what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-09

Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
Posted May 9, 2014
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an insecure usage of memcpy, using attacker controlled data as the size count. This Metasploit module has been tested successfully in Yokogawa CS3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-0782
SHA-256 | 7408ef475efc86bd8fe8b92c5ff8db48dbdc910b25fd6be4ef64b1c3255fc826
HP Security Bulletin HPSBHF02946
Posted May 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02946 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-5987
SHA-256 | 76bab84d2645fd43343e0d74bd3f521197d9410ad6afd9576db25edbcec97866
HP Security Bulletin HPSBST03038
Posted May 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03038 - A potential security vulnerability has been identified with certain HP H-series Fibre Channel Switches. This vulnerability could be exploited remotely to disclose information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-2603
SHA-256 | 6837f903e2939f812c5e4f9a4f409781d0894c5cd5657d514f20fa34cba7582c
Drupal Flag 7.x-3.5 Command Execution
Posted May 9, 2014
Authored by Ubani Anthony Balogun

Drupal Flag version 7.x-3.5 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 77d2733663b72ddf1a970877c43463caf16d6a0a9fb55bede84b804ac0cefc7e
Hyperion Runtime Encrypter 1.1
Posted May 9, 2014
Authored by belial | Site nullsecurity.net

Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".

Changes: Code base has been cleaned up to decrease size and increase maintainability. Furthermore, a new command line allows enabling/disabling of logging and verbose informations. Key space can be reduced too which speeds up the bruteforcing process for larger input files. Next stop will be AV evasion to reduce detection rate.
tags | tool, encryption
SHA-256 | fa0f0dd00142c7e8afb79cd7f2585a81d1ad07048a94db78fb3f1d9234ea8c36
Jasper Server 5.5 Session Fixation
Posted May 9, 2014
Authored by Felipe Andrian Peixoto

Jasper Server versions 5.5 and below suffer from a session fixation vulnerability.

tags | exploit
SHA-256 | 5a8cd75ea1fc559c5e606aa75dc868afa95e2e08f85eb9edc66906672210da21
HP Security Bulletin HPSBMU03035 1
Posted May 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03035 1 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be exploited remotely to allow cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | linux, windows, solaris, hpux
advisories | CVE-2013-6220
SHA-256 | 000aa3e36c18f6abeef7431ade00b117ae506f0f7688fd086dce0b58a27e0fcc
OnApp ECDSA Duplicate Host Keys
Posted May 9, 2014
Authored by James Renken

The OnApp IaaS platform fails to remove and regenerate ECDSA host keys upon deployment.

tags | advisory
SHA-256 | fc8d4a81ebc0b76d674cc85691e4034840c20e9d216865f149f268eb4e4b2377
Jet Audio 8.1.1 Memory Corruption
Posted May 9, 2014
Authored by Aryan Bayaninejad

Jet Audio version 8.1.1 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3443
SHA-256 | c52be51e49cdfa83e81d6f3b90d8fcbdff938b336d4d464fa62001436fec946a
VLC Player 2.1.3 Memory Corruption
Posted May 9, 2014
Authored by Aryan Bayaninejad

VLC Player version 2.1.3 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3441
SHA-256 | 6792834d831a80e4ebb4ad64787a7b8546a2c954b030f0c8f1392124d68c13a5
HP Security Bulletin HPSBGN03008 2
Posted May 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03008 2 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. Revision 2 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | cb79766cc7d68b78f8c6d2610dd53ed58815893184b2f16d2494866ec3bcd023
Clam AntiVirus Toolkit 0.98.3
Posted May 9, 2014
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Windows-specific issues were fixed.
tags | tool, virus
systems | unix
SHA-256 | 2792a9e8706a516d2e81339846fc38f94fa8dd3f604b2fde9d0b07593727f62b
Secure Internet Live Conferencing Toolkit 1.1.11
Posted May 9, 2014
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.

Changes: This version adds a new default private message protection method by executing SILC Key Exchange protocol over the SILC network, client-to-client, to provide end-to-end protection for private messages. This version adds also other API improvements in SILC Client Library, SILC Core Library, and SILC Key Exchange Library. It fixes numerous bugs found using static analysis tools.
tags | tool, protocol
systems | unix
SHA-256 | 34a6f1b786f5c4d4138ffc5b2596e6709531e8ce8dc1cd1764362a8329ec53dc
Adobe Flash Player Shader Buffer Overflow
Posted May 9, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over Windows XP SP3, Windows 7 SP1 and Windows 8.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-0515
SHA-256 | 6a8fa454ee9283f46ce5d01131f9d761fbf953a93ad1c6ec6a6883225ddafa72
Foscam Dynamic DNS Predictable Credentials
Posted May 9, 2014
Authored by shekyan, Artem Harutyunyan

Foscam IP cameras suffer from a dynamic DNS predictable credential vulnerability. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2014-1849
SHA-256 | 5baac5bc37afd3fd3aab2f95d719db3bbdda8721c33fcfdd634fce91a8ca44d0
WHQL-signed Synaptics Touchpad Driver Rogue Program Execution
Posted May 9, 2014
Authored by Stefan Kanthak

The WHQL-signed Synaptics touchpad driver delivered via Windows Update executes a rogue program C:\Program.exe with system privileges after its installation.

tags | advisory
systems | windows
SHA-256 | 404715addcfed1bb09a24b3d012bd09aa7ac32c25420053cfa249818f2df19aa
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close