exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2014-10-31 to 2014-10-31

Xerox Multifunction Printers (MFP) "Patch" DLM Escalation
Posted Oct 31, 2014
Authored by Deral Heiland, Pete Bokojan Arzamendi | Site metasploit.com

This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.

tags | exploit, arbitrary, root
SHA-256 | f0660a3d09fcdb1e977b7a2ed03e9bcc85467482907cf22be2c2ec5a6986def7
Scalix Web Access 11.4.6.12377 / 12.2.0.14697 XXE Injection / XSS
Posted Oct 31, 2014
Authored by A. Kolmann, R. Giruckas | Site sec-consult.com

Scalix Web Access versions 11.4.6.12377 and 12.2.0.14697 suffer from cross site scripting and XXE injection vulnerabilities.

tags | advisory, web, vulnerability, xss, xxe
SHA-256 | 06005f4468db5341e14d28b6675844085a2d7dcf7832f80cd854ed5ae0b5f8e6
McAfee EEFF / FRP Predictable Salt
Posted Oct 31, 2014
Authored by Matthias Deeg | Site syss.de

The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).

tags | exploit
advisories | CVE-2014-8565
SHA-256 | 8261951c34c305270d9eea3e7893a1426d99695fcb894956108ffdb81005bff3
HP Security Bulletin HPSBUX03162 SSRT101767
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 6652a13d7c69ae6a2897c9474ac902a1366196ab08a094e82c693ce4abdb973b
HP Security Bulletin HPSBPI03147
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03147 - A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-7875
SHA-256 | 3253f74b9dfbfd88385a7efd4013942b78451133375742ae039538ac8dc7514b
HumHub Modules Mail 0.5.8 Cross Site Scripting
Posted Oct 31, 2014
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

HumHub Modules Mail version 0.5.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5d486d924cef38f35b58c66507a77a11c4516b8ab01de348c10b1725d2d00229
Ubuntu Security Notice USN-2396-1
Posted Oct 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2396-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647
SHA-256 | 1d4a66fe54824b3a2195cd038c40ef51592bd26fe3b58cb42617177ebcf73bf4
Debian Security Advisory 3060-1
Posted Oct 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3060-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-7207
SHA-256 | 0afeb11e0e11425c8fc0a72b1d9c7150c102cb8b37d56b7e26245c2aa0015544
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close