what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-10-22

Apache Shindig 2.5.0 XXE Injection
Posted Oct 22, 2013
Authored by Kousuke Ebihara

Apache Shindig PHP version 2.5.0 suffers from an XXE injection vulnerability.

tags | exploit, php, xxe
advisories | CVE-2013-4295
SHA-256 | 779177ad830a97195b2451720ea3c03e6dc8551bf514a289092bcaf78efa0131
Red Hat Security Advisory 2013-1452-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1452-01 - Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-5745
SHA-256 | 8918c51a4d5096f3603f0ccb0d01438f72d90b8af5cba89f0c34d75790db9bfb
Red Hat Security Advisory 2013-1451-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1451-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850
SHA-256 | 2830afe752112f60de3a3605472783ff304efaec102c0abddb10db6ca1586335
Red Hat Security Advisory 2013-1449-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1449-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled, an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local, info disclosure
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-4299, CVE-2013-4345, CVE-2013-4368
SHA-256 | aace845a09644be52cb6b598679ab31730442e1c2bb5e7f17b6cee8c6a7a54ac
Red Hat Security Advisory 2013-1450-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1450-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2224, CVE-2013-2852, CVE-2013-4299
SHA-256 | bec42a1124d17a24babb445c0086c515568c978ad5ba4a0a9bda8deab480db7f
Debian Security Advisory 2784-1
Posted Oct 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2784-1 - Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-4396
SHA-256 | 82535cd588a62e5fc585f940c3816c00eb6aca566b9ff38c936e61a5a546ec92
Ubuntu Security Notice USN-1996-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1996-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147
SHA-256 | b0b5321c721ce6390aa2e111ac2673c1b2bf2223671959b7b7598ed25471d53f
Ubuntu Security Notice USN-1994-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1994-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147
SHA-256 | 4ece68db30f10fd1d7fda3af2dcb83064de8a1d751b5b15cb0acc4f7b104a5e9
Ubuntu Security Notice USN-1993-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1993-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237
SHA-256 | ddaff993b996ad7f4bb575a24a8c31c6ab3dd219c1b54202bfa65d8eecdb4cff
Ubuntu Security Notice USN-1995-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1995-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300, CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300
SHA-256 | 0e828e972162722656770066732a813580466305366a1309823de26dd0b6dd6d
Ubuntu Security Notice USN-1992-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1992-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237
SHA-256 | fee2014bd298fc59f037cb42a0648e8986000f07a2494dd7c010b2a81e15e98f
Ubuntu Security Notice USN-1999-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1999-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147
SHA-256 | 46dfbbb3131e008fbc18c11154dae6142610f2973f8a2894f93585d6defc7ba8
Ubuntu Security Notice USN-1998-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1998-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300, CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300
SHA-256 | 6fe1ea254476a5b155997999ca06779d4d5cc86acc30e3d6c9312115df1ff8e8
Ubuntu Security Notice USN-1997-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1997-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147
SHA-256 | b4163dd4a3d390dd6e4e06d33615c68368b4f3bb18f9e7317255408e917671a0
Joomla Maian15 Shell Upload
Posted Oct 22, 2013
Authored by SultanHaikal

The Joomla Maian15 component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3168f3488a6baf2ed1904d0050d120b760732da3113c601c9bb74e3fcfc7685b
D-Link DIR-605L Captcha Handling Buffer Overflow
Posted Oct 22, 2013
Authored by Craig Heffner, juan vazquez | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution on D-Link DIR-605L routers. The vulnerability exists while handling user supplied captcha information, and is due to the insecure usage of sprintf on the getAuthCode() function. This Metasploit module has been tested successfully on DLink DIR-605L Firmware 1.13 under a QEMU environment.

tags | exploit, remote, code execution
advisories | OSVDB-86824
SHA-256 | 0a2625495d220d8e34aeaeab3b030e38d5c3d8c061e96a0d097c1527e36f1458
Interactive Graphical SCADA System Remote Command Injection
Posted Oct 22, 2013
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.

tags | exploit, arbitrary
advisories | CVE-2011-1566, OSVDB-72349
SHA-256 | a7114479b9ce7f63393a233814fca94f23890b35fff1a4000dbd132da087dd09
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Posted Oct 22, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This Metasploit module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4822, OSVDB-98247
SHA-256 | 259ed051cf78d79d3dc1060b81ae4b7df6b46139d8805a2a7c01408edc69946d
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close