what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-01-03

Allied Telesis AT-MCF2000M 3.0.2 Local Root
Posted Jan 3, 2013
Authored by dun

Allied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.

tags | exploit, local, root
MD5 | 4c2584b5e94ec7f5f55d14a740bab7e3
Simple Webserver 2.3-rc1 Directory Traversal
Posted Jan 3, 2013
Authored by CwG GeNiuS

PM Software Simple Webserver version 2.3-rc1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 9c432474b08cac723196ef1965249cec
WHMCS 5.x Authentication Bypass
Posted Jan 3, 2013
Authored by Agd_Scorp

WHMCS version 5.x suffers from an authentication bypass vulnerability that leverages the cache.

tags | exploit, bypass
MD5 | 930c1e11ab0cd49b1a1b54ab150c4c18
Indrajith Mini Shell 2.0
Posted Jan 3, 2013
Authored by Ajith KP, Vishunath KP, Indishell, Team Open Fire

This is a mini-php backdoor shell. It has a PHP encoder/decoder, mail bombing functionality, reverse shell, cPanel cracker, and more.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 5f88238813db299673b4cd8410ad9896
Simple Machines Forum 2.0.3 Path Disclosure
Posted Jan 3, 2013
Authored by WHK Yan

Simple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 78aaccf7f3b2546eedb9df0c7f92673f
WordPress Advanced Custom Fields Remote File Inclusion
Posted Jan 3, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).

tags | exploit, remote, php, code execution, file inclusion
advisories | OSVDB-87353
MD5 | e52b09ced8b21fbf750da694d8e2c3b4
WordPress Xerte Online 0.32 Shell Upload
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress Xerte Online plugin version 0.32 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | fd101c534c46cd870f749ee96683105c
WordPress Uploader 1.0.4 Shell Upload
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress Uploader plugin version 1.0.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 65ba2386879719112c7ebb164ef919bd
WordPress ReFlex Gallery 1.3 Shell Upload
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress ReFlex Gallery plugin version 1.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 454b36474bb5640208c29ba15e38cdf9
Secunia Security Advisory 51687
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Joshua Reynolds has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 04c205dd2c2b3fc2a08c626be3039619
Secunia Security Advisory 51665
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aung Khant has discovered a security issue in CubeCart, which can potentially be exploited by malicious people to gain knowledge of sensitive information.

tags | advisory
MD5 | a4a70edbbb412cd1bccefdb84286cdb4
Secunia Security Advisory 51629
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Windows, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
systems | windows
MD5 | b468ac667f642d3cb843a3223acb081d
Secunia Security Advisory 51697
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - joernchen has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection, ruby
MD5 | 13032e6fbc33eda1f6a61e4d854eca5c
Secunia Security Advisory 51703
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aung Khant has discovered multiple vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.

tags | advisory, vulnerability, csrf
MD5 | 5744186230110456fa21dbe430aca7d1
Secunia Security Advisory 51718
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in RuggedCom Rugged Operating System, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to hijack a user's session.

tags | advisory
MD5 | 2be654e42f6efe37badfdf898afdaccc
WordPress Shopping Cart 8.1.14 Shell Upload / SQL Injection
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress Shopping Cart version 8.1.14 from Level Four Store Front suffers from remote SQL injection and shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 6a7331517f75d9ddda3261b9e513ef83
Secunia Security Advisory 51689
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 6a1ab3e14acb55ab462a81695b51cd60
Secunia Security Advisory 50832
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Google Doc Embedder plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | cce19af03f33ffe4597ba515838eb5c1
Secunia Security Advisory 51710
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in osTicket, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, sql injection, csrf
MD5 | 56a3e5a8f08da25ec2c0326e16de16dc
Asterisk Project Security Advisory - AST-2012-015
Posted Jan 3, 2013
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk maintains an internal cache for devices. The device state cache holds the state of each device known to Asterisk, such that consumers of device state information can query for the last known state for a particular device, even if it is not part of an active call. The concept of a device in Asterisk can include things that do not have a physical representation. One way that this currently occurs is when anonymous calls are allowed in Asterisk. A device is automatically created and stored in the cache for each anonymous call that occurs; this is possible in the SIP and IAX2 channel drivers and through channel drivers that utilize the res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). Attackers exploiting this vulnerability can attack an Asterisk system configured to allow anonymous calls by varying the source of the anonymous call, continually adding devices to the device state cache and consuming a system's resources.

tags | advisory
advisories | CVE-2012-5977
MD5 | 1f0cefcdb9afc401724361ca6f691932
Asterisk Project Security Advisory - AST-2012-014
Posted Jan 3, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.

tags | advisory, web, overflow, udp, tcp
advisories | CVE-2012-5976
MD5 | 68dd819158d6e063193df6cbe87aeadb
Mandriva Linux Security Advisory 2013-001
Posted Jan 3, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-6085
MD5 | 27312d22922a76018c896899cca53b70
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close