exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2013-04-12

Nagios Remote Plugin Executor Arbitrary Command Execution
Posted Apr 12, 2013
Authored by Rudolph Pereir | Site metasploit.com

The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.

tags | exploit, remote, arbitrary
advisories | CVE-2013-1362, OSVDB-90582
SHA-256 | f33086fbee9f7124aeac1e79a41679cd8f0bbbf1e8197cf0cad44c79bd7aa876
HP Security Bulletin HPSBUX02864 SSRT101156
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02864 SSRT101156 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475
SHA-256 | 94d7052e1808f3cc5dffc4cea67d8ea2fa749b0c45b5bee62879235f94f05154
HP Security Bulletin HPSBUX02859 SSRT101144 2
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2009-0159, CVE-2009-3563
SHA-256 | 665670bd5973873632baa834e8dbf771524847c5e81a9fb7b9cd98878e0d98cd
Microsoft Security Bulletin Re-Release For April, 2013
Posted Apr 12, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for April, 2013.

tags | advisory
SHA-256 | ff3f2c0b7f350c54a3e95fb2f4d722aedb269b481fa85178d019257b8c7d8f79
Ruby Gem kelredd-pruview 0.3.8 Command Injection
Posted Apr 12, 2013
Authored by Larry W. Cashdollar

Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
SHA-256 | dd1b24534bc513df316ed360fb139f228b8988566fe55fe24f004ec934cc9308
ircd-hybrid 8.0.5 Denial Of Service
Posted Apr 12, 2013
Authored by Kingcope

ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.

tags | exploit, denial of service
systems | linux, centos
advisories | CVE-2013-0238
SHA-256 | 1ad9d4b2dbdf42d96561ba07e7956a32432227a3ff63dc81f94e3ce9afd25f47
Mandriva Linux Security Advisory 2013-136
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-136 - A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).

tags | advisory, overflow, shell
systems | linux, mandriva
advisories | CVE-2012-5854, CVE-2012-5534
SHA-256 | c9195b3910f07ceccfadb0fdbba608fed8688c11391191f1397e836c44551d20
Mandriva Linux Security Advisory 2013-134
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-134 - Updated viewvc packages fix security vulnerabilities. Several other bugs were fixed as well.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-4533, CVE-2012-4533, CVE-2012-3356, CVE-2012-3357
SHA-256 | 47e40b9e1d60e4166d005a6238f3f61b1293cb5260e9b55e75c718861f662289
Mandriva Linux Security Advisory 2013-142
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 97ef8bcb916420d4415444226f145e62867a5c2ca8b49fbfaeb4914d3e2495a2
Mandriva Linux Security Advisory 2013-141
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-141 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6139
SHA-256 | ba105617f9b49c067580043638d41bca274e6de4874426e2495d3f721335ce2e
Red Hat Security Advisory 2013-0737-01
Posted Apr 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0737-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849
SHA-256 | bf0ca63e524790367e96c86fc60ab52802e57e9de51c4c02705bbc4e7bc38d78
Mac OS X 10.8.3 ftpd Remote Resource Exhaustion
Posted Apr 12, 2013
Authored by Maksymilian Arciemowicz

ftpd on Mac OS X 10.8.3 suffers from a denial of service vulnerability. This appears to be an old vulnerability that has not been properly addressed.

tags | advisory, denial of service
systems | apple, osx
advisories | CVE-2010-2632, CVE-2011-0418
SHA-256 | 13b77811aa62fba78277a75249e3609cc4a3861977ccbcd966b983a25d221503
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close