what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-06-26

Cisco Security Advisory 20130626-esa
Posted Jun 26, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, denial of service, vulnerability
systems | cisco
MD5 | 2e5ffcae9a8d3e333136bf0894537e07
Xaraya 2.4.0-b1 Cross Site Scripting
Posted Jun 26, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Xaraya version 2.4.0-b1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-3639
MD5 | f3b92b05cb0d0954d2b4e7a301584c08
Mandriva Linux Security Advisory 2013-179
Posted Jun 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-179 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. Various other security issues were also addressed. The mozilla firefox packages have been upgraded to the latest ESR version which is unaffected by these security flaws.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
MD5 | 94c1f24c117b912e0bc5d6e852e13397
Drupal Fast Permissions Administration Access Bypass
Posted Jun 26, 2013
Authored by Philip Boden | Site drupal.org

Drupal Fast Permissions Administration third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 4f8472c083b728ff2634a20073ab4542
InstantCMS 1.6 Code Execution
Posted Jun 26, 2013
Authored by Akastep

InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.

tags | exploit, remote, shell, php, code execution
MD5 | 5a786e6ec0ba28fb6a279b4e589c45a7
PCMan's FTP Server 2.0 Directory Traversal
Posted Jun 26, 2013
Authored by Chako

PCMan's FTP Server version 2.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 2d77dab25c50bd79d604706c1cf8a072
Motion 3.2.12 XSS / CSRF / Buffer Overflow / SQL Injection
Posted Jun 26, 2013
Authored by xistence

Motion version 3.2.12 suffers from buffer overflow, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, overflow, vulnerability, xss, sql injection, csrf
MD5 | d433040aaad85f7333cbeac89d60b5be
ZPanel zsudo Local Privilege Escalation
Posted Jun 26, 2013
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the zsudo binary, installed with zpanel, to escalate privileges. In order to work, a session with access to zsudo on the sudoers configuration is needed. This Metasploit module is useful for post exploitation of ZPanel vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute zsudo on the sudoers file.

tags | exploit, web, vulnerability
MD5 | e5086c26dae2c1ed0fdc45d121c299f9
Novell Client 2 SP3 nicm.sys Local Privilege Escalation
Posted Jun 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a flaw in the nicm.sys driver to execute arbitrary code in kernel space. The vulnerability occurs while handling ioctl requests with code 0x143B6B, where a user provided pointer is used as function pointer. The module has been tested successfully on Windows 7 SP1 with Novell Client 2 SP3.

tags | exploit, arbitrary, kernel
systems | windows, 7
advisories | OSVDB-93718
MD5 | ac7e4aef56decbe98bfc4c4406d3715b
PHP Charts 1.0 Remote Code Execution
Posted Jun 26, 2013
Authored by infodox

This exploit leverages an eval() bug in the PHP Charts library allowing for remote code execution. A reverse shell is delivered using Perl.

tags | exploit, remote, shell, perl, php, code execution
MD5 | 76b12a9f76dce904e3d5a4628c1f04f5
FreeBSD 9 Address Space Manipulation Privilege Escalation
Posted Jun 26, 2013
Authored by Alan Cox, Hunger, sinn3r, Konstantin Belousov | Site metasploit.com

This Metasploit module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation. Systems such as FreeBSD 9.0 and 9.1 are known to be vulnerable.

tags | exploit
systems | freebsd
advisories | CVE-2013-2171, OSVDB-94414
MD5 | b258cd8526da63e79f9daeb6f93717bc
PHP-CGI Argument Injection
Posted Jun 26, 2013
Authored by infodox

Exploit for the PHP-CGI argument injection vulnerability disclosed in 2012. Has file uploading, inline shell spawning, and both python and perl reverse shell implementations using an earlier version of the "payload" library written for such exploits.

tags | exploit, shell, cgi, perl, php, python, file upload
systems | unix
advisories | CVE-2012-1823
MD5 | bbf30f73a92bfb0a1e522e790fabad73
LotusCMS 3.0 PHP Code Execution
Posted Jun 26, 2013
Authored by infodox

LotusCMS version 3.0 remote PHP code execution exploit as disclosed in 2011. It spawns a reverse shell.

tags | exploit, remote, shell, php, code execution
advisories | OSVDB-75095
MD5 | b211c468a2855345af64f88ed843e487
Debian Security Advisory 2714-1
Posted Jun 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2714-1 - Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation.

tags | advisory, kernel
systems | linux, freebsd, debian
advisories | CVE-2013-2171
MD5 | 43a490e49f21acd4a57cd0d37f03cab7
WHMCS Cross Site Request Forgery
Posted Jun 26, 2013
Authored by MadLeeTs

WHMCS appears to suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 39de2264ce58902618cebf6050f94020
SCTP Reverse Shell
Posted Jun 26, 2013
Authored by infodox

This is a reverse shell over SCTP implemented in Python. Currently it does not use SSL, but may evade most firewalls and IDS devices as many of them seemingly have no rules in place to check SCTP traffic.

tags | tool, shell, rootkit, python
systems | unix
MD5 | 32dff8667d5c2c32921ab4f45df6b883
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    1 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close