what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-10-29

Apache Magicka Code Execution
Posted Oct 29, 2013
Authored by Kingcope

Apache and PHP remote command execution exploit that leverages php5-cgi.

tags | exploit, remote, cgi, php
advisories | CVE-2012-1823
SHA-256 | 9d57dc343cc59f716358c28109591d65f8d5b225d645fd188e0084e43bad3ad6
Ubuntu Security Notice USN-2009-1
Posted Oct 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2013-5592, CVE-2013-5593, CVE-2013-5604, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5602, CVE-2013-5603, CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
SHA-256 | 8e63ed5e393428544209ac043e79fe9e8a1b315c5dd1c5295543d51b893c2332
Red Hat Security Advisory 2013-1474-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
SHA-256 | 421517e84fef6199d6a8b6d04a30c460895840aad9a34f2200a564e579c0e8d5
Red Hat Security Advisory 2013-1473-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
SHA-256 | 19d0b0a6756280e6ad7abc839d934e1c7d02df663ce5a760e3d3995cc5dd185e
Red Hat Security Advisory 2013-1460-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1460-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4282
SHA-256 | 43b8878126f2d8197447500e23a48bae3a714f62c8fe52e9b08b96ce1e28e43c
Apache / PHP Remote Command Execution
Posted Oct 29, 2013
Authored by noptrix | Site nullsecurity.net

Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.

tags | exploit, remote, cgi, php, python
advisories | CVE-2012-1823
SHA-256 | e84173be8280a7b8f575e8f3452aec7371dc39379e8db2f2dff934de891370cd
Red Hat Security Advisory 2013-1476-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1476-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
SHA-256 | 3c068c36e9c152a2f1a4ccdcdcc11b5f3b52e6eb75250554572367439033c82a
Red Hat Security Advisory 2013-1475-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1475-01 - PostgreSQL is an advanced object-relational database management system. An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service or disclosure of certain portions of server memory. A flaw was found in the way the pgcrypto contrib module of PostgreSQL initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2013-0255, CVE-2013-1900
SHA-256 | f016163d3aebfd09fc79cc341c042bd891dacb31ae347f0f6ee3492cc8ebf390
EMC NetWorker Information Disclosure
Posted Oct 29, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could allow exposure of sensitive information under specific circumstances. EMC NetWorker version 8.0.x is affected.

tags | advisory
advisories | CVE-2013-3285
SHA-256 | b065e24f0863cdfea51436716d40a59d9aba6197e39dffe532a7b7eaa0bf18e2
Olat CMS 7.8.0.1 Cross Site Scripting
Posted Oct 29, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Olat CMS version 7.8.0.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 39f8f1c2c8222466efd3ca3ff8b44c69d993ead66bdbacc015256813cdc192dd
BlazeDVD 6.2 Buffer Overflow
Posted Oct 29, 2013
Authored by Mike Czumak

BlazeDVD version 6.2 SEH buffer overflow exploit that creates a malicious .plf file.

tags | exploit, overflow
SHA-256 | 0402fc513d6a45f0367fd4919f1fef0d3db1446cfc7c5861412a5c395ac44e6d
JBrute 0.97
Posted Oct 29, 2013
Authored by Gonzalo Camino

JBrute is a password cracking tool written in Java that uses both brute force and dictionary attack methodologies with a built-in rule pre-processor similar to John the Ripper. It supports several standard algorithms and several algorithms from proprietary applications (like Microsoft SQL Server, Oracle, SYBASE, and so on).

Changes: Various updates, bug fixes, and parameters added.
tags | tool, java, cracker
SHA-256 | b6c69e1f756b77729e18afd6c66c9ca1c8854466b8b9630deded0f3187f6bc73
ASUS RT-N13U Backdoor Account
Posted Oct 29, 2013
Authored by Shellster

The ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.

tags | exploit, web, shell, root
SHA-256 | ecd490cdd8df6d6a8157d63cac98201e4d8df54dcb1b076013ed6fe6f001b466
Ops View Pre 4.4.1 Blind SQL Injection
Posted Oct 29, 2013
Authored by Jesus Oquendo

Ops View version pre 4.4.41 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5694
SHA-256 | 92acf8e21feac8586d79811c350e5a6dedf7fd0f2d984f37157264df9d4b6078
sup Remote Command Execution
Posted Oct 29, 2013
Authored by joernchen

sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.

tags | exploit, arbitrary
SHA-256 | 7f25065280e73ca0e7c1a1f6429061cd9ee6353dfc98cf483575c0a5d76a0da5
WordPress Curvo Shell Upload
Posted Oct 29, 2013
Authored by Byakuya

WordPress Curvo theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c265d8b2cc6ce8faadfecc0108e2b0d861d13d909118a052dac7b78a99e62f9f
GTX CMS 2013 Optima XSS / SQL Injection
Posted Oct 29, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

GTX CMS 2013 Optima suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 15b0c869a76223dd746013e56d764bd49329bdf34f6ac55cc179e1aaf8849e87
Google Play Billing Bypass
Posted Oct 29, 2013
Authored by Dominik Schurmann

All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.

tags | advisory, vulnerability, bypass
SHA-256 | f68f31523fe048d0a532378407c09820e34245d3b9aac37fc00b428562210019
WordPress MoneyTheme Cross Site Scripting / Shell Upload
Posted Oct 29, 2013
Authored by DevilScreaM

WordPress MoneyTheme suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 118f2518be3ef83f488608e39f34988f8e8d867943df4d1309be1c8476a48492
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close