ignore security and it'll go away
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-05-14

Ruby Gem Creme Fraiche 0.6 Command Injection
Posted May 14, 2013
Authored by Larry W. Cashdollar

Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.

tags | exploit, remote, ruby
advisories | CVE-2013-2090
MD5 | 9304cf308bf053757461014cecfd0248
Wordpress Newsletter 3.2.6 Cross Site Scripting
Posted May 14, 2013
Authored by LiquidWorm | Site zeroscience.mk

Wordpress Newletter plugin version 3.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1b890be643ad2a4e3444c79a01c98906
Ubuntu Security Notice USN-1823-1
Posted May 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1823-1 - Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.

tags | advisory, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2013-1669, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
MD5 | b7a7b29f2d1a6bded7be93212ba3539a
Netcraft.com Cross Site Scripting
Posted May 14, 2013
Authored by Stefan Schurtz

www.netcraft.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 23397f0b310321dc2e23e167d7ab6a03
Red Hat Security Advisory 2013-0823-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0823-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440
MD5 | e98af806562a4cf47fece7345797312f
Red Hat Security Advisory 2013-0822-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0822-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434
MD5 | 1e2ebb13572bcd8fd4d499e8b4e3bb1a
Red Hat Security Advisory 2013-0820-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0820-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting attacks.

tags | advisory, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
MD5 | 9c0dc044c7a2d8e120bb33aad7c28656
Red Hat Security Advisory 2013-0821-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting attacks.

tags | advisory, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
MD5 | 555d05f6e0409ffe7e54f607c776f4a9
Ubuntu Security Notice USN-1822-1
Posted May 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1822-1 - Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.

tags | advisory, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2013-1670, CVE-2013-1671, CVE-2013-1674, CVE-2013-1675, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
MD5 | 10fbddd1d028ee185f1832a67383550d
Microsoft Security Bulletin Summary For May, 2013
Posted May 14, 2013
Site microsoft.com

This bulletin summary lists 10 released Microsoft security bulletins for May, 2013.

tags | advisory
MD5 | 8d445d91530b8d18c40beab35c13dc92
WordPress Video JS Cross Site Scripting
Posted May 14, 2013
Authored by MustLive

Various WordPress plugins that embed video-js.swf suffer from cross site scripting vulnerabilities. These include Video Embed and Thumbnail Generator, External "Video for Everybody", 1player, S3 Video and EasySqueezePage.

tags | exploit, vulnerability, xss
MD5 | 36d7d8ea51d31b6732ee7681dffeb094
Kloxo 6.1.6 Privilege Escalation
Posted May 14, 2013
Authored by HTP

Kloxo version 6.1.6 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | d7c86c58a7cba566d9a8f64aa286ed30
Joomla Jnews 8.0.1 Cross Site Scripting
Posted May 14, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla Jnews version 8.0.1 suffers from an Open Flash-Chart cross site scripting vulnerability.

tags | exploit, xss
MD5 | 06d796e8bc753b103203d9ee466588fa
Red Hat Security Advisory 2013-0815-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0815-01 - The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862
MD5 | d937fe7968bc60edcdd3111ef4b0411e
Sanewall 1.0.2
Posted May 14, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: Fixes kernel version detection per 1.0.2. The configure script makes sanewall executable. The unconfigured sanewall.in issues a warning when it is run directly. The configure script now sets /usr/local/etc as the location for Sanewall to look in as well as store configuration files in if --sysconfdir is not given, solving bug 78. There is a switch to enable debug output. Handles domain names that refer to records that are IPv4, IPv6, or both. Fixes protection against direct use of /sbin/iptables and /sbin/ip6tables that was broken from 1.1.0.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | d9675c2f5f7c441c1709a85ae8213b73
ZedLog 0.2 Beta
Posted May 14, 2013
Authored by Zachary Scott | Site github.com

ZedLog is a robust cross-platform input logging tool (or key logger). It is based on a flexible data logging system which makes it easy to get the required data. It captures all keyboard and mouse events, has a full GUI, and supports logging to a file and basic hiding.

Changes: This release adds an initial replay simulation tool, saving and opening of log files, a record/pause button, separate mouse pressed and released loggers, a more polished GUI, and a new icon set.
tags | system logging
systems | unix
MD5 | 64e48a8daedaf18f82ba1d59b5d69050
Hook Analyser Malware Tool 2.5
Posted May 14, 2013
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: Hook Analyser can now perform XOR bruteforce on "encoded/obfuscated" executables. Deep search improved (new signatures added). Bug fixes.
MD5 | b8672a0d1533f88db9c2e3afb961a9c1
ipset 6.19
Posted May 14, 2013
Authored by Jan Engelhardt | Site ipset.netfilter.org

ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.

Changes: This release adds per-element byte and packet counters for every set type.
tags | tool
systems | unix
MD5 | cabba1bd63a93f6e1c3db3fb22412b64
Linux PERF_EVENTS Local Root
Posted May 14, 2013
Authored by sd

Linux local root exploit that requires that PERF_EVENTS be compiled into the kernel. This has been fixed in 3.8.10. This bug apparently got backported from 2.6.37 into CentOS5 2.6.32 kernels.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
MD5 | cdeeb8e9586abc49bc1a34af4bc14282
libtins 1.0
Posted May 14, 2013
Authored by Matias Fontanini | Site libtins.sourceforge.net

libtins is a high-level, multiplatform C++ library for crafting, sending, sniffing and interpreting raw network packets. Its main purpose is to provide the C++ developer an easy, efficient, platform and endianess-independent way to create tools which need to send, receive and manipulate specially crafted packets.

tags | library
systems | unix
MD5 | 790cadc52f178962957f5faf449058da
Gallery Server Pro File Upload Filter Bypass
Posted May 14, 2013
Authored by Drew Calcott | Site security-assessment.com

Gallery Server Pro suffers from a file upload filter bypass vulnerability.

tags | exploit, bypass, file upload
MD5 | 04887ac3a4e8fdd232631bbda84bc552
WHMCS 4.5.2 SQL Injection
Posted May 14, 2013
Authored by Ahmed Aboul-Ela

WHMCS version 4.5.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8649ff075f9dab84195c0f8a9259f9d2
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close