seeing is believing
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-02-18

Piwigo 2.4.6 Arbitrary File Read / Delete
Posted Feb 18, 2013
Authored by LiquidWorm | Site zeroscience.mk

Piwigo version 2.4.6 suffers from a remote arbitrary file read and deletion vulnerability user a directory traversal attack in install.php.

tags | exploit, remote, arbitrary, php
MD5 | ab5a700f75a48c2afd3dfa7f6ce30b92
Debian Security Advisory 2628-1
Posted Feb 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2628-1 - Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-0288
MD5 | ed7d249730e131f3074353928d54c12b
USB Sharp 1.3.4 Local File Inclusion / Cross Site Scripting
Posted Feb 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

USB Sharp version 1.3.4 suffers from local file inclusion and persistent cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | fdb8920d9477faf68650b581ee38e72b
PHP-Fusion CMS 7.02.05 SQL Injection
Posted Feb 18, 2013
Authored by Krzysztof Katowicz-Kowalewski

PHP-Fusion CMS versions 7.02.01 through 7.02.05 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 3af7d20e9904ab3ee55f846d1d3d2865
Netgear DGN2200B Command Execution / Cross Site Scripting
Posted Feb 18, 2013
Authored by Michael Messner

Netgear DGN2200B suffers from remote command injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss
MD5 | 0c8ef18079ad68541583e4db73eb40cc
WordPress Marekkis Watermark Cross Site Scripting
Posted Feb 18, 2013
Authored by Aditya Balapure

WordPress Marekkis Watermark plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1758
MD5 | 5ce1491b7971bd1dfd09411fd5824004
TWiki 5.1.3 Command Execution
Posted Feb 18, 2013
Authored by Peter Thoeny

The %MAKETEXT{}% TWiki variable allows arbitrary shell command execution using tilde (~) characters. Only TWiki server with localization enabled are affected. Versions 5.1.0 through 5.1.3 suffer from this issue.

tags | advisory, arbitrary, shell
advisories | CVE-2012-6329, CVE-2013-1751
MD5 | efc8aadfd4d11a74cb5430cbbd5a15a6
WordPress Responsive Logo Slideshow Cross Site Scripting
Posted Feb 18, 2013
Authored by Aditya Balapure

WordPress Responsive Logo Slideshow plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1759
MD5 | c0a88e749e6ac46488ddb6d67914afa4
MIMEsweeper For SMTP 5.5 Cross Site Scripting
Posted Feb 18, 2013
Authored by Anastasios Monachos

MIMEsweeper for SMTP version 5.5 Personal Message Manager suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f4113c5756cdb31f358053c005e5696d
Air Transfer 1.2.0 Local File Inclusion
Posted Feb 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Air Transfer version 1.2.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 8ddb2fc13b749eec8ebbc0f325a13548
Debian Security Advisory 2627-1
Posted Feb 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2627-1 - Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed 'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2012-4929
MD5 | fd19209a51b2dfdd97a8814cced80aca
Debian Security Advisory 2626-1
Posted Feb 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2626-1 - Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2009-3555, CVE-2012-4929
MD5 | 4c47aa4a11db2234e2e435c63140bd1c
Ubuntu Security Notice USN-1727-1
Posted Feb 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1727-1 - It was discovered that the Boost.Locale library incorrectly validated some invalid UTF-8 sequences. An attacker could possibly use this issue to bypass input validation in certain applications.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-0252
MD5 | 77bf2375c9ce21294261567373ba5edf
Open Review Script Cross Site Scripting
Posted Feb 18, 2013
Authored by TheMirkin

Open Review Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fdc6f30978481b37d21303407b7feedb
Scripts Genie Pet Rate Pro 4.9.9 SQL Injection / Command Execution
Posted Feb 18, 2013
Authored by TheMirkin

Scripts Genie Pet Rate Pro version 4.9.9 suffers from remote SQL injection and code injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2911f27832ad3b4194fc41baf37f4dd9
ZeroClipboard 1.0.7 Cross Site Scripting
Posted Feb 18, 2013
Authored by MustLive

ZeroClipboard version 1.0.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 425da93697e42a001a8aef316186b8ce
PACK (Password Analysis and Cracking Kit) 0.0.3
Posted Feb 18, 2013
Authored by Peter Kacherginsky

PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.

Changes: The latest update includes a rule generation engine (rulegen.py) which uses a Reverse Levenshtein Paths algorithm to reverse word mangling rules.
tags | tool, cracker
systems | unix
MD5 | eac43c9d09766caa340bafe9fcd27985
Windows Manage User Level Persistent Payload Installer
Posted Feb 18, 2013
Authored by Brandon McCann, Thomas McCarthy | Site metasploit.com

This Metasploit module creates a scheduled task that will run using service-for-user (S4U). This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job' permissions (SeBatchLogonRight).

tags | exploit, local
MD5 | a7a616b5e463142dd063aace1753f8ae
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close