accept no compromises
Showing 1 - 25 of 28 RSS Feed

Files Date: 2013-03-15

Polycom H.323 Format String
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit
MD5 | 82cee5e048b366f54e01ea138b832c5f
Polycom H.323 CDR Database SQL Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, remote, sql injection
MD5 | a9ff175c5d8fd390b0ea42876e77f8fc
Polycom Firmware Update Command Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, web, arbitrary
systems | linux
MD5 | 803d9a0a819db5b9c1ffdcd50fbc5709
DaloRadius CSRF / XSS / SQL Injection
Posted Mar 15, 2013
Authored by Saadat Ullah

DaloRadius suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 568fb023e34ad8b46c47d7df2e5fa3e0
EverFocus EPARA264-16X1 Directory Traversal
Posted Mar 15, 2013
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80. Firmware version 1.0.2 is affected.

tags | advisory, remote, web, arbitrary, root
MD5 | 49c790c1495dfb75129d02b5ba76d7d6
Skype Click To Call 6.2.0.106 Privilege Escalation
Posted Mar 15, 2013
Authored by otr

The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.

tags | exploit, arbitrary, local
MD5 | 055c60e073d61d0482f6809170314451
Polycom HDX Privilege Escalation
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, shell, root
MD5 | b418d46114e029b32623d7143b40219b
Debian Security Advisory 2648-1
Posted Mar 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2648-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-5529, CVE-2013-2492
MD5 | 6a4afafe37c901ae4f3042ee86649f97
Debian Security Advisory 2647-1
Posted Mar 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2647-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-2492
MD5 | d94c50531c56f48b26738314e8da5a63
Dumpzilla Forensic FIrefox Tool
Posted Mar 15, 2013
Authored by Busindre | Site dumpzilla.org

Dumpzilla extracts all forensically interesting information from Firefox, Iceweasel and Seamonkey browsers. Written in Python.

tags | tool, python, forensics
MD5 | 67c648ba81cfe71f1adaf1a9df56ee3c
Apple Security Advisory 2013-03-14-2
Posted Mar 15, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-03-14-2 - Safari 6.0.3 is now available and addresses multiple security issues. These fixes address memory corruption issues and cross site scripting.

tags | advisory, xss
systems | apple
advisories | CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0962
MD5 | c7e8f332678f62e0e7cdd1a535a7e862
Apple Security Advisory 2013-03-14-1
Posted Mar 15, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-03-14-1 - OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.

tags | advisory, overflow, vulnerability
systems | apple, osx
advisories | CVE-2011-3058, CVE-2012-2088, CVE-2012-3488, CVE-2012-3489, CVE-2012-3525, CVE-2012-3749, CVE-2012-3756, CVE-2013-0156, CVE-2013-0333, CVE-2013-0963, CVE-2013-0966, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0973, CVE-2013-0976
MD5 | 8f7aec77733511ca193a5742f3a75d2c
Clam AntiVirus Toolkit 0.97.7
Posted Mar 15, 2013
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This is a bugfix release.
tags | virus
systems | unix
MD5 | c6e6e333d8c9bd3785cbc6ec296c146f
OpenPLI Webif Arbitrary Command Execution
Posted Mar 15, 2013
Authored by Michael Messner | Site metasploit.com

Some Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).

tags | exploit, web, kernel
systems | linux
advisories | OSVDB-90230
MD5 | 202fc7203f1db0d18599576d3f4a9e4c
WordPress LeagueManager 3.8 SQL Injection
Posted Mar 15, 2013
Authored by Joshua Reynolds | Site infosec4breakfast.com

WordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.

tags | exploit, remote, sql injection
advisories | CVE-2013-1852
MD5 | 482d98f460f251d5f3a553a878f966df
Petite Annonce 1 Cross Site Scripting
Posted Mar 15, 2013
Authored by Metropolis

Petite Annonce version 1 suffers from a cross site scripting vulnerability in moteur-prix.php.

tags | exploit, php, xss
MD5 | 1d869b1882c57c31de6791bf7208fbb9
Slackware Security Advisory - seamonkey Updates
Posted Mar 15, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
MD5 | 1fb3ae9a570f9b344bf8f86666c091e5
Slackware Security Advisory - perl Updates
Posted Mar 15, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-1667.

tags | advisory, perl
systems | linux, slackware
advisories | CVE-2013-1667
MD5 | 0c79546744d2e31b435ae0e3a9cda791
Ubuntu Security Notice USN-1763-2
Posted Mar 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1763-2 - USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
MD5 | 449378898cb1d9d9bd2bac56524d0182
Ubuntu Security Notice USN-1763-1
Posted Mar 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1763-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2013-1620
MD5 | 0b3ad1ad66f861c0afa7d5e5488ce3eb
Red Hat Security Advisory 2013-0649-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0649-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5055, CVE-2012-5633, CVE-2013-0239
MD5 | 7b9de9c7845d10ba791bb3c404c63874
Red Hat Security Advisory 2013-0647-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0647-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.

tags | advisory, java, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | af049372b4a87f7ce4f559793c19765c
Red Hat Security Advisory 2013-0648-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0648-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.

tags | advisory, java, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | 590779a0e7ed28f7732d2a7616242b3f
Red Hat Security Advisory 2013-0646-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.

tags | advisory, remote, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
MD5 | e611c01b47ac955386507cad94ae3594
Ubuntu Security Notice USN-1764-1
Posted Mar 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1764-1 - Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator's Swift and/or S3 credentials via the response headers when requesting a cached image.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1840
MD5 | 95dcc1650b33da110860c92c1d0bc229
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close