what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-11-12

Lantronix xPrintServer Remote Command Execution / CSRF
Posted Nov 12, 2014
Authored by Jim Bauwens

Lantronix xPrintServer suffers from remote command execution and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, csrf
SHA-256 | ff6469302e547e01bb9030847093051785ad3cc7d9ecacc094da02afa766ef4f
PHPMemcachedAdmin 1.2.2 Remote Code Execution
Posted Nov 12, 2014

PHPMemcachedAdmin versions 1.2.2 and below suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2014-8731
SHA-256 | 19d87edb296c6abb43991e0a8e2a208e67c071926458b687ba07422d91852a16
CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption
Posted Nov 12, 2014
Authored by LiquidWorm | Site zeroscience.mk

CorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions. Affected versions include 17.1.0.572 (X7) - 32bit/64bit (EN) and 15.0.0.486 (X5) - 32bit (EN).

tags | exploit, arbitrary
systems | linux
SHA-256 | d61e01adb66b6c79e68ff44e6a3ed5a2754e9b02ac1089137243b5f364608afd
F5 BIG-IP 10.1.0 Directory Traversal
Posted Nov 12, 2014
Authored by Anastasios Monachos

F5 BIG-IP version 10.1.0 suffers from a directory traversal vulnerability that can allow an authenticated user the ability to delete any system file and enumerate their existence.

tags | exploit
advisories | CVE-2014-8727
SHA-256 | 48c9228a0d762c37bb5420392618ef603f34d99d02096e06b809d1aaf78e9bb6
SAP GRC Bypass / Privilege Escalation / Program Execution
Posted Nov 12, 2014
Authored by Ertunga Arsal, Mert Suoglu | Site esnc.de

SAP Governance, Risk and Compliance (SAP GRC) suffers from SoD bypass, privilege escalation, and remote arbitrary program execution vulnerabilities.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2013-3678
SHA-256 | 2c6f6dd2ccedd0df4f801c917ff9f40ee8c504126cec43a0f77af7dde206d446
Monstra 3.0.1 Bruteforce Mitigation Bypass
Posted Nov 12, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.

tags | exploit, bypass
advisories | CVE-2014-9006
SHA-256 | e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8a
HP Security Bulletin HPSBUX03188 SSRT101487 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability
systems | hpux
advisories | CVE-2013-4548, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653
SHA-256 | f48ab840d0de653a028d42f01133ffad6f77ec827e8549cb98d0a31ab37fa27c
Debian Security Advisory 3071-1
Posted Nov 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3071-1 - In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2014-1544
SHA-256 | 4a2488a91078e9187bd86f7e1d101335a7b44b196ee02e132b0845e7346a16a2
HP Security Bulletin HPSBGN03191 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.

tags | advisory, remote, web, denial of service, vulnerability
advisories | CVE-2012-5533, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324, CVE-2014-3566
SHA-256 | 6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765
HP Security Bulletin HPSBGN03117 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03117 2 - A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: The vCAS product is vulnerable only if DHCP is enabled. Revision 2 of this advisory.

tags | advisory, remote, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169
SHA-256 | e1b44829e163823ba39cf92638eaac5e9924d468dee54cd584402a7214c8137b
HP Security Bulletin HPSBST03155 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03155 1 - A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f3dcc135fd2c1cf8a1c5df3a69efd02a182cdabdb8e9370883499a6a98eeecfc
Debian Security Advisory 3072-1
Posted Nov 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3072-1 - Francisco Alonso of Red Hat Product Security found an issue in the file thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service
systems | linux, redhat, debian
advisories | CVE-2014-3710
SHA-256 | c2c275801fcf8dc1f648f13c1c5c3a76942f60ea2fc6e8e71fd5b6f1ecf79ecd
HP Security Bulletin HPSBGN03164 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03164 1 - A potential security vulnerability has been identified with HP IceWall SSO Dfw , SSO Certd, and MCRP running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 980ee97b143b372b5a1ff3b939f0feafd7414703cdce1d204f657684003c2051
HP Security Bulletin HPSBST03154 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 1 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f9534957739ab8f3e7e9de8f9c4bf5789882431d3a5cde51340596d597abe334
HP Security Bulletin HPSBST03181 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03181 1 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | cbb07b428d53f1c1557655cd70c5d064f9bc9d949a6557331a6e0111d76d716b
HP Security Bulletin HPSBHF03124 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03124 2 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | c8f6d879ddf7cc323158feb1bb78035393d71910932a07f1d6aa7f0deabbcef6
HP Security Bulletin HPSBMU03165 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03165 1 - A potential security vulnerability has been identified with HP Propel. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
SHA-256 | 993d69d889cb57ea4e97b5967566ea9fa56baaa30d0ca057ac83149e29c4add3
Red Hat Security Advisory 2014-1846-01
Posted Nov 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1846-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS, could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-8564
SHA-256 | d7b6ca9e01cfaf62474c6861a3613f29e538664ff430547cb7f087092a159e7b
HP Security Bulletin HPSBMU03184 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03184 1 - A potential security vulnerability has been identified with HP SiteScope running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | f5d4009faa0f2b4a38c2f39e1e8ea7a141f3a0e67dc5a7429bdc067345229661
HP Security Bulletin HPSBMU03190 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03190 1 - A potential security vulnerability has been identified with HP Helion Cloud Development Platform Community Edition and HP Helion Cloud Development Platform Commercial Edition. The vulnerability could be exploited remotely to allow Unauthenticated access. Note: On October 28, 2014, HP identified a critical security vulnerability in the v1.0 release of the HP Helion Development Platform. The vulnerability is in our Application Lifecycle Service (ALS) and requires immediate attention. Vulnerability background: During the development process, valid user and host security keys were unintentionally left on the ALS Seed Node image. These keys are thus universal on all virtual machines created using the ALS Seed Node image. If an attacker has a virtual machine (VM) created from the ALS seed node image, they could potentially use that VM to connect (without giving a password) to any other VM in any ALS cluster (including ones the attacker does not own) if the attacker obtains a valid cluster VM IP address and the cluster was created with an ALS seed node image containing the vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-7878
SHA-256 | 38dde2ca0ee61192adb6609d5eba20d0a98df126cf600057924d3e3c114e5f51
PayPal Arbitrary Code Execution
Posted Nov 12, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal suffered from an arbitrary code execution vulnerability. A filter bypass and persistent bug was also discovered during the testing of the same vulnerable parameter location.

tags | exploit, arbitrary, code execution
SHA-256 | fed3658f23386986e4d659208a3fb49d27afdec96066ad71c77c587d4346e94b
Microsoft Office 2007 / 2010 OLE Arbitrary Command Execution
Posted Nov 12, 2014
Authored by Abhishek Lyall

Microsoft Office 2007 and 2010 OLE arbitrary command execution exploit. This exploit will not give a UAC warning. No .inf file is required in this exploit. The size of the executable payload should be less than 400kb. Python 2.7 is required.

tags | exploit, arbitrary
advisories | CVE-2014-6352
SHA-256 | 67ef05e93ca36b2752d2f86818c0b19ab0cdbed8a586badc23f5f694ed829e86
Piwigo 2.6.0 SQL Injection
Posted Nov 12, 2014
Authored by Manuel Garcia Cardenas

Piwigo versions 2.6.0 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8e34aa5cc38234e00ec76daa8cd462763d9355b1d33754d7f3b38738477d41ec
PHPMemcachedAdmin 1.2.2 Cross Site Scripting
Posted Nov 12, 2014

PHPMemcachedAdmin versions 1.2.2 and below suffer from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-8732
SHA-256 | 9f91c5c2b7e9ffc8b6dd9013cb665d44484399ca18e398533dfb21443be8115f
Eleanor CMS Open Redirect
Posted Nov 12, 2014
Authored by Renzi

Eleanor CMS suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 84411384c7aa25e58ed05f7ed500b0c0f671a12c0994b2a76e3965c107e7b735
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close