exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-11-26

Pandora FMS SQL Injection / Remote Code Execution
Posted Nov 26, 2014
Authored by Jason Kratzer, Lincoln | Site metasploit.com

This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the "Auto Login" password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.

tags | exploit, remote, code execution, sql injection
SHA-256 | fc913d99854d2c8194e4f3b46434494278885d559958fa670ed923151a77b005
xEpan 1.0.1 Cross Site Request Forgery
Posted Nov 26, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

xEpan version 1.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-8429
SHA-256 | 93905a94b8881af358eda8b862d28a7d5a7bdbd6d87c6e77054c3f04728082bf
Android WAPPushManager SQL Injection
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager.

tags | exploit, remote, sql injection
advisories | CVE-2014-8507
SHA-256 | 18706be9be8033c24e8c2f06033de0b992c7dd3941e112ef9d8ce5cecd8fdef9
Android SMS Resend
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone.

tags | exploit
advisories | CVE-2014-8610
SHA-256 | 9954c7e735f97d8deaa62bdd4dd7a93cbbb3e11d2057e1ba006ba091a07683fc
Android Settings Pendingintent Leak
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

tags | exploit
advisories | CVE-2014-8609
SHA-256 | cfc2aeebb8ce7b28e800f8cd2c1a2ef4f012afd9da67892dea7842b3fef42e7c
Device42 Embedded Credentials
Posted Nov 26, 2014
Authored by Brandon Perry

Device42 DCIM Appliance Manager versions 5.10 and 6.0 have hardcoded credentials and also suffer from remote command injection vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 47d0bb4ee432dc13a705f89a07909d8cdbdeeb3f951e98bf1888d524fb84ce61
Device42 Traceroute Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute.

tags | exploit, remote
SHA-256 | e2f6512a30f338fd030b36604071a79b13a88b9fdf4c8034dc527a27aa2ff592
Device42 Ping Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping.

tags | exploit, remote
SHA-256 | 09e949ee2c12810265edcb0ba195795b730ea412d995e215b44e58c84ea6d497
Red Hat Security Advisory 2014-1906-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1906-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. In a previous update, OpenShift Enterprise 2.2 introduced the oo-gear-firewall command, which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3602, CVE-2014-3674
SHA-256 | 0dab918722c6ec216cdaf16e5440d534c679006cc8fc02bb2ddd7d4dbe5f3701
Red Hat Security Advisory 2014-1905-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1905-01 - In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 1.2 to the latest version of Red Hat OpenShift Enterprise. To upgrade to Red Hat OpenShift Enterprise, see Chapter "Upgrading from Previous Versions" in the Deployment Guide document linked to in the References section.

tags | advisory
systems | linux, redhat
SHA-256 | 34471336d64a9c5139a369fddb38e1039d2d0806937c94e3166737f33fa1d6e1
Ubuntu Security Notice USN-2422-1
Posted Nov 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2422-1 - Sebastian Krahmer discovered that the Squid pinger incorrectly handled certain malformed ICMP packets. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-7141, CVE-2014-7142
SHA-256 | 5fdc5acc1edf7df5cda92a56d8dbdf15b46e052c4cb9d59558795e6dd31d2f64
Red Hat Security Advisory 2014-1904-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1904-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.0 release serves as a replacement for JBoss Operations Network 3.2.3, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2035, CVE-2014-0059, CVE-2014-3481, CVE-2014-3490, CVE-2014-3577
SHA-256 | 08286d712bd0348c6cd4b0a13b9ab8c187c2b56282df28b0c856697c4f5c3ab8
Mandriva Linux Security Advisory 2014-228
Posted Nov 26, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-228 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin including cross site scripting, local file inclusion, and more. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, local, vulnerability, xss, file inclusion
systems | linux, mandriva
advisories | CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961
SHA-256 | 4ad8db5a3462d8d6458e9ea5a122cd9a183f280fd342ec596d4e7ad7343d37af
Debian Security Advisory 3076-1
Posted Nov 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3076-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714
SHA-256 | b5a22abfd28b464fa89973934fb7502afe6c213084a9450d8b4d6fabc7e997a1
HP Security Bulletin HPSBUX03166 SSRT101489 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03166 SSRT101489 1 - A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions. Revision 1 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2014-7879
SHA-256 | 2ee57559ffe1105bf1578d18543641ed83da279858e40c971fde79a81b4a755b
HP Security Bulletin HPSBGN03203 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03203 1 - A potential security vulnerability has been identified with HP CMS: UCMDB Browser running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 8281554f5b51f6acd0e47dfe32db3e2d7d3f99d482865c62907f01596d09e599
HP Security Bulletin HPSBGN03201 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03201 1 - A potential security vulnerability has been identified with HP Asset Manager running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 8d3005a1b0c642ff69a47c82927bf40817a1e1a51024896e3b5e09498f2f302f
HP Security Bulletin HPSBST03148 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03148 1 - A potential security vulnerability has been identified with certain HP StoreOnce Gen 2 Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Gen 2 Backup software prior to 2.3.02 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Gen 2 Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 004f0402a1b18363987419f90e5d1da127d2865f9f82eb63474f13b373a541c3
HP Security Bulletin HPSBMU03214 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03214 1 - A potential security vulnerability has been identified with HP Systinet running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 5ee6de586eb2db1855ec3f8ac1c16341e1ee99491b3bc38b16ec20d914ac3e61
CCH Wolters Kluwer PFX Engagement 7.1 Privilege Escalation
Posted Nov 26, 2014
Authored by singularitysec

CCH Wolters Kluwer PFX Engagement versions 7.1 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2014-9113
SHA-256 | 36550649271a777da5e3bdb31f777a4a5c0c5f089e34ab04078ef57d4129ecbe
MyBB 1.8.2 unset_globals() Bypass / Remote Code Execution
Posted Nov 26, 2014
Authored by Taoguang Chen

MyBB versions 1.8.2 and below suffer from an unset_globals() function bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
SHA-256 | a691b9b40b1b09c878c6dabf004797b5a74ac29c49123dfae6aadb61bdba3161
phpBB 3.1.1 deregister_globals() Bypass
Posted Nov 26, 2014
Authored by Taoguang Chen

phpBB versions 3.1.1 and below suffer from a deregister_globals() bypass vulnerability.

tags | exploit, bypass
SHA-256 | 05feb1c2143bc563aea79f035ee6a9f2a25fd7538e2a1eaf959167cbc2e80130
Slider Revolution/Showbiz Pro Shell Upload
Posted Nov 26, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Slider Revolution versions 3.0.95 and below and Showbiz Pro versions 1.7.1 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ca657f1a9a31a06a387229bf959af2f2630ece3badc1c268a0ca6e9c67272e71
WordPress Sexy Squeeze Pages Cross Site Scripting
Posted Nov 26, 2014
Authored by KnocKout

WordPress Sexy Squeeze Pages plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8793ad38d9dfbe4490552ccd9b80858ec761b30f9e6cba3c99073dba85c6703d
Apadana CMS SQL Injection
Posted Nov 26, 2014
Authored by SeRaVo.BlackHat

Apadana CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 122e5a72a6b60aa528956dc8cfaaad8b4971a382ce424a8ef9fd8aabae24348d
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close