what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-02-28

couponPHP CMS 1.0 Cross Site Scripting / SQL Injection
Posted Feb 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

couponPHP CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 3424adcf3750526c3ad5db516a473a6917df3b4be803f24e12ea579a6c567178
Plex Media Server 0.9.9.2.374-aa23a69 Bypass / File Disclosure
Posted Feb 28, 2014
Authored by S. Viehbock | Site sec-consult.com

Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
SHA-256 | 5056a9a5be5beee1b56ca5f4a45fd08b7e9f849a4edabf46ffd88ef7a0b91dcc
VCDGEAR 3.50 Stack Buffer Overflow
Posted Feb 28, 2014
Authored by Juan Sacco

VCDGEAR version 3.50 suffers from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | cb961af2bca01d29fd25f5557c887ef11ef4b84f120be86f6e88cd1dacfae565
Microsoft Office 365 Outlook Filter Bypass
Posted Feb 28, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Office 365 Outlook suffers from filter bypass and script insertion vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 62b66dd6d9ff9e97f54097141a7c5a0963019f71b236a0ddbf8a9f91660e8884
OrangeHRM 3.1.1 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

OrangeHRM version 3.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3b65169d1d14ac1150889cf5e9994426d9e97b2dd4c7b3c770c4c4ba5cb3fced
SpagoBI 4.0 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Catalano

SpagoBI version 4.0 suffers from an administrative privilege escalation vulnerability.

tags | exploit
advisories | CVE-2013-6231
SHA-256 | 08879394f05ec3888c94bd4b06561081d45aa1549a6e63d70b7be33bbcfe4f7f
webERP 4.11.3 SQL Injection
Posted Feb 28, 2014
Authored by HauntIT

webERP version 4.11.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 091426128f12768577b963c2f22904bdfc2ad9fae57c064028ed00bf91950df8
doorGets 6.0 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

doorGets version 6.0 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 7ea8c4da27977ad4397ff6d51fe3f33b00a1b62766c3b49f7a2c6aaa2c4ddb2f
MICROSENS PLMISWM 10.3.1 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Kudera, Stefan Riegler | Site sec-consult.com

MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability.

tags | exploit, web
SHA-256 | a0ae9096d79c1c275cffec3bdc2deea7b44431121dc864efe994e588286bebca
Gentoo Linux Security Advisory 201402-28
Posted Feb 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-28 - Multiple vulnerabilities have been found in Chrony, possibly allowing remote attackers to cause a Denial of Service condition. Versions less than or equal to 1.29 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4502, CVE-2012-4503
SHA-256 | 5d98920322f2cd6acd286a09a0da73788b7db26c736c9c6a740130fbf7439d11
Slackware Security Advisory - subversion Updates
Posted Feb 28, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4505, CVE-2013-4558, CVE-2014-0032
SHA-256 | 76da3c1a614f58e823da66af1606ec1b461fc3a9dc9f72254429e3ca36b1946c
Gentoo Linux Security Advisory 201402-29
Posted Feb 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-29 - Multiple integer overflow vulnerabilities have been found in ArgyllCMS which could allow attackers to execute arbitrary code. Versions less than 1.4.0-r1 are affected.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4405
SHA-256 | 37a8916db618424d7c7343c9421fc0602f1ab10167ee28779fca4bc44477e95f
Against Mass Scanner / SSH Brute Forcer 0.2
Posted Feb 28, 2014
Authored by pigtail23 | Site nullsecurity.net

Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.

Changes: Honeypot detection, optimizations, detection for key authentication, and much more.
tags | tool, scanner, tcp
systems | unix
SHA-256 | fd9c68208eed197810ecece23834cb9f6f9328b3f3a2a4ad9db3712bd606b535
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
Posted Feb 28, 2014
Authored by juan vazquez, Z0mb1E, amisto0x07 | Site metasploit.com

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This Metasploit module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This Metasploit module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.

tags | exploit, remote, arbitrary
advisories | CVE-2014-0750
SHA-256 | b26303cb1fa471041439c64a8b439bb47d11b4fd3e3adb2f2cd74c8afe861e4f
Total Video Player 1.3.1 Buffer Overflow
Posted Feb 28, 2014
Authored by Mike Czumak | Site metasploit.com

This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player\". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8.

tags | exploit, overflow
systems | windows
SHA-256 | 1f04d25c90604cfb3feef7e42ed26fa00fa4daa52f342fd876bac3be2f18a6be
YAPET 1.0
Posted Feb 28, 2014
Authored by Rafael Ostertag | Site guengel.ch

YAPET is a small text based password manager. It features the Blowfish encryption algorithm and runs on most modern Unixes.

Changes: This release adds a new user interface with the ability to customize colors and adds a utility to export YAPET files to CSV files.
tags | tool
systems | unix
SHA-256 | b419ceb29fbc18f1d048280630214716086542f290df5b62e0d30f7084582772
Red Hat Security Advisory 2014-0226-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0226-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired on February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. The retirement process for Red Hat Enterprise Linux 4 ELS will complete on February 28, 2015. On that date, the Red Hat Enterprise Linux 4 ELS channels will be moved to the "Retired" channels area on the Customer Portal, and customers will be unsubscribed from the Red Hat Enterprise Linux 4 Extended Life Cycle Support channels.

tags | advisory
systems | linux, redhat
SHA-256 | 29602ec14404d2f26557c80ec595b91f961c437b2d13656ed8299541b94bb481
Ubuntu Security Notice USN-2124-1
Posted Feb 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2124-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-0411, CVE-2014-0428, CVE-2014-0423, CVE-2013-5878, CVE-2013-5884, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428
SHA-256 | a4cd62f58ae7a9de6a18fa4955689ed1b2fc4683d65de5ec792cc3ad927c1f0d
Red Hat Security Advisory 2014-0224-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0224-01 - The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new feature which offers seamless integrated access to Red Hat Access services from the Red Hat Enterprise Virtualization Administration Portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. Detailed information about this plug-in can be found in the Red Hat Customer Portal at https://access.redhat.com/site/articles/425603 The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | f8556682c66be6a9118eadc60de95e718fab72514a5be24053f9dd706410253d
Red Hat Security Advisory 2014-0223-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0223-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244
SHA-256 | 75cdc7caf157b13a85454f0d9bfaca0783cd730c536f634625254045fb9a741e
Red Hat Security Advisory 2014-0222-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0222-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244
SHA-256 | fdc3e7dab83c94896553be4b8e66657321b93fd53e9799046b33f5e2aeb3cc59
Red Hat Security Advisory 2014-0221-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0221-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
SHA-256 | c6ab31b1c26fbb1903badb011f677993cc7b516eaff5de8ef1716a378c7de837
Red Hat Security Advisory 2014-0225-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0225-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after March 31, 2014. In addition, technical support through Red Hat's Global Support Services for this product will no longer be provided after this date. Note: This notification applies only to those customers with subscriptions for Advanced Mission Critical Support channels for Red Hat Enterprise Linux 5.3.

tags | advisory
systems | linux, redhat
SHA-256 | f3d59579992f9f4eb4f2baa8ba1c236494792029f90b8610c2c6266007c9d2bb
EPESI CRM 1.5.5 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

EPESI CRM version 1.5.5-20140113 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 026a893c034a92535a4cf7780fda14637b3835abe0f7893b8871eef16238e6eb
GDL 4.2 XSS / SQL Injection / Traversal
Posted Feb 28, 2014
Authored by ByEge

GDL version 4.2 suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion
SHA-256 | a2af5485e545cabecf2e75ea83fde5bf5e181a48d18e8692ad4bd7969b5431ed
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close