accept no compromises
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-06-25

Plesk PHP Code Injection
Posted Jun 25, 2013
Authored by Kingcope, infodox

Reliable exploit for the Plesk PHP code injection vulnerability disclosed by Kingcope in June 2013. Can deliver inline and reverse shells using the payloads library, as well as offering (buggy) file upload features.

tags | exploit, shell, php, file upload
systems | unix
MD5 | 40b90d76d0580f70886001e5bf3051b5
Simple PHP Backdoor
Posted Jun 25, 2013
Authored by infodox

This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.

tags | tool, web, php, rootkit
systems | unix
MD5 | 9339a47d8494f20c33278bdc964714ef
Nmap NSE Vulscan 1.0
Posted Jun 25, 2013
Authored by Marc Ruef

This is a NSE script written for nmap that adds vulnerability scanning.

Changes: Better performance. Support for dynamic report templates, your own CSV-based vulnerability database, and more. Better error handling and more debug output.
tags | tool, nmap
systems | unix
MD5 | 049138cd6131584ff1da9ac9a198df8d
Red Hat Security Advisory 2013-0982-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0982-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.

tags | advisory, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
MD5 | 903811d2af09150f068d973a8d858a82
Mandriva Linux Security Advisory 2013-177
Posted Jun 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-177 - Updated dbus packages fix security vulnerability. Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2013-2168
MD5 | 659ae4c2b1bfd769215afd3570c4f34f
Red Hat Security Advisory 2013-0981-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0981-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that Firefox allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.

tags | advisory, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
MD5 | 2e90a737c464505cf878f2958bff33fb
IceWarp Mail Server 10.4.5 XSS / XXE Injection
Posted Jun 25, 2013
Authored by V. Paulikas | Site sec-consult.com

IceWarp Mail Server versions 10.4.5 and below suffer from cross site scripting and XML external entity injection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1acdb9051822f7a15d1fa63ed39e5550
Microsoft Security Bulletin Re-Release For June, 2013
Posted Jun 25, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for June, 2013.

tags | advisory
MD5 | 684602a63dcdbf464079ad86b30b5980
Xopie Virtual Shop Cross Site Scripting
Posted Jun 25, 2013
Authored by Ivan Sanchez, Raul Diaz

Xopie Virtual Shop suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | ff20477761941e992caa980baf20df46
Magnolia CMS 4.5.8 Access Bypass
Posted Jun 25, 2013
Authored by Adrian Furtuna

Magnolia CMS versions 4.5.8 and below suffer from multiple access control vulnerabilities that allow a non-administrative user to access and execute administrative functionalities.

tags | exploit, vulnerability, bypass
advisories | CVE-2013-4621
MD5 | 97da8b20aa2e3b954b05d663b492ca45
HP Security Bulletin HPSBHF02878
Posted Jun 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02878 - A potential security vulnerability has been identified with the HP Smart Zero Client. This vulnerability could be exploited by a local user on the device to gain unauthorized access. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2013-2339
MD5 | 015ba799723b7b2a4cbe4364553d2ff1
Mandriva Linux Security Advisory 2013-178
Posted Jun 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-178 - Updated nfs-utils packages fix a security vulnerability. It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server than the intended server (with stricter security). If the victim has write access to the second server, and the attacker has read access (when they normally might not on the secure server), the victim could write files to that server, which the attacker could obtain (when normally they would not be able to). To the victim this is transparent because the victim's computer asks the KDC for a ticket to the second server due to reverse DNS resolution; in this case Krb5 authentication does not fail because the victim is talking to the correct server.

tags | advisory, spoof
systems | linux, mandriva
advisories | CVE-2013-1923
MD5 | df555586c3be1a1502c07d95d63a4836
Red Hat Security Advisory 2013-0983-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2013-2174
MD5 | d19c014f0dea84b64804cd3dc62b3167
Against Mass Scanner / SSH Brute Forcer
Posted Jun 25, 2013
Authored by pigtail23 | Site nullsecurity.net

Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.

tags | tool, scanner, tcp
systems | unix
MD5 | 18cffea53cef93cb1daf8ca912066d18
Barnraiser Prairie Directory Traversal
Posted Jun 25, 2013
Authored by prairie

The OpenID idp software "Barnraiser Prairie" suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | fec1d0b6ad93e91a3e8b3d29c1d6f1f4
Baby FTP Server 1.24 Denial Of Service
Posted Jun 25, 2013
Authored by Chako

Baby FTP Server version 1.24 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 83ad19e719b69fa8366201ac6a04d946
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close