exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-05-02

EMC NetWorker 8.0.1.3 / 7.6.5.2 Privilege Escalation
Posted May 2, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could result in elevation of privileges by an unauthorized user who has access to a local file system.

tags | advisory, local
advisories | CVE-2013-0940
SHA-256 | 21da0d56fc3b459c3fa2d684fcf9ac54f5b7a89e341c5dd97585db7581f7a7d0
EMC Avamar Client Improper Certificate Validation
Posted May 2, 2013
Site emc.com

When the server to client certificate-based authentication is configured, the EMC Avamar Client does not correctly validate the values in the Common Name (CN) and Subject Alternative Name (SAN) field of the Avamar Server certificate. This could potentially allow spoofing attacks. Versions 6.x and below are affected.

tags | advisory, spoof
advisories | CVE-2013-0945
SHA-256 | 61fee8be51b3f53990f46d2a359d8c0c700dc535d88c28590e9315c215016a62
Debian Security Advisory 2664-1
Posted May 2, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2664-1 - Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication ("protocolAuthentication = NTLM") together with the 'connect' protocol method ("protocol = connect"). With these prerequisites and using stunnel4 in SSL client mode ("client = yes") on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, debian
advisories | CVE-2013-1762
SHA-256 | 0be7b3b1982000f18ee3f8dbafa2d404fa383f45824d8da98d0caa83970bc7d4
Red Hat Security Advisory 2013-0784-01
Posted May 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0784-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.1 will be retired on May 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.1 EUS after that date. In addition, after May 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers with subscriptions to the Extended Update Support channels for Red Hat Enterprise Linux 6.1.

tags | advisory
systems | linux, redhat
SHA-256 | 5c4ff175df4244b0bc493bca05eff5267963a25598287aeb523c16895e62dc27
EMC Avamar Improper Authorization
Posted May 2, 2013
Site emc.com

A vulnerability in the EMC Avamar web based file restore interface could potentially be exploited by a malicious user to access unauthorized files via URL manipulation.

tags | advisory, web
advisories | CVE-2013-0944
SHA-256 | 56dd170b8779011adb569379bb521510fc1abe54526340b3f07db8d83fae1865
Ubuntu Security Notice USN-1814-1
Posted May 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1814-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
SHA-256 | f190a7e65629b41a85f0c9413fd7ff9f3b06f8eff81bc396954d9283c0bdaee7
WordPress Advanced XML Reader 0.3.4 XXE Injection
Posted May 2, 2013
Authored by system_meltdown

WordPress Advanced XML Reader plugin version 0.3.4 suffers from a XXE (XML eXternal Entity) injection vulnerability.

tags | exploit, xxe
SHA-256 | 8f00f9b3232481b2651bd135bbb4cc1f273adbf09d9d0da522f46d08d53f898b
D-Link DNS-323 File Upload / Traversal / Command Execution
Posted May 2, 2013
Authored by sghctoma

D-Link DNS-323 suffers from remote arbitrary file upload, directory traversal, and command execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
SHA-256 | 73e321a17a925589691872d4a616ae300aabc4641e22fad215bbb2024c010d77
Ubuntu Security Notice USN-1813-1
Posted May 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1813-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
SHA-256 | 7368544c5098614eb7828d10406f265200161e116ca06333c37dd23d862edf27
Ubuntu Security Notice USN-1815-1
Posted May 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1815-1 - Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. Andy Lutomirski discovered a privilege escalation in the Linux kernel's user namespaces. A local user could exploit the flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-1979, CVE-2013-1959, CVE-2013-1959, CVE-2013-1979
SHA-256 | d7e3f35ae144f5755ed1c27567bd8f421a30bbc3f32a069ad759830fde991224
Oracle Database 11g NULL Pointer
Posted May 2, 2013
Authored by Andy Davis | Site nccgroup.com

Oracle Database 11g suffers from a null pointer denial of service vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.

tags | advisory, denial of service
SHA-256 | 7366e77f697aca2ecdba7bfb457e1fe1dfc05c93aea874d256f1f2686baea2f7
Oracle Database 11g Denial Of Service
Posted May 2, 2013
Authored by Andy Davis | Site nccgroup.com

Oracle Database 11g suffers from a denial of service vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.

tags | advisory, denial of service
SHA-256 | 60d5de1a200f206f295e52a01fff891d50942ff110a36d295495ac71804abc8b
Oracle Retail Integration Bus 13.x Directory Traversal
Posted May 2, 2013
Authored by Andrew Davies | Site nccgroup.com

Oracle Retail Integration Bus versions 13.0, 13.1, and 13.2 suffer from a directory traversal vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.

tags | advisory
SHA-256 | 6f8a1120d684841ffb90bdd49168f11bb340737bbffc7f5797135391c8ec0273
Oracle Retail Central Office 13.x SQL Injection
Posted May 2, 2013
Authored by Andrew Davies | Site nccgroup.com

Oracle Retail Central Office versions 13.1, 13.2, 13.3, and 13.4 suffer from a remote SQL injection vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.

tags | advisory, remote, sql injection
SHA-256 | 2c7f0ba82ee179931a11ce83af0f1a97529fbc3be8c23d3c8637508876d2767a
Beat Websites 1.5 SQL Injection
Posted May 2, 2013
Authored by Ashiyane Digital Security Team

Beat Websites version 1.5 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, sql injection
SHA-256 | 714331b1b42de4cf2cee24fb227a4e19dde980c09f152c2ef53bc58c1d6e51a6
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close