what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-05-07

ERS Viewer 2011 ERS File Handling Buffer Overflow
Posted May 7, 2013
Authored by Parvez Anwar, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2011 (version 11.04). The vulnerability exists in the module ermapper_u.dll where the function ERM_convert_to_correct_webpath handles user provided data in an insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-0726, OSVDB-92694
SHA-256 | f08aa677e4bbe773f77b4590e3bc7bcc07a3ecbc53b0cb2b1479169e8de33890
Ubuntu Security Notice USN-1818-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1818-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5129
SHA-256 | 38775ad65561b8e9952676b2969324dd8dc108776108aa64484152db56334ce4
Ubuntu Security Notice USN-1817-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1817-1 - It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1969
SHA-256 | 0b02e32ba8a9f56c87f13a8dbb3a6852a0c7074c596b429f676116c90977ea2d
Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion
Posted May 7, 2013
Authored by sqlhacker

Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
systems | cisco
advisories | CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684
SHA-256 | 59820449af959f72e12353106ed7dd3292754025d1b09dccf9477170e26b0b2e
Ubuntu Security Notice USN-1819-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1819-1 - Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422
SHA-256 | a635281db9d2f6415d9524c066b6db166a048380476c69d658d0a8b5199bb47a
OpenDocMan 1.2.6.5 Cross Site Scripting
Posted May 7, 2013
Authored by drone

OpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 09a561eea3e2a4cf7a0b605a95ace0f35855e1d5dc113069e4c7516091aab7e1
Hloun Support Management System 3.0 SQL Injection / Bypass
Posted May 7, 2013
Authored by i-Hmx

Hloun Support Management System version 3.0 suffers from authentication bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 4036c3b54a9386a38fb0387988ef8098b48eb2d63998f2fa2f7cfbf8ad120412
MoinMelt Arbitrary Command Execution
Posted May 7, 2013
Authored by HTP

MoinMelt remote arbitrary command execution exploit as released in HTP version 5.

tags | exploit, remote, arbitrary
SHA-256 | 57a4eee9988f535e79cf25e3113013c4894c962158793e8fa7a2a42a01d07190
ColdFusion 9 / 10 Remote Root
Posted May 7, 2013
Authored by HTP

ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.

tags | exploit, remote, root
SHA-256 | 7ca7d0dbbf03c4e7f09cce36a6785fc2d64fa398061c3b4afd5d406f11f33c4e
NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution
Posted May 7, 2013
Authored by M. Heinzl | Site sec-consult.com

NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
advisories | CVE-2013-3320, CVE-2013-3321, CVE-2013-3322
SHA-256 | c03a185c7bd69fd181b1a14ec856e4d335a0da6e6ea530fcfec62dc71fd11947
Xenotix Python Keylogger For Windows
Posted May 7, 2013
Authored by Ajin Abraham

Xenotix is a keylogger for windows that is written in Python. It has the ability to send logs remotely.

tags | system logging, python
systems | windows, unix
SHA-256 | 16bbf9e5e1780a33332509ebf9181a4f9de56d922e037343ce45e5b75909227f
Drupal Htmlarea 4.7.x-1.x Shell Upload
Posted May 7, 2013
Authored by Net.Edit0r

Drupal Htmlarea module version 4.7.x-1.x suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 78f77867a46c4aaaff7aac7994d6a185897bc9f0853cd50e089fc3b01fb28d09
Craigslist Gold SQL Injection
Posted May 7, 2013
Authored by Fallaga

Craigslist Clone Gold suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f54dec94a7742199481341e8ad792abf58d3234159c8418dbce4610386e3bbde
PHPvocabtionary Code Injection
Posted May 7, 2013
Authored by Slotleet

PHPvocabtionary suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | 35815077f57e1f2a0c402c5aa47bd660a80be4e101ed5ce9aa820d993b33b171
Microsoft Internet Explorer CGenericElement Object Use-After-Free
Posted May 7, 2013
Authored by sinn3r, juan vazquez, temp66, EMH | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) Website.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-1347, OSVDB-92993
SHA-256 | 723999396b06b95680fb759bf7a793de8245f41f4c76b136b6109a09e4954141
Ruxcon 2013 Call For Papers
Posted May 7, 2013
Site ruxcon.org.au

Ruxcon 2013 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 26th and 27th of October at the CQ Function Centre, Melbourne, Australia.

tags | paper, conference
SHA-256 | 8ebb6efde087b84a046399571288fbdbd808cd206ebf4276c0ed862e153e9a24
SAP ERP Remote Code Injection
Posted May 7, 2013
Authored by Ertunga Arsal | Site esnc.de

SAP ERP Central Component PS-IS suffers from a remote code injection vulnerability.

tags | advisory, remote
advisories | CVE-2013-3244
SHA-256 | 5e58652bd4084d45a345426470327c91caa6fc06378fffda9da820fa86d98247
Sanewall 1.1.1
Posted May 7, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: When startup fails, both IPv4 and IPv6 firewalls are correctly restored. A regression test framework has been added. This release fixes the "mac" helper command for versions of iptables 1.4.12+ per 1.0.1, and also prevents MAC addresses being seen as IPv6 addresses.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 89747957be987508490f1ce9e2239c4570d3760c4c8ec6766920b98883569b8b
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close