exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2013-04-12

Nagios Remote Plugin Executor Arbitrary Command Execution
Posted Apr 12, 2013
Authored by Rudolph Pereir | Site metasploit.com

The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.

tags | exploit, remote, arbitrary
advisories | CVE-2013-1362, OSVDB-90582
SHA-256 | f33086fbee9f7124aeac1e79a41679cd8f0bbbf1e8197cf0cad44c79bd7aa876
HP Security Bulletin HPSBUX02864 SSRT101156
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02864 SSRT101156 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475
SHA-256 | 94d7052e1808f3cc5dffc4cea67d8ea2fa749b0c45b5bee62879235f94f05154
HP Security Bulletin HPSBUX02859 SSRT101144 2
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2009-0159, CVE-2009-3563
SHA-256 | 665670bd5973873632baa834e8dbf771524847c5e81a9fb7b9cd98878e0d98cd
Microsoft Security Bulletin Re-Release For April, 2013
Posted Apr 12, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for April, 2013.

tags | advisory
SHA-256 | ff3f2c0b7f350c54a3e95fb2f4d722aedb269b481fa85178d019257b8c7d8f79
Ruby Gem kelredd-pruview 0.3.8 Command Injection
Posted Apr 12, 2013
Authored by Larry W. Cashdollar

Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
SHA-256 | dd1b24534bc513df316ed360fb139f228b8988566fe55fe24f004ec934cc9308
ircd-hybrid 8.0.5 Denial Of Service
Posted Apr 12, 2013
Authored by Kingcope

ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.

tags | exploit, denial of service
systems | linux, centos
advisories | CVE-2013-0238
SHA-256 | 1ad9d4b2dbdf42d96561ba07e7956a32432227a3ff63dc81f94e3ce9afd25f47
Mandriva Linux Security Advisory 2013-136
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-136 - A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).

tags | advisory, overflow, shell
systems | linux, mandriva
advisories | CVE-2012-5854, CVE-2012-5534
SHA-256 | c9195b3910f07ceccfadb0fdbba608fed8688c11391191f1397e836c44551d20
Mandriva Linux Security Advisory 2013-134
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-134 - Updated viewvc packages fix security vulnerabilities. Several other bugs were fixed as well.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-4533, CVE-2012-4533, CVE-2012-3356, CVE-2012-3357
SHA-256 | 47e40b9e1d60e4166d005a6238f3f61b1293cb5260e9b55e75c718861f662289
Mandriva Linux Security Advisory 2013-142
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 97ef8bcb916420d4415444226f145e62867a5c2ca8b49fbfaeb4914d3e2495a2
Mandriva Linux Security Advisory 2013-141
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-141 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6139
SHA-256 | ba105617f9b49c067580043638d41bca274e6de4874426e2495d3f721335ce2e
Red Hat Security Advisory 2013-0737-01
Posted Apr 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0737-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849
SHA-256 | bf0ca63e524790367e96c86fc60ab52802e57e9de51c4c02705bbc4e7bc38d78
Mac OS X 10.8.3 ftpd Remote Resource Exhaustion
Posted Apr 12, 2013
Authored by Maksymilian Arciemowicz

ftpd on Mac OS X 10.8.3 suffers from a denial of service vulnerability. This appears to be an old vulnerability that has not been properly addressed.

tags | advisory, denial of service
systems | apple, osx
advisories | CVE-2010-2632, CVE-2011-0418
SHA-256 | 13b77811aa62fba78277a75249e3609cc4a3861977ccbcd966b983a25d221503
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    2 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close