exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-04-04

Groovy Media Player 3.2.0 Buffer Overflow
Posted Apr 4, 2013
Authored by Akshaysinh Vaghela

Groovy Media Player version 3.2.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2013-2760
SHA-256 | 154fba6d11b45be152dff83491133c68afd025c1107e9ca14a9bf8a9782ae56b
Debian Security Advisory 2658-1
Posted Apr 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2658-1 - Several vulnerabilities were discovered in PostgreSQL database server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 3978a0cac2022d000f6bf2e713a064deb97d8cba9cb799e9a58b9600000c7d1d
Debian Security Advisory 2657-1
Posted Apr 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2657-1 - A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess.

tags | advisory
systems | linux, debian
advisories | CVE-2013-1900
SHA-256 | c08c5177305edfd149a1e4521276e58636169330d00a081a0deb39b58320f73b
Ubuntu Security Notice USN-1789-1
Posted Apr 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1789-1 - Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. Marko Kreen discovered that PostgreSQL incorrectly generated random numbers. An authenticated attacker could use this flaw to possibly guess another database user's random numbers. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 3d54aa2573b486a74e8e765aa5c214a84ca4b6d865a5fa2f6fb3b3ebae1f2343
Censorship Professional 4 2.1.7 XSS / SQL Injection
Posted Apr 4, 2013
Authored by M. Heinzl | Site sec-consult.com

Censorship Professional version 4 2.1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | eca09f06d856a2acf71f66a9d6bcb8247e827537969b963b1cad45744838ac15
GreHack 2013 Call For Papers
Posted Apr 4, 2013
Site easychair.org

The GreHack 2013 Call For Papers has been announced. This symposium will gather researchers and practitioners from academia, industry, and government to discuss new advances in computer and information security research. It will be held in Grenoble, France on November 15th, 2013.

tags | paper, conference
SHA-256 | b49982433fbc137da04862cc7779ef0533a9be7622dd62ab33ada640294d4ea4
Novell GroupWise Untrusted Pointer Dereference Exploitation
Posted Apr 4, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

In November, 2012, High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April, 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.

tags | paper, arbitrary, vulnerability
advisories | CVE-2013-0804
SHA-256 | 247383f376ee16946d9314eb4cb430f00045438e994129e80eb43797b132b877
Mandriva Linux Security Advisory 2013-015-1
Posted Apr 4, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-015 - Multiple vulnerabilities has been found and corrected in apache Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. XSS in mod_proxy_balancer manager interface. Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3499, CVE-2012-4558
SHA-256 | 4ae24fb76f8afce328627b627a999255f95bafed86cfe2ebeb29ccb535f831e8
Radio CMS 2.2 SQL Injection
Posted Apr 4, 2013
Authored by Rooster(XEKA)

Radio CMS version 2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 02c24c7ecb1e5eceba6a2e68fc15744da7ea2221c2ce96e58ff37befd3a20ed9
Netgear DGN1000B setup.cgi Remote Command Execution
Posted Apr 4, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Netgear Routers are vulnerable to authenticated OS Command injection. The vulnerability exists in the web interface, specifically in the setup.cgi component, when handling the TimeToLive parameter. Default credentials are always a good starting point, admin/admin or admin/password could be a first try. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.

tags | exploit, web, cgi
advisories | OSVDB-89985
SHA-256 | 623ce5343f36444ea84dd10286be202aa0da4fc1e9e606d5ba8d7544d69fb889
Ubuntu Security Notice USN-1788-1
Posted Apr 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1788-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to bypass ASLR (Address Space Layout Randomization). A local user could use this flaw to bypass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discovered in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792
SHA-256 | 9ecaa69d02aa8fe1fd206acd5b92e9d14713d1eb09058fe070ae2ff8bf252c55
Debian Security Advisory 2654-1
Posted Apr 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2654-1 - Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted xsl stylesheets.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-6139
SHA-256 | 611157f1fa62bc46d42ca04002b65750af6dd9323d8ab9fa358a4a37f6eecc4f
Drupal Chaos Tool Suite 7.x Access Bypass
Posted Apr 4, 2013
Authored by Greg Knaddison, Cash Williams | Site drupal.org

Drupal Chaos Tool Suite third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | b55ff80ca58f0d120f56f06f4a262eb5548b3897bb9bc8ff17362d457d56ecb6
Drupal Commerce Skrill 7.x Access Bypass
Posted Apr 4, 2013
Authored by Julien Dubreuil | Site drupal.org

Drupal Commerce Skrill third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | ec174f0492c5a015b555846c86533724f65b5e2be1be13156ba135d28cae6b53
Hackersh 0.1.0
Posted Apr 4, 2013
Authored by Itzik Kotler | Site hackersh.org

Hackersh ("Hacker Shell") is a free and open source shell (command interpreter) written in Python with built-in security commands, and out-of-the-box wrappers for various security tools, using Pythonect as its scripting engine. Pythonect is a new, experimental, general-purpose high-level dataflow programming language based on Python. It aims to combine the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python.

tags | tool, shell, rootkit, python
systems | unix
SHA-256 | c188aaa57fe58d3d722bde76e26f37d182dad24c2a123c3691f08b71d8849d85
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close