what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-06-25

Plesk PHP Code Injection
Posted Jun 25, 2013
Authored by Kingcope, infodox

Reliable exploit for the Plesk PHP code injection vulnerability disclosed by Kingcope in June 2013. Can deliver inline and reverse shells using the payloads library, as well as offering (buggy) file upload features.

tags | exploit, shell, php, file upload
systems | unix
SHA-256 | b76333a40c15eeb1e6e0fe351ee9f933ff24a237da980ed7dc853fd2e1f0d52c
Simple PHP Backdoor
Posted Jun 25, 2013
Authored by infodox

This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.

tags | tool, web, php, rootkit
systems | unix
SHA-256 | 397d3f851a08bef7d13138eedf2b87ab8e732b35f14514f58a2162c103188aab
Nmap NSE Vulscan 1.0
Posted Jun 25, 2013
Authored by Marc Ruef

This is a NSE script written for nmap that adds vulnerability scanning.

Changes: Better performance. Support for dynamic report templates, your own CSV-based vulnerability database, and more. Better error handling and more debug output.
tags | tool, nmap
systems | unix
SHA-256 | a36473e6e38e4484f78ca4df6a612d03afa635b3f67c7fc0ab609db50416ec42
Red Hat Security Advisory 2013-0982-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0982-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.

tags | advisory, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | 91f56531f39853c2f2a1ca750e63373cbb3dcd514af9628c72e9ad093402a100
Mandriva Linux Security Advisory 2013-177
Posted Jun 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-177 - Updated dbus packages fix security vulnerability. Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2013-2168
SHA-256 | ed69c941247755b87316d8236dd675a2060fc54bc73a88d694ef3c9461b2a491
Red Hat Security Advisory 2013-0981-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0981-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that Firefox allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.

tags | advisory, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | bb2fefe37dacf96fb5a3a797951020c7907c180ac273dbfd9ed79f4bd0e90792
IceWarp Mail Server 10.4.5 XSS / XXE Injection
Posted Jun 25, 2013
Authored by V. Paulikas | Site sec-consult.com

IceWarp Mail Server versions 10.4.5 and below suffer from cross site scripting and XML external entity injection vulnerabilities.

tags | exploit, vulnerability, xss, xxe
SHA-256 | 84d292ec76f89464eea4d17baff572a4b0ef0577f2fb641e3f8541b6a69f2f43
Microsoft Security Bulletin Re-Release For June, 2013
Posted Jun 25, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for June, 2013.

tags | advisory
SHA-256 | 7be8a748fe11f05e2477449bf46e22be71e0183fc7fe28d11901091eee25333c
Xopie Virtual Shop Cross Site Scripting
Posted Jun 25, 2013
Authored by Ivan Sanchez, Raul Diaz

Xopie Virtual Shop suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 5ff477d1888070ff122a5d545c253879ad7281c86a03d72b36347ca511ff904f
Magnolia CMS 4.5.8 Access Bypass
Posted Jun 25, 2013
Authored by Adrian Furtuna

Magnolia CMS versions 4.5.8 and below suffer from multiple access control vulnerabilities that allow a non-administrative user to access and execute administrative functionalities.

tags | exploit, vulnerability, bypass
advisories | CVE-2013-4621
SHA-256 | fb6c27a0797c4b1ac97ad5992f8eddfb9cd896a72f7e7d7b719810e87f85d694
HP Security Bulletin HPSBHF02878
Posted Jun 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02878 - A potential security vulnerability has been identified with the HP Smart Zero Client. This vulnerability could be exploited by a local user on the device to gain unauthorized access. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2013-2339
SHA-256 | 91be9a52473f882f112ec519c2376429e317345e0d0a9fcedb76aeeda522a789
Mandriva Linux Security Advisory 2013-178
Posted Jun 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-178 - Updated nfs-utils packages fix a security vulnerability. It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server than the intended server (with stricter security). If the victim has write access to the second server, and the attacker has read access (when they normally might not on the secure server), the victim could write files to that server, which the attacker could obtain (when normally they would not be able to). To the victim this is transparent because the victim's computer asks the KDC for a ticket to the second server due to reverse DNS resolution; in this case Krb5 authentication does not fail because the victim is talking to the correct server.

tags | advisory, spoof
systems | linux, mandriva
advisories | CVE-2013-1923
SHA-256 | a1e3a132caeeb99ce5cc2a4afed913edaa8f9c54dbe4627d420f48c92e348f9f
Red Hat Security Advisory 2013-0983-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2013-2174
SHA-256 | a7fa5f3acd97b0e062e7116dd627f4fc0ac45395d1e94fe95cabb6cf342a2e84
Against Mass Scanner / SSH Brute Forcer
Posted Jun 25, 2013
Authored by pigtail23 | Site nullsecurity.net

Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.

tags | tool, scanner, tcp
systems | unix
SHA-256 | a381147676345ca9c836e4c1462e3640dcacda8fa9c672bb180705d90835376b
Barnraiser Prairie Directory Traversal
Posted Jun 25, 2013
Authored by prairie

The OpenID idp software "Barnraiser Prairie" suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 1ad81e02ee42a9511c7683f63d96e32a3ce1513c07afe374fd2a2aa94218d4d4
Baby FTP Server 1.24 Denial Of Service
Posted Jun 25, 2013
Authored by Chako

Baby FTP Server version 1.24 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 57a30ba98c73848393ea7ef56c626af98d1732a7c4117166d3a53e37bb816e21
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close