exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2013-03-15

Polycom H.323 Format String
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit
SHA-256 | 8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3b
Polycom H.323 CDR Database SQL Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, remote, sql injection
SHA-256 | c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923
Polycom Firmware Update Command Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, web, arbitrary
systems | linux
SHA-256 | eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492
DaloRadius CSRF / XSS / SQL Injection
Posted Mar 15, 2013
Authored by Saadat Ullah

DaloRadius suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | dac44b7efab3b59bb2bece48236156df6cdf384dff8f1629a610c458be0fe847
EverFocus EPARA264-16X1 Directory Traversal
Posted Mar 15, 2013
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80. Firmware version 1.0.2 is affected.

tags | advisory, remote, web, arbitrary, root
SHA-256 | 9498ec7c2d7d5276591c2ebc8509ab56201a5acf174aead7063bf8fe2488c95c
Skype Click To Call 6.2.0.106 Privilege Escalation
Posted Mar 15, 2013
Authored by otr

The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.

tags | exploit, arbitrary, local
SHA-256 | d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0f
Polycom HDX Privilege Escalation
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, shell, root
SHA-256 | 162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606be
Debian Security Advisory 2648-1
Posted Mar 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2648-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-5529, CVE-2013-2492
SHA-256 | 3fc375a47b826db087cce2564e87b9c320aab1c05447a531e7f739a3bf803897
Debian Security Advisory 2647-1
Posted Mar 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2647-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-2492
SHA-256 | d47fae449bdaf311c4618b1ae36fe78802d600ce4163213705762394cfc40e0f
Dumpzilla Forensic FIrefox Tool
Posted Mar 15, 2013
Authored by Busindre | Site dumpzilla.org

Dumpzilla extracts all forensically interesting information from Firefox, Iceweasel and Seamonkey browsers. Written in Python.

tags | tool, python, forensics
SHA-256 | 65a9d9d995e274d497b0bd3c11c2720735a0a5e970ce551bfa3eff7cec43ee9c
Apple Security Advisory 2013-03-14-2
Posted Mar 15, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-03-14-2 - Safari 6.0.3 is now available and addresses multiple security issues. These fixes address memory corruption issues and cross site scripting.

tags | advisory, xss
systems | apple
advisories | CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0962
SHA-256 | e8fb3bcee240bccc74fd00148304720bad83d31d8a9f970f1f2b7ebd82d86810
Apple Security Advisory 2013-03-14-1
Posted Mar 15, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-03-14-1 - OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.

tags | advisory, overflow, vulnerability
systems | apple, osx
advisories | CVE-2011-3058, CVE-2012-2088, CVE-2012-3488, CVE-2012-3489, CVE-2012-3525, CVE-2012-3749, CVE-2012-3756, CVE-2013-0156, CVE-2013-0333, CVE-2013-0963, CVE-2013-0966, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976
SHA-256 | 1e8f51ffad32ee5ec0c6272e89d6a3912ef63b3f493ec6bce9c955e8f09dc3f6
Clam AntiVirus Toolkit 0.97.7
Posted Mar 15, 2013
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This is a bugfix release.
tags | virus
systems | unix
SHA-256 | 8527754e7eb235317e37a50706d94d3fc9d880fd0bf6f3cb83757d64a720e9ff
OpenPLI Webif Arbitrary Command Execution
Posted Mar 15, 2013
Authored by Michael Messner | Site metasploit.com

Some Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).

tags | exploit, web, kernel
systems | linux
advisories | OSVDB-90230
SHA-256 | 08146370ff7e87193e0ac650501ba578d139728fdb5da79083867c3d68983b6c
WordPress LeagueManager 3.8 SQL Injection
Posted Mar 15, 2013
Authored by Joshua Reynolds | Site infosec4breakfast.com

WordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.

tags | exploit, remote, sql injection
advisories | CVE-2013-1852
SHA-256 | a3e13cf6b95a3336ab25ac8195f16b3844e2f53413a7db2fbea7d99a9a980665
Petite Annonce 1 Cross Site Scripting
Posted Mar 15, 2013
Authored by Metropolis

Petite Annonce version 1 suffers from a cross site scripting vulnerability in moteur-prix.php.

tags | exploit, php, xss
SHA-256 | 4d7c27491eec42b373a976e3e8c93b8036534ebe80480c62b3a9c04bc029abf3
Slackware Security Advisory - seamonkey Updates
Posted Mar 15, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
SHA-256 | 80bbc6d84cb40341c297e1e014e7810347e1070ca8f87dcb025b3c74358b6a88
Slackware Security Advisory - perl Updates
Posted Mar 15, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-1667.

tags | advisory, perl
systems | linux, slackware
advisories | CVE-2013-1667
SHA-256 | 61afc6e373cc8a2593e5f9cf519ab0b62c9ed5882774a848c94de205325acb57
Ubuntu Security Notice USN-1763-2
Posted Mar 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1763-2 - USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
SHA-256 | 14c2109289cf639924ee155649aaf99f56995b1e908629a630645e7226d2101b
Ubuntu Security Notice USN-1763-1
Posted Mar 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1763-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2013-1620
SHA-256 | 0169b782ecce9f3cb1ee538627164630ed963e7b52a23bd3d0008dc583acfa40
Red Hat Security Advisory 2013-0649-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0649-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5055, CVE-2012-5633, CVE-2013-0239
SHA-256 | 25b335c51975b777b1647472a9f39f2461c65c9b63d4d975008ba45dbcefdb56
Red Hat Security Advisory 2013-0647-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0647-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.

tags | advisory, java, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | cae7f2723e72a831376fbdd1d9a7180b3d68ef9063766a4141634d2342c6f76a
Red Hat Security Advisory 2013-0648-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0648-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.

tags | advisory, java, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 622d29c2160f22699e5b7c9c65fa1deed1df2ed503b5aef7ffd26ac8ce417669
Red Hat Security Advisory 2013-0646-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.

tags | advisory, remote, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
SHA-256 | b3c19a4366ad523734159f85e06904742d756e830065660510bfdc31ede59ef8
Ubuntu Security Notice USN-1764-1
Posted Mar 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1764-1 - Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator's Swift and/or S3 credentials via the response headers when requesting a cached image.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1840
SHA-256 | 5f7ca5e0136683964cdafe38aa284436d2548ccb00bf399c52adc234b66f7bd6
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close