what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-02-06

ActFax 5.01 RAW Server Buffer Overflow
Posted Feb 6, 2013
Authored by corelanc0d3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.

tags | exploit, protocol
SHA-256 | 4a69b08e3f25832796905f1a619e884a1be0ddff4a7741e5aa998ad429b5daae
GNUnet P2P Framework 0.9.5a
Posted Feb 6, 2013
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This maintenance release fixes a few minor bugs.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 1d600717eee1f952e23d192288850a67948e92e0b1dee5d950d111b2670cbed7
Google Chrome Silent HTTP Authentication
Posted Feb 6, 2013
Authored by T355

Google Chrome version 24.0.1312.57 fails to properly recognize HTTP Basic Authentication when injected in various HTML tags. As a result of this behavior Chrome will not alert the user when HTTP Basic Authentication is taking place or when credentials are rejected.

tags | exploit, web
systems | linux
SHA-256 | e316ddd6ab2e95da7b3c2e08ac9ea8e27e40250049abf354194730d177c70c74
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2012-3569, OSVDB-87117
SHA-256 | 947c3e740f21931c7ef1cd3e576fdca5e6de25b2e58c1c570786397ac62955dd
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2012-3569, OSVDB-87117
SHA-256 | 9db02738e3d911d404dec888f15753cc6ace8f4996b9bf8064037d16d77e53a5
UPnP Issue Affects Many Routers
Posted Feb 6, 2013
Authored by H D Moore, Leon Juranic, DefenseCode

A few weeks ago, DefenseCode announced the remote pre-auth root access exploit for Cisco Linksys. During further research, they have discovered that other router manufacturers are also vulnerable to the same vulnerability, since the vulnerable Broadcom UPnP stack is used across multiple router vendors. Rapid7 has produced some scary numbers surrounding how many routers are affected on the Internet.

tags | advisory, remote, root
systems | cisco
SHA-256 | 973bb983a4d13f077857f0d5faee4a6aaf7969bdaa84af71296a5aabd7a67568
Mandriva Linux Security Advisory 2013-008
Posted Feb 6, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-008 - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2122, CVE-2012-2749, CVE-2012-5611
SHA-256 | b49df6bc4397ad8618cab19cb79f3703b128fb5b64bd72878f5ca80369c7124b
Microsoft Skype Shop Cross Site Scripting
Posted Feb 6, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Microsoft Skype GiftCards application suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cf8abc721feaf16edbdec7700d540b0a83197f500581fd8cc33afc04c7238248
WirelessFiles 1.1 Local File Inclusion
Posted Feb 6, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

WirelessFiles version 1.1 suffers from local file inclusion and remote file access vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion
SHA-256 | 3850602449bad921852b410c589969cec88b5db971be283eacaa3ba68c2677a6
Cisco Security Advisory 20130206-ata187
Posted Feb 6, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has available free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, telephony
systems | cisco
SHA-256 | a44fd2ae255011f46fdf2f2dd21e8ae9bff6fff2f42ff72eaacd5943dc3fe15b
CubeCart 5.2.0 PHP Object Injection
Posted Feb 6, 2013
Authored by EgiX

CubeCart versions 5.0.0 through 5.2.0 suffer from a PHP object injection vulnerability in cubecart.class.php.

tags | exploit, php
advisories | CVE-2013-1465
SHA-256 | b8ea293ae015b63e23adb34ead1c724de72f0f626c8efabb09536e66ba543d0f
WordPress CommentLuv 2.92.3 Cross Site Scripting
Posted Feb 6, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress CommentLuv version 2.92.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1409
SHA-256 | ae48875150b20411b2335d809a224933fbe7bb20bfc97d57d235b86b2bf5e302
WordPress Wysija Newsletters 2.2 SQL Injection
Posted Feb 6, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Wysija Newsletters plugin version 2.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2013-1408
SHA-256 | 9dde7457fba5a279d311d740eafd71d7c2ae6a2f5ae2fe36607c5399443b6fbe
Hackito Ergo Sum 2013 Call For Papers
Posted Feb 6, 2013
Authored by HES CFP | Site 2013.hackitoergosum.org

The Hackito Ergo Sum 2013 Call For Papers has been announced. It will be held from May 2nd through the 4th, 2013 in Paris, France.

tags | paper, conference
SHA-256 | 3b6b51704aabb88f069f1fde3a7d38ca1bb69ff0cbf949fa1738242708f96c47
VK Social Network Open Redirect
Posted Feb 6, 2013
Authored by Juan Carlos Garcia

The VK social network at vk.com suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | bd8c1780be2ec4a04a0a4a587a8024d0c4f67d722bfd08529ca171336aadd429
Digital Whisper Electronic Magazine #39
Posted Feb 6, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 39. Written in Hebrew.

tags | magazine
SHA-256 | 79573a58ab62e55569c9c82d766db938701c9e781fe91f8b650de16e99c27926
Secunia Security Advisory 52115
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 0fa01b8c954f11df766d4fc663993a241d58cc29f0e58a77ffacdacb3c78dbff
Secunia Security Advisory 52115
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 0fa01b8c954f11df766d4fc663993a241d58cc29f0e58a77ffacdacb3c78dbff
Secunia Security Advisory 52056
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
SHA-256 | 7d1e4feab54d262c54480616e0769b5ef917e049544adc4237d0c8726b58ff8b
Secunia Security Advisory 52059
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 4ed820bbfddd667ee07e2c2e57ea1b5b18322c715e8782901e1c1f82dbb51097
Secunia Security Advisory 52011
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - James Clawson has discovered a weakness and multiple vulnerabilities in Nagios XI, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct spoofing, cross-site scripting, and cross-site request forgery attacks.

tags | advisory, spoof, vulnerability, xss, csrf
SHA-256 | e2c59d9a85c7216cfd8758f57594b572bcc50d5f6eab228745f3322bbfe713e1
Secunia Security Advisory 52026
Posted Feb 6, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | cisco
SHA-256 | ed91805f613ab3984d5019dc8cb3691d8b9886f7d70286dabc8457e4a52c1198
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close