what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-03-20

Citrix NITRO SDK Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.

tags | exploit
SHA-256 | 8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9e
Citrix NetScaler VPX Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.

tags | exploit, xss
SHA-256 | d441a8929d46f3b81888279baadee2699e3507b40eda951a86945b935b33baac
OpenSSL Toolkit 1.0.2a
Posted Mar 20, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: 12 security vulnerabilities have been addressed.
tags | tool, encryption, protocol
systems | unix
SHA-256 | 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a
OpenSSL Security Advisory - 12 Security Fixes
Posted Mar 20, 2015
Site openssl.org

OpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
SHA-256 | fe15284bf2437645874b4048dc14c9e7a9cd6a3b5c6727c6e4f87bb62169bbb1
FreeBSD Security Advisory - OpenSSL Issues
Posted Mar 20, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

tags | advisory
systems | freebsd
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
SHA-256 | ad332f5b21771f4ca8ae82975b05a6c29ed9c3ba50715706826a895c84803d94
Citrix NITRO SDK xen_hotfix Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.

tags | exploit, xss
SHA-256 | 33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56
Airties Air5650TT Modem Cross Site Scripting
Posted Mar 20, 2015
Authored by KnocKout

Airties Air5650TT Modem suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ab7c0ffdb194773ff18441ad3a3019c3de12206e027fdcf0f1d2ad8536e5cada
Citrix Command Center Configuration Disclosure
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

tags | exploit, web
SHA-256 | 85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9
Security BSides Las Vegas 2015 Call For Papers
Posted Mar 20, 2015
Authored by BSides LV

BSides Las Vegas 2015 has announced its Call For Papers. It will take place August 4th and 5th, 2015, in Las Vegas, Nevada.

tags | paper, conference
SHA-256 | 4bd75f070f336b13693bcebbacfb3817bc6c59eb58e525c248c52d8e96c3e000
EMC Secure Remote Services Virtual Edition SQL Injection
Posted Mar 20, 2015
Authored by Han Sahin

An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2015-0524
SHA-256 | bb6357690b58aa6a4b191b7aa985885a9140da18129605a49ab28a5d5f94739f
EMC Secure Remote Services Virtual Edition Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.

tags | exploit, remote, arbitrary
advisories | CVE-2015-0525
SHA-256 | 25bdb20a5f5b3d42c931790e6cd29e66b72b1f64447adff01728369675f2c580
EMC M&R (Watch4net) Device Discovery Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
SHA-256 | 25a0b7a9df5cc011236dd7a3b788dfc90ab7e490e99ee01ab27b7e427abbf1f4
EMC M&R (Watch4net) MIB Browser Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
SHA-256 | 7668d0639a82fb6e91ad48888c3d7bd515ca0ed072a654718c3c05f3099551fc
EMC M&R (Watch4net) Alerting Frontend XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
SHA-256 | 0b2a8f256d6e1bbff59fe9299dff71fea85a0647f548112aeca2df8c229f8efc
EMC M&R (Watch4net) Centralized Management Console XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
SHA-256 | e753a3139ef1cd1757ba424112936d43b543c6cc2b2a4b844aa489ad404f66c3
EMC M&R (Watch4net) Web Portal Report Favorites XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.

tags | exploit, web, xss
advisories | CVE-2015-0513
SHA-256 | 141134491cadd7c74cea4c79f049a63533385f6a32812f238cead4440d47eda3
Gentoo Linux Security Advisory 201503-11
Posted Mar 20, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
SHA-256 | 33a1b6ad39a1a0e33e4f539a9bff855b2186411aa683ae4907abf7f7052665ad
Red Hat Security Advisory 2015-0708-01
Posted Mar 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0708-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
SHA-256 | f1d00065ca4e1d3daece34efc3120bbb51d9d72a0d25e3c210e36487f614a591
Ubuntu Security Notice USN-2537-1
Posted Mar 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
SHA-256 | 957fdac9249b40b0929254ee1f18d19ec578ddb14f7c37e718df02e9b9a1f1b9
Red Hat Security Advisory 2015-0707-01
Posted Mar 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0707-01 - Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
SHA-256 | 816e8eab9f1c0a34e97884847b9744b1e39a7b37045f693938be6773394ec3af
Debian Security Advisory 3197-1
Posted Mar 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3197-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292
SHA-256 | 502c16249125d36a8fc3440e578ad58b60a94b321161f560450e2beedb6e3d38
Subrion 3.3.0 Cross Site Request Forgery
Posted Mar 20, 2015
Authored by Provensec

Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.

tags | exploit, arbitrary, sql injection, csrf
SHA-256 | 13a087d5f2f67cb83cae17714e4c2ac16a5fac9e86d1e5c867d8eb4365e3950f
Citrx Command Center Advent JMX Servlet Accessible
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.

tags | exploit, xss, bypass
SHA-256 | 65939691ebbc97cc1c48cec0c147e8482d72899a48cea80d719973492c299369
Mac OS X 10.10.2 Heap Overflows
Posted Mar 20, 2015
Authored by Luca Todesco

Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.

tags | exploit, overflow, local, vulnerability
systems | linux, apple, osx
SHA-256 | 8b0545d79dddb6edb3e4b16cb96f955ce9377484475055942b60c012d1d98d58
Yoast Google Analytics Stored Cross Site Scripting
Posted Mar 20, 2015
Authored by Jouko Pynnonen | Site klikki.fi

The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close