the original cloud security
Showing 1 - 25 of 42 RSS Feed

Files Date: 2012-11-13

Invision IP.Board 3.3.4 unserialize() PHP Code Execution
Posted Nov 13, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-5692, OSVDB-86702
MD5 | ffe6e26c45e6ffa78cb248d5a282a6c0
Jira Scriptrunner 2.0.7 CSRF / Code Execution
Posted Nov 13, 2012
Authored by Ben Sheppard

This is a metasploit exploit for Jira Scriptrunner version 2.0.7. This Jira plugin does not use the built in Jira protections (websudo or CSRF tokens) to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by default in a windows environment Jira will be run as system.

tags | exploit, java, csrf
systems | windows
MD5 | d93b2fae6f272dbcf03d8f64cadc1878
OpenVAS Command Injection
Posted Nov 13, 2012
Authored by Tim Brown at OpenVAS

It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.

tags | exploit, arbitrary
advisories | CVE-2012-5520
MD5 | c93e57fcf3e4e6ead9756c8c276d86fc
RSA Data Protection Manager XSS / Broken Restriction
Posted Nov 13, 2012
Site emc.com

RSA Data Protection Manager is susceptible to vulnerabilities that could potentially be exploited by malicious users to compromise affected systems. These include a cross site scripting vulnerability and improper restriction of authentication attempts for OS lever user accounts.

tags | advisory, vulnerability, xss
advisories | CVE-2012-4612, CVE-2012-4613
MD5 | 7940f39af5ff2fc7be34c24b81a1e648
Huawei Weak Password Encryption
Posted Nov 13, 2012
Authored by Roberto Paleari, Ivan Speziale

Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600.

tags | advisory
MD5 | 54b7c7c6ad4ab4794f84139284813563
WordPress UK-Cookie Cross Site Scripting
Posted Nov 13, 2012
Authored by Aditya Balapure

The WordPress UK Cookie third party plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-5856
MD5 | be29cad01ac6050eb329062a985835ea
Zoner Photo Studio 15 B3 Buffer Overflow
Posted Nov 13, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Zoner Photo Studio version 15 b3 suffers from buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | 291075e905ce55172e618d7021b45972
Eventy CMS 1.8 Plus Cross Site Scripting / SQL Injection
Posted Nov 13, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

Eventy CMS version 1.8 Plus suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 5a395069058fa7814d266b0d516c4799
WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
Posted Nov 13, 2012
Authored by DefenseCode

WordPress WP E-Commerce third party plugin version 3.8.9 suffers from cross site scripting and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 18b17c7a8c8f15ca8fb77c7e9a3e2731
Red Hat Security Advisory 2012-1459-01
Posted Nov 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1459-01 - nspluginwrapper is a utility which allows 32-bit plug-ins to run in a 64-bit browser environment. It includes the plug-in viewer and a tool for managing plug-in installations and updates. It was not possible for plug-ins wrapped by nspluginwrapper to discover whether the browser was running in Private Browsing mode. This flaw could lead to plug-ins wrapped by nspluginwrapper using normal mode while they were expected to run in Private Browsing mode.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2486
MD5 | 23f5b51d0183a395ac7c21b5949c3658
Red Hat Security Advisory 2012-1445-01
Posted Nov 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1445-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. This update also fixes several bugs.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-2100
MD5 | 480e24b74613787fc679a66aad52504c
Good Mobile Access Man-In-The-Middle
Posted Nov 13, 2012
Authored by Thierry Zoller

GMA aka Good Mobile Access, part of the Good For Enterprise application, failed to validate server authenticity in versions prior to 2.0.2.

tags | advisory
MD5 | 246f26b78da591033bed7bad920b79cf
Microsoft Security Bulletin Re-Release For November, 2012
Posted Nov 13, 2012
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for November, 2012.

tags | advisory
MD5 | 451dae66adcca940f38a4a6208cec230
IrfanView 4.33 RLE Image Decompression Buffer Overflow
Posted Nov 13, 2012
Authored by Francis Provencher

IrfanView version 4.33 suffers from a RLE image decompression buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | ad72c33008a418ffec7419d64d0dddc6
Microsoft Security Bulletin Summary For November 2012
Posted Nov 13, 2012
Site microsoft.com

This bulletin summary lists 6 released Microsoft security bulletins for November, 2012.

tags | advisory
MD5 | a6cc26a9c657450b159a35a71c5ea3b2
SWF Upload Cross Site Scripting
Posted Nov 13, 2012
Authored by MustLive

Dotclear, InstantCMS, AionWeb, and Dolphin all include a version of swfupload.swf that suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-3414
MD5 | 507ff88c04b6509a0bf77b82a52f0725
IrfanView 4.33 TIF Image Decompression Buffer Overflow
Posted Nov 13, 2012
Authored by Francis Provencher

IrfanView version 4.33 suffers from a TIF image decompression buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | b624052af347b4f0a5752b4677362139
Secunia Security Advisory 51255
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in gatling, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
MD5 | 30a0e3189407d8c9e54e498abe671651
Secunia Security Advisory 51250
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Carousel Slideshow plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 0ce516fbe23b48dd5e3400ca56c529d5
Secunia Security Advisory 51266
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in UnrealIRCd, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 9e310e2c54218fe54a0ee6bfd2d832ec
Secunia Security Advisory 51258
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libproxy. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 42d221e8846c5b76b2b7a1853f6ca627
Secunia Security Advisory 51249
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Wysija Newsletters plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 85c7cdaf8313fcfe5a0230289a4da95f
Secunia Security Advisory 51214
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Citrix has acknowledged some vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
MD5 | 0cb4f0f507817fb37419bf8c35899bd7
Secunia Security Advisory 51246
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported multiple vulnerabilities in Eventy, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 703205b4d47d45a4a178a235e4cce0a4
Secunia Security Advisory 51257
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 9d9a0afbd96e67c85eb53a66e2803d64
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close