffe39261af2fcca694eb003fcf7092e12495bbea16b10c3d5
WordPress Photo Album Plus 5.4.4 Cross Site Scripting
Posted Sep 12, 2014
Authored by Milhouse

WordPress Photo Album plugin versions 5.4.3 through 5.4.4 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c38d7002e32eb064b1714abb53b8e2a9009080e41e1a14a2eb784e026081cc25
Travel Portal II 6.0 Cross Site Request Forgery
Posted Sep 12, 2014
Authored by KnocKout

Travel Portal II version 6.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 62a86dc8112532213efcb4069d4e0905784a3f5239b1a32bb2fa868ea3dd6b04
HttpFileServer 2.3.x Remote Command Execution
Posted Sep 12, 2014
Authored by Daniele Linguaglossa

HttpFileServer version 2.3.x suffers from a remote command execution vulnerability due to a poorly formed regex.

tags | exploit, remote
advisories | CVE-2014-6287
SHA-256 | b3271bba3fc147d5debc54d8dbb9d30c83064441e55e54ba453b1f75c0faa5bc
Packet Fence 4.4.0
Posted Sep 12, 2014
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This release adds many bugfixes and enhancements.
tags | tool, remote
systems | unix
SHA-256 | 56b718b99d84de2abc347d7ea9492308f424f900effa0430fbf868ff72694af7
Railo 4.2.1 Remote File Inclusion
Posted Sep 12, 2014
Authored by drone, Brandon Perry | Site metasploit.com

This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

tags | exploit, remote, arbitrary
advisories | CVE-2014-5468
SHA-256 | 0bbe174102c9e26fadfffb5af3c7e341a378b56297c9ad11a3b67c73f86ebcd0
ManageEngine Eventlog Analyzer Arbitrary File Upload
Posted Sep 12, 2014
Authored by h0ng10 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine Eventlog Analyzer. The vulnerability exists in the agentUpload servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses a remote attacker can achieve remote code execution. This Metasploit module has been tested successfully on versions v7.0 - v9.9 b9002 in Windows and Linux. Versions between 7.0 and < 8.1 are only exploitable via EAR deployment in the JBoss server, while versions 8.1+ are only exploitable via a JSP upload.

tags | exploit, remote, code execution, file upload
systems | linux, windows
advisories | CVE-2014-6037
SHA-256 | 7a0773137d222dd2f47bbc5c83d57f0b5cff637f5610d1a372378c64bc78f404
SolarWinds Storage Manager Authentication Bypass
Posted Sep 12, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This Metasploit module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

tags | exploit, remote, code execution, bypass, file upload
systems | linux, windows
SHA-256 | 8e0158bd6ed6894515f4b2ee12c6dea89374d232c9a98949f115bcf2c61c7927
Lynis Auditing Tool 1.6.1
Posted Sep 12, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added --pentest parameter to run a non-privileged scans (e.g. for pentesting). Improved vulnerable packages test on Debian based systems (apt-check). Various other changes and improvements.
tags | tool, scanner
systems | unix
SHA-256 | eeafb14a95438e49cb3a3b2cabcfa0eecfa2d5afdd3fa59d9ba0d25ce7215023
ChatSecure IM 2.2.4 Script Insertion
Posted Sep 12, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ChatSecure IM version 2.2.4 suffers from a script insertion vulnerability.

tags | exploit
SHA-256 | a1d63992776f6b160baadca0cf9825cb09885083022c371a9e0bcecbe4a38c27
Photorange 1.0 Local File Inclusion
Posted Sep 12, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Photorange version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 75bef9925a77ffb1dc427868354508f7fe746ca675fc20a44c20d9fc5c720bf1
SWBI 2015 Call For Papers
Posted Sep 12, 2014
Site sdiwc.net

The International Conference on Semantic Web Business and Innovation (SWBI2015) has announced it's call for participation. It will be held at the University of Applied Sciences and Arts Western Switzerland October 7th through the 9th, 2015.

tags | paper, web, conference
SHA-256 | 2decc494976fd7e643725443dddb1d0d88fcc1f82ba12b2c5df91dd01325b912
Red Hat Security Advisory 2014-1186-01
Posted Sep 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1186-01 - The katello-configure package provides the katello-configure script, which configures the Katello installation, and the katello-upgrade script, which handles upgrades between versions. It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to _search. All Subscription Asset Manager users are advised to upgrade to this updated package. The update provides a script that modifies the elasticsearch.yml configuration file to disable dynamic scripting. After updating, run the "katello-configure" command. This will update the elasticsearch.yml configuration file and restart the elasticsearch service.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-3120
SHA-256 | 8e0e0f078d1634249edcb305467202bd802bcf0c3aae4448de08308a913120e0
Red Hat Security Advisory 2014-1184-01
Posted Sep 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1184-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. A stored cross-site scripting flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2014-3595
SHA-256 | 1079b54963ab4b32ed48f60599cdc5de85f122fd581763afd88f13c5e6fca19e
Ubuntu Security Notice USN-2330-1
Posted Sep 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2330-1 - Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1553, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
SHA-256 | 2fdd85d864eecc852ec8cfbedce628458a05c03413ae106c41c0a5947f7f1247
VMware Security Advisory 2014-0009
Posted Sep 12, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0009 - VMware NSX and vCloud Networking and Security (vCNS) product updates address a vulnerability that could lead to critical information disclosure.

tags | advisory, info disclosure
advisories | CVE-2014-3796
SHA-256 | e0e5dd6e6eac5631d03573d4eaa26612f938e3d5a6bae43522bfab629c5a85ad
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close