exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

Files Date: 2013-04-24

GroundWork monarch_scan.cgi OS Command Injection
Posted Apr 24, 2013
Authored by Johannes Greil, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.

tags | exploit, remote, arbitrary, cgi, perl, code execution
systems | linux, ubuntu
advisories | OSVDB-91051
MD5 | e0748ad1d02bbc1b0c70db9e441df0dc
Cisco Security Advisory 20130424-nxosmulti
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. These products are affected by vulnerabilities such as buffer overflow and denial of service issues.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
MD5 | 1b54279f6b523d358c6bf1c77f87b29d
Cisco Security Advisory 20130424-ucsmulti
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Managed and standalone Cisco Unified Computing System (UCS) deployments contain various vulnerabilities such as authentication bypass, buffer overflow, and denial of service issues.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
MD5 | 6389c52dbc42ee8e987b709e9db2dce7
SAP NetWeaver Remote ABAP Code Injection
Posted Apr 24, 2013
Authored by Ertunga Arsal | Site esnc.de

A SAP NetWeaver vulnerability allows injection of ABAP code. In SAP security, this is the equivalent of getting an ultra-reliable ring 0 exploit which works through the network and never crashes. By exploiting this vulnerability an attacker can e.g. inject code which saves the passwords of all connecting SAP GUI users in a remote file, steal or change sensitive data such as HR salary information, execute bank transactions and transfer money, or simply plant an SAP backdoor for accessing the system later. The attacker can also manipulate or corrupt ABAP programs shipped by SAP and make the system inoperable.

tags | advisory, remote
advisories | CVE-2013-3243
MD5 | 6e1055bf21cf6b7e1a19fafb8017df15
Red Hat Security Advisory 2013-0771-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0771-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2013-1944
MD5 | ef4893d680b58efebd80d07d6c7e0bce
Red Hat Security Advisory 2013-0770-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0770-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431
MD5 | 3d6022d62cc62f5ebc2e6215e3207d66
Cisco Security Advisory 20130424-fmdm
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on a client host with the privileges of the user. This vulnerability affects Cisco Device Manager for the Cisco MDS 9000 Family and Cisco Nexus 5000 Series Switches when it is installed or launched via the Java Network Launch Protocol (JNLP) on a host running Microsoft Windows. Cisco Device Manager installed or launched from Cisco Prime Data Center Network Manager (DCNM) or Cisco Fabric Manager is not affected. This vulnerability can only be exploited if the JNLP file is executed on systems running Microsoft Windows. The vulnerability affects the confidentiality, integrity, and availability of the client host performing the installation or execution of Cisco Device Manager via JNLP file. There is no impact on the Cisco MDS 9000 Family or Cisco Nexus 5000 Series Switches. Cisco has released free software updates that address this vulnerability in the Cisco Device Manager for Cisco MDS 9000 Family Switches. Cisco Nexus 5000 Series Switches have discontinued the support of the Cisco Device Manager installation via JNLP and updates are not available. Workarounds that mitigate this vulnerability are available.

tags | advisory, java, remote, arbitrary, protocol
systems | cisco, windows
MD5 | 777bee516e6ae30b57cefd1a645c47a0
Red Hat Security Advisory 2013-0769-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0769-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2013-0242, CVE-2013-1914
MD5 | a1ea14576cb5a50317abe3fc0fa7840f
Cisco Linksys WRT310N 2.0.00 Denial Of Service
Posted Apr 24, 2013
Authored by Carl Benedict

Cisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
systems | cisco
MD5 | c3e934258a1e774852ae0a44ccf6d902
HP Security Bulletin HPSBHF02865 SSRT101158
Posted Apr 24, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02865 SSRT101158 - A potential vulnerability has been identified with certain HP ElitePad tablet PCs. The secure boot feature of the BIOS may not be enabled, allowing alternate operating systems to be booted in contradiction with the BIOS configuration. Secure Boot is a feature that, when enabled, prevents the system firmware from booting to unauthorized boot loaders, option ROMs and operating systems that can run in the pre-boot environment. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-5218
MD5 | 011e81878aef3abaaf5e6c2247a7ca1e
Hornbill Supportworks ITSM 1.0.0 SQL Injection
Posted Apr 24, 2013
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Hornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-2594
MD5 | a862138ccbce4d3ba11cb7a6b524031b
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close