exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-02-15

SAP Netweaver Message Server Buffer Overflow
Posted Feb 15, 2013
Authored by Core Security Technologies, Francisco Falcon, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2013-1592, CVE-2013-1593
SHA-256 | 287b3598e1016bac4e6bbe89252ab94d7ee5e39ea5592c228fff16f1c08ce946
Mandriva Linux Security Advisory 2013-012
Posted Feb 15, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-012 - PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0255
SHA-256 | 5e7b763b923fbc657bfb299e3e938c6d69a17a32d35606eafad3c063c4ed763c
Hacking Trust Relationships Between SIP Gateways
Posted Feb 15, 2013
Authored by Fatih Ozavci

NGN (Next Generation Networks) operators provide SIP services for their customers. Customers can call other operator's customers via SIP services and SIP gateways. SIP gateways use SIP Trunks for trusted call initiation and cdr/invoice management. In this paper, a new method will be explained. The technique describes how you can detect trusted 3rd party SIP Trunks and initiate a call.

tags | paper
SHA-256 | 33bea19376a276f1f48990e88237092dbdee4f0b66b893ce188d683dae1156c5
chillyCMS 1.3.0 Shell Upload / Access Bypass
Posted Feb 15, 2013
Authored by Abhi M Balakrishnan

chillyCMS version 1.3.0 suffers from URL restriction bypass and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, bypass
SHA-256 | 799091adcdc8f5d9b6d25e83467094ead111bbd36d846c5dead793c131fb9a8e
IBM Lotus Domino 8.5.3 XSS / CSRF / Redirection
Posted Feb 15, 2013
Authored by MustLive

IBM Lotus Domino version 8.5.3 suffers from cross site request forgery, cross site scripting, and redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 1130fe93667cda489b3f670cc5b50a599e490b92326bc69ca5a9d3e2a7a7cdbe
Cometchat Cross Site Scripting / Code Execution
Posted Feb 15, 2013
Authored by B127Y

Cometchat suffers from remote PHP code execution and cross site scripting vulnerabilities.

tags | exploit, remote, php, vulnerability, code execution, xss
SHA-256 | e10b2358844ee3524c076cbbcfa2a28e92ce30f72f24e5cb176450b33ab7ab4e
Paypal Marketing Cross Site Scripting
Posted Feb 15, 2013
Authored by Mahadev Subedi

The www.paypal-marketing.com.hk site suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f63e45be8e4800be48122e0af643ee4e634351747962dea6a722db28594dfd37
Sonar 3.4.1 Cross Site Scripting
Posted Feb 15, 2013
Authored by Kacper | Site devilteam.pl

Sonar version 3.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | da83d02310daea94e8be2a54b299f802fa374cffed0e8c946fa47d875567844a
GrrCon 13 Call For Papers
Posted Feb 15, 2013
Site grrcon.org

GrrCON is an information security and hacking conference held annually in the Midwest. This conference was put together to provide the information security community with a venue to come together and share ideas, information, solutions, forge relationships, and most importantly engage with like minded people in a fun atmosphere. It will take place September 12th through the 13th, 2013 in Grand Rapids, MI, USA.

tags | paper, conference
SHA-256 | 9352ade76585e2cd04c729e8a37888aff17046a1727fb25a7fd8d5adac4234af
Empirum Password Obfuscation
Posted Feb 15, 2013
Authored by otr

Empirum version 14.0 from Matrix42 is prone to a trivial password recovery attack that allows users to obtain passwords encrypted with the EmpCrypt.exe.

tags | advisory
SHA-256 | b8bfd848ac2af64d7799cf9258bc83cfefcfe8500dd019f1128511e9ba936b3e
Photodex ProShow Producer 5.0.3297 Memory Corruption
Posted Feb 15, 2013
Authored by Julien Ahrens | Site security.inshell.net

A memory corruption vulnerability has been identified in Photodex ProShow Producer version 5.0.3297. When opening a crafted style file (.pxs), the application loads the "title" value from the pxs file. The ColorPickerProc function does not properly validate the length of the string loaded from the "title" value from the pxs file before using it in the further application context, which leads to a memory corruption condition with possible code execution depending on the version of the operating system.

tags | exploit, code execution
SHA-256 | 4c548ccf5e23c74bf6aebf62a75caa02e6097be464986683796f64a9f92f7c47
Edimax EW-7206APg / EW-7209APg Redirection / XSS / Header Injection
Posted Feb 15, 2013
Authored by Michael Messner

The Edimax EW-7206APg and EW-7209APg suffer from cross site scripting, HTTP header injection, and open redirection vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | caf5494f483d9fdfdddc161b8ffa759d8caa9aa9cf89ce0b6c0d0e843b783136
TP-Link TL-WA701N / TL-WA701ND Directory Traversal / XSS
Posted Feb 15, 2013
Authored by Michael Messner

The TP-Link TL-WA701N and TL-WA701ND suffer from stored cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 94e97a9978ccdf366f647fe8f6856515428f710579e8124bc4f97d8d7503a1d9
Ubuntu Security Notice USN-1724-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1724-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-0443, CVE-2013-0440, CVE-2013-0444, CVE-2013-0448, CVE-2013-0449, CVE-2013-1481, CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409
SHA-256 | 6218f8f57e733bdd2f7a60a804b1864c5be41bdd2813a63ae483e8c9a247a0ce
Ubuntu Security Notice USN-1726-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1726-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2669, CVE-2012-4508, CVE-2012-5532, CVE-2012-2669, CVE-2012-4508, CVE-2012-5532
SHA-256 | a3d55b9ff0b73d1df8e7409074747aabe37ecb3203cc3a90ab56e3dba8a7c4f8
Ubuntu Security Notice USN-1725-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1725-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190
SHA-256 | 0365b15699cf473ccc3edbbf30b978b7bf67ea2a7de10c53ceb9a38068c329cc
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By