exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-23

Ubuntu usb-creator 0.2.x Local Privilege Escalation
Posted Apr 23, 2015
Authored by Tavis Ormandy

Ubuntu usb-creator version 0.2.x suffers from a local privilege escalation vulnerability.

tags | exploit, local
systems | linux, ubuntu
SHA-256 | 27e7534406105f4aac22b824922f5877288f2d101993ee3f2c655de195ee6dd6
Red Hat Security Advisory 2015-0884-01
Posted Apr 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0884-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-7436
SHA-256 | 7537486bde6230c7e70cace23d5c5d3bf77dce63d7ddb051bdae0a85496238ff
MIMEDefang Email Scanner 2.78
Posted Apr 23, 2015
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Fixed bug in logic that coalesces multiparts to single-parts if possible; the bug broke DKIM signing. Fix is courtesy of Peter Nagel.
tags | tool
systems | windows, unix
SHA-256 | 8c363063fa6937826f8647e47fc3e5ef999ccb90110e0cb64befdd45cda8372c
Honeywell XLWEB SCADA Path Traversal
Posted Apr 23, 2015
Authored by Martin Jartelius

Honeywell XLWEB SCADA controller suffers from a remote path traversal vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ee6a9dd2740fbab23901b5e759ec313b5cebd9ef618a61394f8d8704f2189df1
Ubuntu Security Notice USN-2577-1
Posted Apr 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2577-1 - It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1863
SHA-256 | 2279e6e2ac03ad8f13aa40eceaf5e03cab1e3b0eb08e72e03a747b70f05a2ffc
Ubuntu Security Notice USN-2576-1
Posted Apr 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2576-1 - Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | e4168614543efb3387f9b85d0e927ff750f006c5190161c6b8ba4fc4b5c04da2
Ubuntu Security Notice USN-2576-2
Posted Apr 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2576-2 - USN-2576-1 fixed a vulnerability in usb-creator. This update provides the corresponding fix for Ubuntu 15.04. Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | e8d76a6c30bc2003f499f1da7592ef43ae21b9dc020edfc72a2265a142333221
Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload
Posted Apr 23, 2015
Authored by ZoRLu

Avsarsoft Matbaa Script suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 66d3454214fa484ffc9e57110b11324f1f1dae0d839287ad32694e041cc64bed
Pligg CMS 2.0.2 Cross Site Scripting
Posted Apr 23, 2015
Authored by Vadodil Joel Varghese

Pligg CMS version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f1df25d6bd296cf443cd0a2ec4f50554b65c1ab71679ebb6e90c7982ab54faa6
ZYXEL P-660HN-T1H_IPv6 Denial Of Service
Posted Apr 23, 2015
Authored by Koorosh Ghorbani

ZYXEL P-660HN-T1H_IPv6 remote configuration editor / web service denial of service exploit.

tags | exploit, remote, web, denial of service
SHA-256 | 8813feb1830fa068aa80eccbe2bace47ee9518e75012d7355ca4cf61c035dbf0
Free MP3 CD Ripper 2.6 / 2.8 Buffer Overflow
Posted Apr 23, 2015
Authored by TUNISIAN CYBER, ThreatActor

Free MP3 CD Ripper versions 2.6 and 2.8 .wav SEH-based buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 373482138ce00dfe1ff90d3548d03d8d3b56c24f77088b12e099501be649772a
Android wpa_supplicant Heap Overflow
Posted Apr 23, 2015
Authored by Alibaba Security Team

wpa_supplicant version 2.x on Android suffers from a heap overflow that can lead to memory information leaks and remote code execution.

tags | advisory, remote, overflow, code execution
advisories | CVE-2015-1863
SHA-256 | 01ee6f07cd1dc7ed4b4d9fe43c5c2e39e7896e387437595d2ed70ee28df47ecb
Dnsmasq 2.72 Unchecked Return Value
Posted Apr 23, 2015
Authored by Nick Sampanis

Dnsmasq version 2.72 does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client's connection. This may lead, upon successful exploitation, to reading the heap memory of dnsmasq.

tags | advisory, tcp
SHA-256 | 15ce37ec8c0427813ec7b2856b386f96b7f86c6dd544e1d7626c85e4d9919940
Socrata Online Service Script Insertion
Posted Apr 23, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Socrata Online Service suffers from a script insertion vulnerability.

tags | exploit
SHA-256 | 00abdd243861d3f2dc99eff7e496437710ed8714f01a0e953dabdfe6818b6a52
Magento eCommerce SQL Injection / RFI / LFI / Command Execution
Posted Apr 23, 2015
Authored by Shahar Tal

Magento eCommerce suffers from authentication bypass, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.

tags | advisory, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | b1bb0bc0421bad1545aa417e1a52602a15ab67d91412ccd0951fcf453a82a036
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close