what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2015-03-19

Chamilo LMS 1.9.10 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 19, 2015
Authored by Rehan Ahmed

Chamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 230e777d25a2151f00153422fa704dbe817526a68723d31dcf7694a7df533d68
EMC M&R (Watch4net) Insecure Credential Storage
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.

tags | exploit, remote
advisories | CVE-2015-0514
SHA-256 | b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebc
OpenSSH 6.8p1
Posted Mar 19, 2015
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is a major release, containing a number of new features as well as a large internal re-factoring.
tags | encryption
systems | linux, unix, openbsd
SHA-256 | 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e
Websense Content Gateway Error Message Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Content Gateway error messages are vulnerable to cross site scripting.

tags | exploit, xss
SHA-256 | 58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03
Publish-It PUI Buffer Overflow
Posted Mar 19, 2015
Authored by Daniel Kazimirow, Andrew Smith aka jakx | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2014-0980
SHA-256 | c09c7bc2af2fa4964302e3a4f6d647d52b5f54144194e7dc8ab94d56a1e95f73
TWiki Debugenableplugins Remote Code Execution
Posted Mar 19, 2015
Authored by h0ng10, Netanel Rubin | Site metasploit.com

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.

tags | exploit, remote, perl, code execution
advisories | CVE-2014-7236
SHA-256 | 850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5
Websense Reporting Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Reporting suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710b
Fortinet Single Sign On Stack Overflow
Posted Mar 19, 2015
Authored by Core Security Technologies, Andres Lopez Luksenberg, Enrique Nissim

Core Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.

tags | exploit
systems | windows
advisories | CVE-2015-2281
SHA-256 | 71db9f10f9b435818bd0d386e8d452b7c9164712db61efab96b1aeb19649e8bc
Websense Explorer Report Scheduler Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Explorer's report scheduler suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461
Websense Data Security Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.

tags | exploit, xss
SHA-256 | f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305
Websense Explorer Missing Access Control
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.

tags | exploit, web
SHA-256 | ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28ea
Websense Triton Source Code Disclosure
Posted Mar 19, 2015
Authored by Han Sahin

Websense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.

tags | exploit, info disclosure
SHA-256 | bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3
Websense Appliance Manager Command Injection
Posted Mar 19, 2015
Authored by Han Sahin

A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like cross site scripting, to perform a remote unauthenticated attacks to compromise the appliance.

tags | exploit, remote, arbitrary, vulnerability, xss
SHA-256 | 46837dcf6a5d28dc59eaab3be3f8b5c988bf22906dd8c40892e389c43e23257b
Websense Email Security Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.

tags | advisory, web, arbitrary, xss
SHA-256 | cb8568eb68202e34f2c399915ab08eac2ec81901bfe2ce84f46fd344875d3129
Websense Data Security DLP Incident Forensics Preview XSS
Posted Mar 19, 2015
Authored by Han Sahin

Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.

tags | advisory, web, arbitrary, xss
SHA-256 | b9766eb5d33d72228778743de93441e682ea519fe27c250aec98a6ce1f397474
Joomla ECommerce-WD 1.2.5 SQL Injection
Posted Mar 19, 2015
Authored by Brandon Perry

Joomla ECommerce-WD plugin version 1.2.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | cc4be435a403cd80f5b4f40120c961b2dbee70db21b36e683a07c11ebdb15757
Apple Security Advisory 2015-03-17-1
Posted Mar 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-17-1 - Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address multiple WebKit vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084
SHA-256 | fa7648ffb65340c5724013e78935eb5aca5810d15c8c68c6acaff6d1311a1297
Findsploit 1.1
Posted Mar 19, 2015
Authored by 1N3

Findsploit is a simple bash script to quickly and easily search both local and online exploit databases.

tags | local, bash
systems | unix
SHA-256 | 7c57fd01df278f1dd04c48e0c1d30069a39d08148c83b12388d162b35688cd5f
Red Hat Security Advisory 2015-0698-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0698-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat, windows
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2011-4516, CVE-2011-4517, CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
SHA-256 | 68a43a747ec94c539289d4690fe6d0f323e73e13ebc4e27e63b022686014f904
Red Hat Security Advisory 2015-0696-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0696-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675
SHA-256 | 8aad9aa06e8c0583d9c577fe84ecb24280a7c96637da84542f66b7720c6336bf
Gentoo Linux Security Advisory 201503-10
Posted Mar 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-10 - Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.

tags | advisory, arbitrary, vulnerability, code execution, python
systems | linux, gentoo
advisories | CVE-2013-1752, CVE-2013-7338, CVE-2014-1912, CVE-2014-2667, CVE-2014-4616, CVE-2014-7185, CVE-2014-9365
SHA-256 | a9f61c24dc4fd90eec4a4d961874d8c10caaa2a0e38947b49c08bc7818eb3b95
Debian Security Advisory 3196-1
Posted Mar 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3196-1 - Hanno Boeck discovered that file's ELF parser is susceptible to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-9653
SHA-256 | c9c913f21e5b828502dfa6cd0f892724c147655579e341b09af2c0e77c6fdf1f
Red Hat Security Advisory 2015-0700-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636
SHA-256 | bbf93d3ad2423c641ff52feaf0acea28238c5242e79a963abc3c9b57d08540ed
Red Hat Security Advisory 2015-0699-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0699-01 - PostgreSQL is an advanced object-relational database management system. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
SHA-256 | 610e1da80d02082e0b99d62885ec0fbd37a3cbda2b17ae3d6a254b281b4bec43
Ubuntu Security Notice USN-2536-1
Posted Mar 19, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2536-1 - Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | fd7e0af1e4d2c41698918683416f3032ef7b2e82e83ac617340a7c68d27299b7
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close