what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-13

DNS Reverse Lookup Shellshock
Posted Oct 13, 2014
Authored by Dirk-Willem van Gulik, Stephane Chazelas

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.

tags | exploit, bash
advisories | CVE-2014-3671, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f270585f9a138adfc590970e5d69e843b483a83fdff3980b13aa5bef341cd964
Red Hat Security Advisory 2014-1400-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1400-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2014-3529, CVE-2014-3574
SHA-256 | 570a8e88f09f85d5c2b07bc86892ad903781336bb1519b3caaf9089c173e2f25
Red Hat Security Advisory 2014-1399-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1399-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2014-3529, CVE-2014-3574
SHA-256 | 434765fe9a38cbaebd2a1c1cf50e79ca9b89f4f1faa7db114c4b1b5ada39d920
Red Hat Security Advisory 2014-1398-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1398-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2014-3529, CVE-2014-3574
SHA-256 | 6531d2e141841a7297ff161e499539a53f2e4cf21e81afcf45e8d5b64f4fddab
Red Hat Security Advisory 2014-1397-01
Posted Oct 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1397-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.

tags | advisory, remote, arbitrary, local, tcp
systems | linux, redhat
advisories | CVE-2014-3634
SHA-256 | 8da86fa87dcbb8b16d01e0c4641731604315c00090936247194af617d03edc73
CMS Subkarma Cross Site Scripting / SQL Injection
Posted Oct 13, 2014
Authored by Renzi

CMS Subkarma suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ae3db095d704ae8ab010f72eafd34e3f223689c818c5427ec565a8d5302c4ab9
Pagekit 0.8.7 Cross Site Scripting / Open Redirect
Posted Oct 13, 2014
Authored by Mahendra

Pagekit version 0.8.7 suffers from cross site scripting and open redirect vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8069, CVE-2014-8070
SHA-256 | dea6395b2328656b12031779081d98af29550efdc1e5118e68040c10df43a16e
Croogo 2.0.0 Arbitrary PHP Code Execution
Posted Oct 13, 2014
Authored by LiquidWorm | Site zeroscience.mk

Croogo version 2.0.0 remote arbitrary PHP code execution exploit.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | caadc51f5dda3f63ab7b6436607e718c4f12b5901a75b377b8390a3e92ffdfc7
Croogo 2.0.0 Cross Site Scripting
Posted Oct 13, 2014
Authored by LiquidWorm | Site zeroscience.mk

Croogo version 2.0.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | bd802f1c205656900ae6e8cdfe107614adc0208ea13d7090ded5686824b01ce5
Android Browser CSP Bypass
Posted Oct 13, 2014
Authored by Evan Johns

Android browser versions prior to 4.4 suffer from a content security policy bypass vulnerability.

tags | exploit, bypass
SHA-256 | c025012db431aa2729019d62795c5330dddd15111cc6d1adde46fceaaa29c232
Gentoo Linux Security Advisory 201410-02
Posted Oct 13, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201410-2 - Multiple vulnerabilities have been found in Perl Locale-Maketext module, allowing remote attackers to inject and execute arbitrary Perl code. Versions prior to 1.230.0 are affected.

tags | advisory, remote, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6329
SHA-256 | 32e6d90b5adea67193c65f6bf16d55c5ac579bb688c5b448f47a833c088fc51c
HP Security Bulletin HPSBMU02895 SSRT101253 4
Posted Oct 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 4 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 4 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
SHA-256 | 3dbff429e4c0e9c5875df024a00907c3f57b6494d3f03ce8ecf817bf597992f4
vBulletin 4.x SQL Injection
Posted Oct 13, 2014
Authored by oststrom

vBulletin version 4.x suffers from a remote SQL injection vulnerability via the xmlrpc API.

tags | exploit, remote, sql injection
advisories | CVE-2014-2022
SHA-256 | 4d654cafffbaa0e60198185148d72d94e11af44899ca3540c2c4acf99684e1dc
Paypal Community Help Forums Cross Site Scripting
Posted Oct 13, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Paypal Community Help Forums suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | af1c1b9e6972b8d9da546eafc219eed5871da067e9c6a671a1b22b93410500fe
Etiko CMS Cross Site Scripting / SQL Injection
Posted Oct 13, 2014
Authored by Renzi

Etiko CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ae5e97fd5a4460b420bab6c641274ce2d3ecae25d087f90dfdd7de13e73e9528
MVO - Maquina Vendas Online SQL Injection
Posted Oct 13, 2014
Authored by Renzi

Sites powered by MVO - Maquina Vendas suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 71979d571f47beb8f98d9620e53515ce0d4b5e447b2d5a3c6b95900b734e3bd0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close