exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-05-29

HP Security Bulletin HPSBMU03263 3
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3
HP Security Bulletin HPSBGN03332 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-3566
SHA-256 | cb810cc00faa60f39ac5e93a3c429e996fe9dc854eeaed218dbb42a7380d0270
Debian Security Advisory 3274-1
Posted May 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2015-3456
SHA-256 | e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551e
HP Security Bulletin HPSBMU03223 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567
SHA-256 | 36ba059b9acedf2bacaf76b60979c8057c5973ea903070f309a681ca4a388e4a
HP Security Bulletin HPSBMU03261 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489
HP Security Bulletin HPSBMU03267 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597d
Realtek SDK Miniigd UPnP SOAP Command Execution
Posted May 29, 2015
Authored by Michael Messner, Ricky Lawshae | Site metasploit.com

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.

tags | exploit
advisories | CVE-2014-8361
SHA-256 | a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bff
Airties login-cgi Buffer Overflow
Posted May 29, 2015
Authored by Michael Messner, Batuhan Burakcin | Site metasploit.com

This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.

tags | exploit, remote, web, overflow, cgi
SHA-256 | e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9a
D-Link Devices UPnP SOAPAction-Header Command Execution
Posted May 29, 2015
Authored by Craig Heffner, Samuel Huntley | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR

tags | exploit
SHA-256 | e20ef0dd89ff88caf92c753721ba8454b95e56f6cc1668c930745008c71c7246
Flash Timing Side-Channel Data Exfiltration
Posted May 29, 2015
Authored by Jann Horn

Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.

tags | exploit, remote, arbitrary, local
systems | linux
SHA-256 | 4020cca47ad48bad8205cc27d4fc29cfb9c596aa0ec345c05d58ff93a38af714
ESC 8832 Data Controller Session Hijacking
Posted May 29, 2015
Authored by Balazs Makany

ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.

tags | exploit
SHA-256 | ca946d1c96a67953dcdbf356af61138199a591b19f2e94b31632830e11113290
Smart PCAP Replay 1.0
Posted May 29, 2015
Authored by Srinivas Naik

This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.

tags | tool, sniffer, python
systems | unix
SHA-256 | bbc82f1d4197ab39b95472137a8ac96adbcfc361152b02976825089cc906d144
Sypex Dumper 2.0.11 Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a557a41cc14f0fa4371e88173d14cc9d2536437e1d9f3a70dba00fcae55b4b4b
JSPAdmin 1.1 SQL Injection / CSRF / Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

JSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 8c8845746909deb94bd650f31176c3002998cc354834cd3fceef8f287bc9ffb3
60+ Vulnerabilities In 22 SOHO Routers
Posted May 29, 2015
Authored by Ivan Sanz de Castro, Alvaro Folgado Rueda, Jose Antonio Rodriguez Garcia

SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
SHA-256 | b2f2c880262864949aed2787d7dbd1a1af58648ac6dc6fce4d75c119ce30c8a3
HP Security Bulletin HPSBHF03340 1
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.

tags | advisory, local
systems | linux
advisories | CVE-2015-2124
SHA-256 | 355c585f8c958b94f6362d293f801561c9df1b4c0315d1c836d83e169585da08
Invision Power Board 3.4.7 SQL Injection
Posted May 29, 2015
Authored by ZeroDay

Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ccc8d7042208971ccc1a5b517c5d3acce70ae9a88bb02dfb50ca9bb3a7a31ca2
Vevocart 6.1.0 Open Redirect
Posted May 29, 2015
Authored by Provensec

Vevocart version 6.1.0 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | d7f23912aab51e824ef12b4488419191ca88592fdd7e16d5a9c8952118503303
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close