what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2013-06-20

SMB Hijacking
Posted Jun 20, 2013
Authored by Ares

This is a whitepaper called SMB Hijacking. Kerberos is defeated.

tags | paper
SHA-256 | e4ebb0e6abe8e3336a32bbc733610105b1aadafc45ddc1ff3cd056d26d6b0904
Havalite CMS Arbitary File Upload
Posted Jun 20, 2013
Authored by CWH Underground, sinn3r | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Havalite CMS version 1.1.7. Prior versions are possibly affected. Attackers can abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-94405
SHA-256 | caf2d6ad9662842ffd45e96d09bc069561d43e22364b1adc6736d0aee2a8406c
Samhain File Integrity Checker 3.0.13
Posted Jun 20, 2013
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: A regression in the handling of growing log files has been fixed. For compiling with the kernel check option, the detection of an existing yet non-functional /dev/kmem device has been improved.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | ff9690317ee886b49eb5e9bd5faebdfdec570476e06a3bdaa52b88f18caaea19
Cisco Security Advisory 20130619-tpc
Posted Jun 20, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate the Cisco TelePresence TC and TE Software SIP Denial of Service vulnerabilities are available.

tags | advisory, remote, denial of service, shell, root, vulnerability, protocol
systems | cisco
SHA-256 | ead88e974b036c9c7fbb50018682a7c6c17b58507aa6e49c8be0b7d9d6c659ee
RSA BSAFE SSL-C SSL/TLS Plaintext Recovery
Posted Jun 20, 2013
Site emc.com

RSA BSAFE SSL-C version 2.8.7 contains a patch that is designed to help ensure that MAC checking is time invariant in servers in order to mitigate Lucky Thirteen attacks.

tags | advisory
advisories | CVE-2013-0169
SHA-256 | 3705ff404e79e528a1d4c4f3b3ef61d1564a3c5b98e8c1e65707ec6fa9ccf3b9
GLPI 0.83.8 SQL Injection
Posted Jun 20, 2013
Authored by Humberto Cabrera | Site zeroscience.mk

GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'users_id_assign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in 'glpi/ajax/comments.php' script is not properly sanitized before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.

tags | exploit, arbitrary, php, vulnerability, sql injection
SHA-256 | d4ea648da5ce15f6a9a9ff70fced4a4c2d50218825a23a4be4c56ea5f0f90ee9
Red Hat Security Advisory 2013-0958-01
Posted Jun 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0958-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472
SHA-256 | 3f77eaf4516bbe12c6edbe2aca993604898a19cfaad97a69e04c200768338d2b
Red Hat Security Advisory 2013-0957-01
Posted Jun 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0957-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472
SHA-256 | 607e92095834e27b38b0876edb3515b60809151352fdfe7243f233f859b32927
Debian Security Advisory 2712-1
Posted Jun 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2712-1 - It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4088
SHA-256 | 504cb290f51c608d9200e113c25d5724ba25dd33673d69731fea9e871839de69
Debian Security Advisory 2711-1
Posted Jun 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2711-1 - Multiple security issues have been found in HAProxy, a load-balancing reverse proxy.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2942, CVE-2013-1912, CVE-2013-2175
SHA-256 | 319b470e413067c6dfb06e38f3db14e6a31e3cdbf1d418eaedc13bc17f95e217
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close