Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-04-02

PonyOS 0.4.99-mlp Privilege Escalation
Posted Apr 2, 2013
Authored by John Cartwright

PonyOS version 0.499-mlp suffers from privilege escalation due to the cat binary being executed with escalated privileges and file permissions do not work. It also has a kernel compromise vulnerability.

tags | exploit, kernel
MD5 | 764824edb2beaf75963031416c812baf
MongoDB nativeHelper.apply Remote Code Execution
Posted Apr 2, 2013
Authored by agix | Site metasploit.com

This Metasploit module exploits the nativeHelper feature from spiderMonkey which allows control over execution by calling it with specially crafted arguments. This Metasploit module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze.

tags | exploit
systems | linux, debian, ubuntu
advisories | CVE-2013-1892, OSVDB-91632
MD5 | 47f2650530e57cce115d8b1facd6121a
Linksys E1500/E2500 apply.cgi Remote Command Injection
Posted Apr 2, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.

tags | exploit, web
advisories | OSVDB-89912
MD5 | 2ae8a79d27ffe3ff179b763cc6ce015d
HP System Management Anonymous Access Code Execution
Posted Apr 2, 2013
Authored by agix | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution on HP System Management 7.1.1 and earlier. The vulnerability exists when handling the iprange parameter on a request against /proxy/DataValidation. In order to work HP System Management must be configured with Anonymous access enabled.

tags | exploit, remote, code execution
advisories | OSVDB-91812
MD5 | 6fa84fab4909f8cc3795b875b54516a7
Novell ZENworks Configuration Management Remote Execution
Posted Apr 2, 2013
Authored by James Burton, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Novell ZENworks Configuration Management 10 SP3 and 11 SP2. The vulnerability exists in the ZEnworks Control Center application, allowing an unauthenticated attacker to upload a malicious file outside of the TEMP directory and then make a second request that allows for arbitrary code execution. This Metasploit module has been tested successfully on Novell ZENworks Configuration Management 10 SP3 and 11 SP2 on Windows 2003 SP2 and SUSE Linux Enterprise Server 10 SP3.

tags | exploit, arbitrary, code execution
systems | linux, windows, suse
advisories | CVE-2013-1080, OSVDB-91627
MD5 | 6880855d26d4b493acfa080a98b99059
Ubuntu Security Notice USN-1785-1
Posted Apr 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1785-1 - It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1788, CVE-2013-1789, CVE-2013-1790
MD5 | 90d2c3a1a02d582c2d7c201103cfcb91
Ubuntu Security Notice USN-1784-1
Posted Apr 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1784-1 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-6139
MD5 | 4cfe3ca5b091149d7611d5004529cafb
360-FAAR Firewall Analysis Audit And Repair 0.4.1
Posted Apr 2, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds the 'mergelog' mode to merge binary log entries from one config with another and significantly updates the user interface. All configs can be loaded from the 'load' menu instead of specifying them on the command line. Added 'verbose' switches to 'print' and 'rr' modes so that screen output can be switched off, and all 'end.' key words have been changed to simply '.' to reduce the number of keystrokes needed. Entering '0' now adds all options and '.' chooses the default if available. The Netscreen output stage now uses a default zone if none are specified.
tags | tool, perl
systems | unix
MD5 | 6cd633d2ae458e7b2a4eb86f71699c9d
Red Hat Security Advisory 2013-0699-01
Posted Apr 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0699-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. A flaw was found in the way hashes were handled in certain queries. A remote attacker could use this flaw to perform a denial of service attack by sending specially-crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.

tags | advisory, remote, web, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-1854
MD5 | d90ad874451fe9488a39616681c80320
Red Hat Security Advisory 2013-0698-01
Posted Apr 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0698-01 - Ruby on Rails is a model–view–controller framework for web application development. Action Pack implements the controller and the view components. Two cross-site scripting flaws were found in rubygem-actionpack and ruby193-rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack or ruby193-rubygem-actionpack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2013-1855, CVE-2013-1857
MD5 | f7dcf3a3196c3faf7b45c2e9d9af00c7
Red Hat Security Advisory 2013-0697-01
Posted Apr 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0697-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Same Origin Wrappers were implemented in Thunderbird. Malicious content could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-0788, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800
MD5 | fbfa0b8d0f2f9a163840495db0450c50
Red Hat Security Advisory 2013-0696-01
Posted Apr 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0696-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Same Origin Wrappers were implemented in Firefox. A malicious site could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-0788, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800
MD5 | 7650e5131ae73f1d7c42c22f94c89610
Red Hat Security Advisory 2013-0695-01
Posted Apr 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0871
MD5 | 8e0b30bac6f6edf1f064371e2422f85d
WHMCS Grouppay 1.5 SQL Injection
Posted Apr 2, 2013
Authored by HJauditing Employee Tim

WHMCS Grouppay plugin versions 1.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 81b6fb124d463782a6f762fa2f2524ac
Virtual Access Monitor SQL Injection
Posted Apr 2, 2013
Authored by Ken Wolstencroft | Site nccgroup.com

NCC Group has discovered multiple SQL injection vulnerabilities in Virtual Access Monitor. Unfortunately, as usual, the NCC group are withholding any details for three months.

tags | advisory, vulnerability, sql injection
MD5 | 4a3f7f61027fb0e6bdc2965bee0d3e62
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    33 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close