exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-02-15

SAP Netweaver Message Server Buffer Overflow
Posted Feb 15, 2013
Authored by Core Security Technologies, Francisco Falcon, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2013-1592, CVE-2013-1593
MD5 | 388e913d89cf47a904c336f1112889bc
Mandriva Linux Security Advisory 2013-012
Posted Feb 15, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-012 - PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0255
MD5 | 1938a59099cfbd0d5578f369bece3272
Hacking Trust Relationships Between SIP Gateways
Posted Feb 15, 2013
Authored by Fatih Ozavci

NGN (Next Generation Networks) operators provide SIP services for their customers. Customers can call other operator's customers via SIP services and SIP gateways. SIP gateways use SIP Trunks for trusted call initiation and cdr/invoice management. In this paper, a new method will be explained. The technique describes how you can detect trusted 3rd party SIP Trunks and initiate a call.

tags | paper
MD5 | b01c34a288842aa683d300eec9f0407f
chillyCMS 1.3.0 Shell Upload / Access Bypass
Posted Feb 15, 2013
Authored by Abhi M Balakrishnan

chillyCMS version 1.3.0 suffers from URL restriction bypass and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, bypass
MD5 | e887669145d584e956ed3ff17553f3b9
IBM Lotus Domino 8.5.3 XSS / CSRF / Redirection
Posted Feb 15, 2013
Authored by MustLive

IBM Lotus Domino version 8.5.3 suffers from cross site request forgery, cross site scripting, and redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 5de96a070cc9657d136541539ef91f70
Cometchat Cross Site Scripting / Code Execution
Posted Feb 15, 2013
Authored by B127Y

Cometchat suffers from remote PHP code execution and cross site scripting vulnerabilities.

tags | exploit, remote, php, vulnerability, code execution, xss
MD5 | 8561c8886c1e86424307d18eff253321
Paypal Marketing Cross Site Scripting
Posted Feb 15, 2013
Authored by Mahadev Subedi

The www.paypal-marketing.com.hk site suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | fcc7b3769c000ea59c584b09a84e2766
Sonar 3.4.1 Cross Site Scripting
Posted Feb 15, 2013
Authored by Kacper | Site devilteam.pl

Sonar version 3.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 42e39d264dc9eb6f5e651a6405b432c3
GrrCon 13 Call For Papers
Posted Feb 15, 2013
Site grrcon.org

GrrCON is an information security and hacking conference held annually in the Midwest. This conference was put together to provide the information security community with a venue to come together and share ideas, information, solutions, forge relationships, and most importantly engage with like minded people in a fun atmosphere. It will take place September 12th through the 13th, 2013 in Grand Rapids, MI, USA.

tags | paper, conference
MD5 | 802cb555d8d9e306902b9ebc3bd5ffdc
Empirum Password Obfuscation
Posted Feb 15, 2013
Authored by otr

Empirum version 14.0 from Matrix42 is prone to a trivial password recovery attack that allows users to obtain passwords encrypted with the EmpCrypt.exe.

tags | advisory
MD5 | 1dfe29bf2fba2af86a6a998faa32efc6
Photodex ProShow Producer 5.0.3297 Memory Corruption
Posted Feb 15, 2013
Authored by Julien Ahrens | Site security.inshell.net

A memory corruption vulnerability has been identified in Photodex ProShow Producer version 5.0.3297. When opening a crafted style file (.pxs), the application loads the "title" value from the pxs file. The ColorPickerProc function does not properly validate the length of the string loaded from the "title" value from the pxs file before using it in the further application context, which leads to a memory corruption condition with possible code execution depending on the version of the operating system.

tags | exploit, code execution
MD5 | ce44b18891a4ceef7dbcef706f5dd050
Edimax EW-7206APg / EW-7209APg Redirection / XSS / Header Injection
Posted Feb 15, 2013
Authored by Michael Messner

The Edimax EW-7206APg and EW-7209APg suffer from cross site scripting, HTTP header injection, and open redirection vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 4898ca396cefc0888d063a85a82373f2
TP-Link TL-WA701N / TL-WA701ND Directory Traversal / XSS
Posted Feb 15, 2013
Authored by Michael Messner

The TP-Link TL-WA701N and TL-WA701ND suffer from stored cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 77c8f032132c382a60e6b1f691b4ca57
Ubuntu Security Notice USN-1724-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1724-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-0443, CVE-2013-0440, CVE-2013-0444, CVE-2013-0448, CVE-2013-0449, CVE-2013-1481, CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409
MD5 | 1930a819f2a0e3cc75222d0b6b21e03b
Ubuntu Security Notice USN-1726-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1726-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2669, CVE-2012-4508, CVE-2012-5532, CVE-2012-2669, CVE-2012-4508, CVE-2012-5532
MD5 | f376260e670f948ca72f47dab08382d6
Ubuntu Security Notice USN-1725-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1725-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190
MD5 | 1725a8979da8ac5f539fac793860729b
Page 1 of 1

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    18 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By