what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-02-06

ActFax 5.01 RAW Server Buffer Overflow
Posted Feb 6, 2013
Authored by corelanc0d3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.

tags | exploit, protocol
MD5 | 4bf23d489c0d688f65c9f79f71d2b939
GNUnet P2P Framework 0.9.5a
Posted Feb 6, 2013
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This maintenance release fixes a few minor bugs.
tags | tool, web, udp, tcp, peer2peer
systems | unix
MD5 | b0e204cf9711f9799baaeb477992e66a
Google Chrome Silent HTTP Authentication
Posted Feb 6, 2013
Authored by T355

Google Chrome version 24.0.1312.57 fails to properly recognize HTTP Basic Authentication when injected in various HTML tags. As a result of this behavior Chrome will not alert the user when HTTP Basic Authentication is taking place or when credentials are rejected.

tags | exploit, web
systems | linux
MD5 | 34d44fe9b082f9f4dd1893ce50ca2eee
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2012-3569, OSVDB-87117
MD5 | c305987e1b5b0f2ca5be4dc99b9547a1
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2012-3569, OSVDB-87117
MD5 | f525bc1c9d5f21294e79afd950a4acc6
UPnP Issue Affects Many Routers
Posted Feb 6, 2013
Authored by H D Moore, Leon Juranic, DefenseCode

A few weeks ago, DefenseCode announced the remote pre-auth root access exploit for Cisco Linksys. During further research, they have discovered that other router manufacturers are also vulnerable to the same vulnerability, since the vulnerable Broadcom UPnP stack is used across multiple router vendors. Rapid7 has produced some scary numbers surrounding how many routers are affected on the Internet.

tags | advisory, remote, root
systems | cisco
MD5 | 3b0a8f2514d231023a2e7212b1720304
Mandriva Linux Security Advisory 2013-008
Posted Feb 6, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-008 - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2122, CVE-2012-2749, CVE-2012-5611
MD5 | d6119ed0928e8ec99c38988333bb8760
Microsoft Skype Shop Cross Site Scripting
Posted Feb 6, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

The Microsoft Skype GiftCards application suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | badda0d6eb975044f3acdce03762c2d7
WirelessFiles 1.1 Local File Inclusion
Posted Feb 6, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WirelessFiles version 1.1 suffers from local file inclusion and remote file access vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion
MD5 | 0e3726c2b896c539022bad6de897508d
Cisco Security Advisory 20130206-ata187
Posted Feb 6, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has available free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, telephony
systems | cisco
MD5 | e27a0b079fadbe542c659a9dd197031f
CubeCart 5.2.0 PHP Object Injection
Posted Feb 6, 2013
Authored by EgiX

CubeCart versions 5.0.0 through 5.2.0 suffer from a PHP object injection vulnerability in cubecart.class.php.

tags | exploit, php
advisories | CVE-2013-1465
MD5 | cf98d3b5e35adc103e223f150bd1f6ab
WordPress CommentLuv 2.92.3 Cross Site Scripting
Posted Feb 6, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress CommentLuv version 2.92.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1409
MD5 | 5b1a12bfee3c61bdc203212b5c621f8d
WordPress Wysija Newsletters 2.2 SQL Injection
Posted Feb 6, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Wysija Newsletters plugin version 2.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2013-1408
MD5 | fbec673839156d7c7917b1f104cd2232
Hackito Ergo Sum 2013 Call For Papers
Posted Feb 6, 2013
Authored by HES CFP | Site 2013.hackitoergosum.org

The Hackito Ergo Sum 2013 Call For Papers has been announced. It will be held from May 2nd through the 4th, 2013 in Paris, France.

tags | paper, conference
MD5 | baf3afb38ae3e0696b0baeaa28ab0283
VK Social Network Open Redirect
Posted Feb 6, 2013
Authored by Juan Carlos Garcia

The VK social network at vk.com suffers from an open redirection vulnerability.

tags | exploit
MD5 | 2cf7e0d27168d0a9fb8c73a5b4fa878d
Digital Whisper Electronic Magazine #39
Posted Feb 6, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 39. Written in Hebrew.

tags | magazine
MD5 | b4a0a524599997f379ce772e5d931530
Secunia Security Advisory 52115
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 661fc714877cced8955a1a70e63665bf
Secunia Security Advisory 52115
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 661fc714877cced8955a1a70e63665bf
Secunia Security Advisory 52056
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
MD5 | 5d7a14ac7dcafd4b91b5dc73d48d141a
Secunia Security Advisory 52059
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
MD5 | 5445b0e48682ea0ac0193344ecb9ea1b
Secunia Security Advisory 52011
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - James Clawson has discovered a weakness and multiple vulnerabilities in Nagios XI, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct spoofing, cross-site scripting, and cross-site request forgery attacks.

tags | advisory, spoof, vulnerability, xss, csrf
MD5 | 96dfcffe74ba8c4084f39c0661c2ba31
Secunia Security Advisory 52026
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | cisco
MD5 | 8e3c35f9f316d059ec3871839f012a83
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    1 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close