exploit the possibilities
Showing 1 - 25 of 63 RSS Feed

Files Date: 2013-01-08

Action Pack DoS / SQL Injection / Code Execution
Posted Jan 8, 2013
Authored by Jonathan Rudenberg, Ben Murphy, Bryan Helmkamp, Magnus Holm, Charlie Somerville, Aaron Patterson, Darcy Laycock, Benoist Claassen, Felix Wilhelm

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.

tags | advisory, denial of service, arbitrary, sql injection, ruby
advisories | CVE-2013-0156
MD5 | 85e44204ba7170674ab3b48f8e9aa554
Simple Exploitation Of Format String Vulnerabilities
Posted Jan 8, 2013
Authored by Jules Mainsard

This is a whitepaper that explains simple exploitation of format string vulnerabilities. Written in French.

tags | paper, vulnerability
MD5 | f14028aeee56ff3cd391e2cff6753f84
IBM Cognos tm1admsd.exe Overflow
Posted Jan 8, 2013
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2012-0202, OSVDB-80876
MD5 | 7520a9825aba2a2295ee0fdf1a609f78
WordPress Google Document Embedder Arbitrary File Disclosure
Posted Jan 8, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access. Please note: The admin password may get changed if the exploit does not run to the end.

tags | exploit, arbitrary, php
advisories | CVE-2012-4915, OSVDB-88891
MD5 | ee30223d772139ccdbf4268e1f3f30d2
Advantech WebAccess HMI/SCADA Cross Site Scripting
Posted Jan 8, 2013
Authored by Antu Sanadi | Site secpod.com

Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 921ef9e8cd09c001a36d890e83c0f36f
HP Security Bulletin HPSBUX02829 SSRT100883
Posted Jan 8, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02829 SSRT100883 - A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-1699
MD5 | 77eedb8dcfcd177900dae9fe46bebe7d
EMC NetWorker Buffer Overflow
Posted Jan 8, 2013
Site emc.com

EMC NetWorker provides some of its services through the SunRPC remote procedure call mechanism. One of these services, nsrindexd, which listens on a dynamic port, exposes a SunRPC interface. A buffer overflow vulnerability exists in this service that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code on the vulnerable system in the context of the affected application, commonly system. Affected products include EMC NetWorker 7.5.x and earlier, EMC NetWorker 7.6.4 and earlier, and EMC NetWorker 8.0.0.5 and earlier.

tags | advisory, remote, denial of service, overflow, arbitrary
advisories | CVE-2012-4607
MD5 | 27fe7f6b12a7fb3d92dafed5c69a7bf9
Red Hat Security Advisory 2013-0126-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0126-01 - SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attempting to log in with a password containing an 8-bit character, even if the username was not valid. A remote attacker could use this flaw to eventually consume all hard disk space on the target SquirrelMail server.

tags | advisory, remote, php
systems | linux, redhat
advisories | CVE-2012-2124
MD5 | 3f25ee346a44ccee28fa0705c55ad85b
Red Hat Security Advisory 2013-0125-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0125-01 - Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF capture files. If Wireshark opened a specially-crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2011-4102, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291
MD5 | ada75d3efa8978e90d84e710eb4e7caf
Red Hat Security Advisory 2013-0128-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0128-01 - The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3359
MD5 | 39e6ef0c8c3f1f94a1c9ca891a62d458
Red Hat Security Advisory 2013-0124-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0124-01 - These packages provide various libraries and tools for the Simple Network Management Protocol. An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-2141
MD5 | d34a57d5cb584c6c8e61f021644892e8
Red Hat Security Advisory 2013-0123-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0123-01 - The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon created its process ID file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. Note: This issue did not affect the default configuration of OpenIPMI as shipped with Red Hat Enterprise Linux 5.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-4339
MD5 | 8c7a2e45dcdb500b54fbd1f2cfc90e9d
Red Hat Security Advisory 2013-0121-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0121-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4452
MD5 | 540915139608db7b3d6d7deb48a9a3bb
Red Hat Security Advisory 2013-0120-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0120-01 - The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. This issue was discovered by the Red Hat Security Response Team.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3417
MD5 | 76e46d6d65985ff6d98f3d5f66d3eb86
Red Hat Security Advisory 2013-0131-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0131-01 - The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language parser. Visiting a malicious DAV server with an application using gnome-vfs2 could possibly cause the application to consume an excessive amount of CPU and memory.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2009-2473
MD5 | 490209f1f8b9fd1ba20202fdc0543eac
Red Hat Security Advisory 2013-0135-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0135-01 - GIMP Toolkit is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+, would cause the application to crash. Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longer causes applications to terminate unexpectedly.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2012-2370
MD5 | d3e6f42b1d2bd3a17972d6f5e37c6a0e
Red Hat Security Advisory 2013-0130-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0130-01 - The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2008-0456, CVE-2012-2687
MD5 | 25ba51e554939fc6912dcd16b94b607f
Red Hat Security Advisory 2013-0129-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0129-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. It was found that the RHSA-2011:0909 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted code to modify arbitrary, trusted strings, which safe level 4 restrictions would otherwise prevent.

tags | advisory, remote, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2012-4481, CVE-2012-4522
MD5 | d016c1b2871c0f3d8a295e0eb1d4a73d
Red Hat Security Advisory 2013-0134-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0134-01 - FreeRADIUS is an open-source Remote Authentication Dial-In User Service server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied.

tags | advisory, remote, protocol
systems | linux, redhat, unix
advisories | CVE-2011-4966
MD5 | 61166e0c03b69c37fb23252001507149
Red Hat Security Advisory 2013-0133-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0133-01 - Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals. It was found that the HP CUPS fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-2722
MD5 | 87e172e164d713946ca9ef9a98f8e207
Red Hat Security Advisory 2013-0132-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0132-01 - The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, preventing future mount requests from being processed until the autofs service was restarted. Note: This flaw did not impact existing mounts.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2012-2697
MD5 | 11fe8b25c6ccfc6be05d73f9566c6abc
Red Hat Security Advisory 2013-0127-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0127-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2012-2693
MD5 | e7d4c52e78c5187438b43e7ffdad8d20
Red Hat Security Advisory 2013-0122-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0122-01 - Tcl provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2007-4772, CVE-2007-6067
MD5 | e0de8499754d6c3a4cc163ab3668b409
Cisco RV120W / RV220W Weak RSA Key Generation
Posted Jan 8, 2013
Authored by Slawek Rozbicki

Cisco RV120W and RV220W devices share some primes in RSA modules. It is possible to regenerate private key with ease using fast GCD (euklid based) operations on public key pairs.

tags | advisory
systems | cisco
MD5 | d508ec35ff21daee2d70bb7519c39963
MotoCMS 1.3.3 Password File Disclosure / Shell Upload
Posted Jan 8, 2013
Authored by Akastep

MotoCMS versions 1.3.3 and below suffer from password file disclosure and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, info disclosure
MD5 | 65149ad006f14fe4db98d08943d19b14
Page 1 of 3
Back123Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close