what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-02-25

Apache Maven 3.0.4 Insecure SSL Mode
Posted Feb 25, 2013
Authored by Graham Leggett

Apache Maven version 3.0.4 (with Apache Maven Wagon version 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.

tags | advisory
advisories | CVE-2013-0253
SHA-256 | 54b8a3c9c72b613700cbc8a0df15bda1fc8bf0236fd7a3b9243695817a44ea7f
Kordil EDMS 2.2.60rc3 Arbitrary File Upload
Posted Feb 25, 2013
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in Kordil EDMS version 2.2.60rc3. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the '/kordil_edms/userpictures/' directory.

tags | exploit, arbitrary
SHA-256 | c33960b0a5838ddb0853afe03218b7db5ca3b95debdf3a837b3c39d718e797fc
PolarPearCms PHP File Upload
Posted Feb 25, 2013
Authored by Fady Mohamed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in PolarPear CMS. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution, file upload
advisories | CVE-2013-0803
SHA-256 | d370b8ce0ea599ae7baa968d4166c255fd933b5c56eb77c490c0d1b8f597ef28
CONFidence 2013 Call For Papers
Posted Feb 25, 2013
Site 2013.confidence.org.pl

CONFidence 2013 Call For Papers - This conference will take place from May 28th through the 29th, 2013 in Krakow, Poland.

tags | paper, conference
SHA-256 | c86a9dd23da0a4c48dac0e9bc8e4dc21c42a5762f7246b4015319678b8fc30ac
MTP Poll 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Poll version 1.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fd4383d0770c3c6af8f72b9815aae12605343398154a01d43ae44636bef6dc5d
MTP Guestbook 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Guestbook version 1.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 529efdafea4eb48f880aaa208c6bdf7dfbfaa5fd4e980cf47f3d7c5e2a66616e
MTP Image Gallery 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Image Gallery version 1.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 61c1d4858ce3e719e8413ba6347af8e914ac284cf57610d197eed9aef84f1294
Debian Security Advisory 2631-1
Posted Feb 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2631-1 - Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi.

tags | advisory, web, denial of service, cgi, memory leak
systems | linux, debian
advisories | CVE-2012-5643, CVE-2013-0189
SHA-256 | 62ad006b2455956a38e0d73d9d4610a63b827cbb6ef605de9084d4d383314ac6
Java Applet JMX Remote Code Execution
Posted Feb 25, 2013
Authored by Adam Gowdiak, juan vazquez, SecurityObscurity | Site metasploit.com

This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

tags | exploit, java, arbitrary
advisories | CVE-2013-0431, OSVDB-89613
SHA-256 | 0abc5276937c182f0640b79c2c4ed49a2a0bde2a1aa762e63cc17c0ddad5fe4f
phpMyRecipes 1.2.2 Cross Site Scripting
Posted Feb 25, 2013
Authored by PDS

phpMyRecipes version 1.2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9ee74a35b8f01ce1962bdb0304e813e3d1601e6030bd495015c297cb735c1093
WiFilet 1.2 CSRF / LFI / Shell Upload
Posted Feb 25, 2013
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

WiFilet version 1.2 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, csrf
SHA-256 | 9e42d3706a2f92089013ffd59637c2acb3ac7fa9a20c41a3158d9e48b2f1c6c3
Mandriva Linux Security Advisory 2013-014
Posted Feb 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-014 - Multiple security issues were identified and fixed in OpenJDK. MBeanServer access restrictions were added, improved TLS handling of invalid messages, and more.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-0169, CVE-2013-1486, CVE-2013-1487
SHA-256 | 8ac40eb4b2ce07209ddf331559853b548ca985e61c74804dcf0ddfa8c2e80994
Ubuntu Security Notice USN-1746-1
Posted Feb 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1746-1 - Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274, CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
SHA-256 | cab8da5f6e98651feb98f652311a38e0a1209f3942cdce9adda737ce25ba333d
Ubuntu Security Notice USN-1747-1
Posted Feb 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1747-1 - It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2012-6129
SHA-256 | f1a5e333f4463410577bb016b2bae709778d942ed9697ed337f84b18fede5cea
Java SE 7 Update 15 Sandbox Bypass
Posted Feb 25, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered two new security issues in Java SE 7 Update 15.

tags | advisory, java
SHA-256 | 6e34dc4dfaf21577b6c54c34aa6c280cdca75c13e6e64bafe3d587b41b47e888
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close