what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2015-01-07

Microweber CMS 0.95 SQL Injection
Posted Jan 7, 2015
Authored by Pham Kien Cuong

Microweber CMS version 0.95 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-9464
SHA-256 | a7fe9a012827e72ae85ac9723b0edd2d620dff190c228ec5e20b8a3d69c327e6
Zurmo CRM 2.8.5 Cross Site Scripting
Posted Jan 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Zurmo CRM version 2.8.5 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e8ad5e444260d1a470d810f235c031ebb743e78b01cfff15a78d14dcdbfa4353
Brother MFC-J4410DW Cross Site Scripting
Posted Jan 7, 2015
Authored by Dave Daly

The printer administration web application on Brother MFC-J4410DW model printers with firmware versions older than version L (released 18th December 2014) are susceptible to a reflected cross site scripting (XSS) vulnerability due to inadequately sanitised user input.

tags | exploit, web, xss
SHA-256 | b643bce6fe04adcf8ac56469f1306e0693883a9abf47de33b0c99c9b7caa87a0
BSidesLjubljana 2015 Call For Papers
Posted Jan 7, 2015
Site bsidesljubljana.si

The first Security B-Sides Ljubljana will be held March 12th in Ljubljana, Slovenia.

tags | paper, conference
SHA-256 | aec3c5115b9550ec7f4c6b36a1a1581b5e843d8e9132a3583f54cfdf422a12db
Ubuntu Security Notice USN-2455-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2455-1 - It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the "expandaddr" configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a "--" separator before the address to properly handle those that begin with "-". Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell
systems | linux, bsd, ubuntu
advisories | CVE-2014-7844
SHA-256 | f5350ed84b2d35ccb571b03e756d99bfc727e95b63b04252b351e7a632505545
Ubuntu Security Notice USN-2454-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2454-1 - It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9449
SHA-256 | e1cee62b6474f0fc80b6c6491b9dfdaa43efe5b7bbb2a49ea295b811b9ef9494
Ubuntu Security Notice USN-2453-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2453-1 - Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2014-7209
SHA-256 | 519a4169b63e7dd1fac5f92c80d83d0c4d3a4892ca2ea98747109a50df6492e9
Ubuntu Security Notice USN-2452-1
Posted Jan 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2452-1 - It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-1569
SHA-256 | 4a188e5586b1601d16f2403dd19db5371bbd99e010db7e131164f00ecae65f7e
Red Hat Security Advisory 2015-0016-01
Posted Jan 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0016-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.

tags | advisory, arbitrary
systems | linux, redhat, osx
advisories | CVE-2014-6040, CVE-2014-7817
SHA-256 | 90cd9b71e30ab8c30bd38d9fa4f597107a84bbed6e771bcc76f44a2ec20281ff
Pandora 3.1 Auth Bypass / Arbitrary File Upload
Posted Jan 7, 2015
Authored by Juan Galiana Lara | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.

tags | exploit, arbitrary, bypass
advisories | CVE-2010-4279, OSVDB-69549
SHA-256 | a4ce59d4dd94c27dbf57cc0669eb39781c82929e9cbc36e77d98b4f23bc377e0
HP Security Bulletin HPSBMU03118 3
Posted Jan 7, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03118 3 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 3 of this advisory.

tags | advisory, remote, vulnerability, xss
systems | linux, windows
advisories | CVE-2014-2643, CVE-2014-2644, CVE-2014-2645
SHA-256 | ed5b474d6192ffdd754964397c95808950f1c4b8f15881d0e952eb44d45938e5
Debian Security Advisory 3120-1
Posted Jan 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3120-1 - Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

tags | advisory, arbitrary, php, xss, sql injection, info disclosure
systems | linux, debian
advisories | CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388
SHA-256 | 8b72c564f64e337de7047ae5659136032afcdbff013f3cec70d686cb7d778df9
Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting
Posted Jan 7, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Microsoft Dynamics CRM 2013 SP1 suffers from self-inflicted cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 41e6f08ded3f571f338d58545a450ed803a63a8d8b352fe3850ccd7918e8dbf6
AVM Fritz!box Auto Exploiter
Posted Jan 7, 2015
Authored by BaD-HaCKeR-MaN

This is a php script used to leverage an unauthenticated remote command execution flaw in AVM Fritz!box.

tags | exploit, remote, php
SHA-256 | da4c6b0e1c996854115f6ec61b1eefac4f8ab243e55959e974580de173e8a0a3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close