what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-10-28

CUPS Filter Bash Environment Variable Code Injection
Posted Oct 28, 2014
Authored by Michal Zalewski, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

tags | exploit, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 5a376a0f4e8be0b42906123abc72f100a271655c6310963fc913fc7504861155
Tuleap 7.4.99.5 Remote Command Execution
Posted Oct 28, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-7178
SHA-256 | 86da9fb1bc835abec483555c432a4f2fdad5fb95976c56ab4f5e4085ea8b5631
Tuleap 7.2 XXE Injection
Posted Oct 28, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Enalean Tuleap versions 7.2 and below suffer from an external XML entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2014-7177
SHA-256 | ab8a77cc2eda457cf59f902478e2f9d728886f29aedb8161746791a3af1fefc2
Tuleap 7.4.99.5 Blind SQL Injection
Posted Oct 28, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Enalean Tuleap versions 7.4.99.5 and below suffer from a remote, authenticated blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-7176
SHA-256 | 17e714a5c82970fcf9eb3939bc1da2a02d460e307f429a094407a26d9a63ff06
ESET 7.0 Kernel Memory Leak
Posted Oct 28, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.

tags | advisory, kernel, memory leak
advisories | CVE-2014-4974
SHA-256 | 8b5888960f4d9b82098187fccdeffd23d87b222ac084d8ed2407392d581bf827
HP Security Bulletin HPSBST03160
Posted Oct 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03160 - A potential security vulnerability has been identified with HP XP Command View Advanced Edition running Apache Struts. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0114
SHA-256 | 7347708214d9e40bfa1feac22c945e22da23247a26c666e8ec2f25128975846d
Mandriva Linux Security Advisory 2014-210
Posted Oct 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-210 - Multiple vulnerabilities have been discovered and corrected in mariadb.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-6464, CVE-2014-6469, CVE-2014-6507, CVE-2014-6555, CVE-2014-6559
SHA-256 | f7370d99fd7f151bcd3f21c1d12c24ec5d83ca6e04df9913e5031ea6bf1ea4df
Ubuntu Security Notice USN-2390-1
Posted Oct 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2390-1 - Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain malformed MXit emoticons. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698
SHA-256 | 9de2fd893b05d9381e103c2fc1c9fa71c92e128c9e9885eff70ac44ee7e4e2b2
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow
Posted Oct 28, 2014
Authored by ZoRLu

Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30 suffers from a buffer overflow vulnerability when handling .wax files.

tags | exploit, overflow
SHA-256 | 302e7e5408a62bb0b8fa71f8365379786080916a1802f9c4f860e232d900c7e6
ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation
Posted Oct 28, 2014
Authored by Osanda Malith

ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-8494
SHA-256 | 2ac6441238ee7b081bebbe85cb5cc78a62c50c26bd6433f839deaadbcc8214cd
DINWC2015 Call For Papers
Posted Oct 28, 2014

The Third International Conference on Digital Information, Networking, and Wireless Communications (DINWC2015) Call For Papers has been announced. It will be held in Moscow, Russia February 3rd through the 5th, 2015.

tags | paper, conference
SHA-256 | bf13707a2f9a9b4d2235e37a602c9334c401769c52d73a3476e0ea6cd46af777
HP Security Bulletin HPSBHF03156
Posted Oct 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03156 - A potential security vulnerability has been identified with the HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2014-3566
SHA-256 | 6e6c399de1b833236d40e0bbbc145b48364b6110b2c080f1fb91d4b0b75f0cbf
DAVOSET 1.2.1
Posted Oct 28, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added support of attacks via WordPress, based on XML support since v.1.1.2 (released at 31.07.2013).
tags | tool, denial of service
SHA-256 | b7b224803dde427b20c84fadc4d4ad53f93b348afa988194ca473e0809af0c57
Windows TrackPopupMenu Win32k NULL Pointer Dereference
Posted Oct 28, 2014
Authored by Spencer McIntyre, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-4113
SHA-256 | 41b7d988b197d4b07886ef236a76dda4482ef1d09d5d87eb2dbc440af8850897
CBN CH6640E/CG6640E Wireless Gateway XSS / CSRF / DoS / Disclosure
Posted Oct 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
SHA-256 | 2abfa7dcae36453b2de188ce94ee87d4e58078ce17f31bccfdccebada77aaca9
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close