what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files Date: 2015-02-09

Android Futex Requeue Kernel Exploit
Posted Feb 9, 2015
Authored by timwr, geohot, Pinkie Pie | Site metasploit.com

This Metasploit module exploits a bug in futex_requeue in the linux kernel. Any android phone with a kernel built before June 2014 should be vulnerable.

tags | exploit, kernel
systems | linux
advisories | CVE-2014-3153
SHA-256 | edb509825e7088dfdc443f8f8613f34f0bee062721bb567b7808210b3962498c
WordPress WP EasyCart Unrestricted File Upload
Posted Feb 9, 2015
Authored by Kacper Szurek | Site metasploit.com

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions 3.0.8 and below authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called "demouser" with a preset password

tags | exploit, remote, web, arbitrary, php
SHA-256 | 0495c750468ab31d70256f4e711a288852e5ea85871a98e83de8ce2b6b4ee15d
Ubuntu Security Notice USN-2496-1
Posted Feb 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2496-1 - Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. Hanno Boeck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3509, CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738
SHA-256 | b6df17a5277d92fffca45fc1f904eb0996be802bd4b8791a28b757ad38007466
u5CMS 3.9.3 SQL Injection
Posted Feb 9, 2015
Authored by LiquidWorm | Site zeroscience.mk

u5CMS version 3.9.3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 9a7292bee32487e77761409357fcc5847d8f8c5465fc52983b7137498833bb77
u5CMS 3.9.3 Arbitrary File Deletion
Posted Feb 9, 2015
Authored by LiquidWorm | Site zeroscience.mk

u5CMS version 3.9.3 suffers from a remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
SHA-256 | 9da13126f17b6a7f1e71e3c840231ecbefd53d013b3fb52be45e8c9b8a084de9
Apache Tomcat Request Smuggling
Posted Feb 9, 2015
Authored by Tomcat Security Team

It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.8, 7.0.0 to 7.0.54, and 6.0.0 to 6.0.41.

tags | advisory
advisories | CVE-2014-0227
SHA-256 | 1d5c8ddaa301a84465f162621064c1f462babcfcfd8432c0855a0ca51ba0abd7
Wireless File Transfer Pro 1.0.1 CSRF
Posted Feb 9, 2015
Authored by Hadji Samir

Wireless File Transfer Pro version 1.0.1 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 14135bf3ad59a0a749b01822ac0e2d9019544be4e5a8b7b73f77b3942088efbd
Radexscript CMS 2.2.0 SQL Injection
Posted Feb 9, 2015
Authored by Pham Kien Cuong

Radexscript CMS version 2.2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1518
SHA-256 | 9d25ec63bf90be0fe55d2ed9ed9a0e230f1fd97452b45e9cfde668101a50c2c1
u5CMS 3.9.3 Open Redirect
Posted Feb 9, 2015
Authored by LiquidWorm | Site zeroscience.mk

u5CMS version 3.9.3 suffers from multiple open redirect vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 8069af54741e8b7cb793d044ac4ce440ad11b5eeceb5fc8b95f6b52dd2ecdbb2
WordPress Contact Form DB 2.8.26 Cross Site Scripting
Posted Feb 9, 2015
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Contact Form DB plugin version 2.8.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | de9229b23ead09cb3a64e00bd713490b577e5f3a5702afa826468aef0d83674b
u5CMS 3.9.3 Local File Inclusion
Posted Feb 9, 2015
Authored by LiquidWorm | Site zeroscience.mk

u5CMS version 3.9.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 41c0404a66314c45f269926de9812da9fd39f77232118fdd59db13afa949b037
WordPress Cart66 Lite 1.5.4 Cross Site Scripting
Posted Feb 9, 2015
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Cart66 Lite plugin version 1.5.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d55d456da2969e8282ba5b0b286d7eaf4ed8485ce8a79ef1261715e49dd305de
WordPress Acobot Live Chat And Contact Form 2.0 CSRF / XSS
Posted Feb 9, 2015
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Acobot Live Chat and Contact Form plugin version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | bdfc48dbd7f56bb4624b57c256326b0ae156e1a91cb1158d5afbfaee526866fd
HP Security Bulletin HPSBGN03252 1
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03252 1 - A potential security vulnerability has been identified with HP AppPulse Active running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 38b0dffb711e0c8c8f9f1aa7b945de86485ecfefe051984c12cfe06dc70da2a1
Debian Security Advisory 3157-1
Posted Feb 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3157-1 - Multiple vulnerabilities were discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
SHA-256 | ad0b1bc1dc150910ecc5028b1f499c6140172c1ab38abae8e3ea2bd478999d96
Ubuntu Security Notice USN-2497-1
Posted Feb 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2497-1 - Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. Stephen Roettger discovered that NTP incorrectly handled ACLs based on certain IPv6 addresses.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9297, CVE-2014-9298
SHA-256 | 4f2ff3a4f845a75182dbeab18b0ed522016c38a4abb92f02a822a4c46c7edd86
Debian Security Advisory 3156-1
Posted Feb 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3156-1 - A vulnerability was found in liveMedia, a set of C++ libraries for multimedia streaming. RTSP messages starting with whitespace were assumed to have a zero length, triggering an integer underflow, infinite loop, and then a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTSP messages.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2013-6933
SHA-256 | 28921c67bbc3501276da7538ffec97c4bb18b334c7df1c348643c9942bc48d91
Debian Security Advisory 3154-2
Posted Feb 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3154-2 - Marc Deslauriers reported that the patch applied to ntp for CVE-2014-9297 in DSA 3154-1 was incomplete. This update corrects that problem.

tags | advisory
systems | linux, debian
advisories | CVE-2014-9297
SHA-256 | 0434d7a7b858a60cfdf6842b9af0411841fc3184859bdd6af82c21d284eda31f
HP Security Bulletin HPSBMU03216 2
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03216 2 - Potential security vulnerabilities have been identified with HP Service Manager running SSLv3. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0224, CVE-2014-3509, CVE-2014-3511, CVE-2014-5139
SHA-256 | d6e4d8db5b70219011e3b645dfcaaf14015a67c7e5e692382493804c69e12e82
HP Security Bulletin HPSBGN03254 1
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03254 1 - A potential security vulnerability has been identified with HP Service Health Analyzer running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 1a97f1ae112e6c9382a8b377252fbc93c3cade49087ca7c2d6a3ec73587df88a
HP Security Bulletin HPSBMU03224 1
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03224 1 - A potential security vulnerability has been identified with HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows. The vulnerability in Windows running in virtual machine images provided with LoadRunner and Load Generator could be exploited remotely to allow elevation of privilege. Revision 1 of this advisory.

tags | advisory
systems | windows
advisories | CVE-2014-6324
SHA-256 | cae6306f1766d2d3db1690322f5fa46746051ce0d44363127d3f078ff15a7943
HP Security Bulletin HPSBGN03253 1
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03253 1 - A potential security vulnerability has been identified with HP Business Process Insight (BPI) running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 6d6df7b99c9e876ede2c843534de2d38344647a7b12f2919ec5fa1c818477a70
HP Security Bulletin HPSBUX03235 SSRT101750 2
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03235 SSRT101750 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2011-1910, CVE-2014-8500
SHA-256 | 924d7f74cde87a934f3d4a52b5cd0d4c0a57304074cefdab1b18c7c7536e9634
HP Security Bulletin HPSBUX03166 SSRT101489 2
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03166 SSRT101489 2 - A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions. Revision 2 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2014-7879
SHA-256 | b5eb957ddcdbd719f788cfde78bdb8a883eb5829080b05cbd99accd22dd8917d
Debian Security Advisory 2978-2
Posted Feb 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2978-2 - It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0191, CVE-2014-3660
SHA-256 | 75ca24bacda68087f871e1aa68638a3e79c95dcff8d9fdea640df8af5b8a3b46
Page 1 of 3
Back123Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close