exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-12

Apache Rave User Exposure
Posted Mar 12, 2013
Authored by Andreas Guth

Apache Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to authenticated users, but will return all User objects in the database given the correct query. Versions 0.11 through 0.20 are affected.

tags | exploit
advisories | CVE-2013-1814
SHA-256 | 0fc0f4d0dcf747beda3059f5ac91c70414ea7169915d9f52f748260badb8a8b5
Red Hat Security Advisory 2013-0642-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0642-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 8b1a9a0a45fdfe4c64610be5ad885aee3d8fb232a6d0d9d295fec37d5897026c
Red Hat Security Advisory 2013-0641-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0641-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | b17c7b1cb9a4d920da3ae282a1a0a4dcaa4e87162000e5cecc06cb5efd96155a
Red Hat Security Advisory 2013-0638-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0638-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory traversal attack by passing malformed requests. A timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-0262, CVE-2013-0263, CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330, CVE-2013-0331
SHA-256 | 9e045bd47adb6a86f07fa92b8a517a7d9b9f762d12aa827a569c54656f19000b
Red Hat Security Advisory 2013-0640-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0640-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 707dc36d38095c8b6cacd272f8441c2226c2e3525ae91d72066a9d89daf6981b
Red Hat Security Advisory 2013-0639-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0639-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | bed4ca2ffa58ff464b22fe9153408f7383ab7e71c51b9b0765bcd70a4711c44c
Red Hat Security Advisory 2013-0630-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0630-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the xen_iret() function in the Linux kernel used the DS register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0228, CVE-2013-0268
SHA-256 | 6fa1613bf864c4c725e20dda548b31d5d8bb3ea21a89fe76b531167d82f4f709
ChronIC RF Hacking Tool
Posted Mar 12, 2013
Authored by Adam Laurie

ChronIC is the Chronos Integrated Commander, a wearable Sub-GHz RF hacking tool. Written in python.

tags | tool, python, wireless
SHA-256 | 2e5b1a404052563be569b4eb937c43f4f60865492e6ff788e324c1240648695d
OpenSSL-Based Signcode Utility 1.5.1
Posted Mar 12, 2013
Authored by mfive | Site sourceforge.net

OpenSSL-based signcode utility is used for Authenticode signing of EXE/CAB files. It also supports timestamping.

Changes: This release added support for signing MSI files. The correct PE checksum is now calculated instead of setting it to 0. Support for RFC3161 timestamping was added (-ts option) along with support for extracting, removing, and verifying signatures of PE files. A problem with not being able to decode timestamps with no newlines was fixed. Support for reading keys from PVK files was added (requires OpenSSL 1.0.0 or later). Certificates can now be read from PEM files. The -spc option was renamed to -certs (the old option name is still valid).
tags | tool, encryption
systems | unix
SHA-256 | 9d9235d45c7de9b9459a45e0307fa17da99ef289db3cc5f4623a4d171edcc29c
Web Cookbook SQL Injection
Posted Mar 12, 2013
Authored by Saadat Ullah

Web Cookbook suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | 74eb1ad64b0bce3e3791e0693f15a1c7c3d96dee667109bbba5c77d600b03146
TagScanner 5.1 Buffer Overflow
Posted Mar 12, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Yandex xdLab TagScanner version 5.1 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | e693f08c846eafa2d28e63c5d1b289cee7c19b70f6f1ed43ea8bdba4743dc36a
PayPal Portable Store Front Cross Site Scripting
Posted Mar 12, 2013
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

The PayPal Portable Store Front widget suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7300da6ef827e8502849d57a847fcb00022ac5b9910f43357bb2e9aaeeb37ec2
Microsoft Security Bulletin Summary For March, 2013
Posted Mar 12, 2013
Site microsoft.com

This bulletin summary lists 7 released Microsoft security bulletins for March, 2013.

tags | advisory
SHA-256 | 3be2df7adb70e29f12bc6356bcd2b838ca3dbb780481f4fdca1c712e50238e41
Microsoft Security Bulletin Re-Release For March, 2013
Posted Mar 12, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for March, 2013.

tags | advisory
SHA-256 | 0fb44f018f32ce5eae050121d89558a4795495ff42ba8cc3a548947cc5d1e1c8
ASUS RT-N66U Hidden Share
Posted Mar 12, 2013
Authored by Sec

The ASUS RT-N66U suffers from a hidden root$ Samba share and a MiniUPnP listening on the WAN interface. It also has an out of date kernel and multiple old libraries in use.

tags | advisory, kernel, root
SHA-256 | 1612183344436e02a4e558842cc13f4e0957fe902f9f0cbc29c1e64699d5cab2
Cam2pc 4.6.2 Integer Overflow
Posted Mar 12, 2013
Authored by coolkaveh

Cam2pc version 4.6.2 Freeware suffers from a BMP image processing integer overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | b1cf810934a520037613b1ade4af79ae169021363455268874990d40afa27bb8
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close