Exploit the possiblities
Showing 1 - 25 of 390 RSS Feed

Files Date: 2013-06-01 to 2013-06-30

Nameko Webmail Cross Site Scripting
Posted Jun 29, 2013
Authored by Andrea Menin

Nameko Webmail versions 0.10.146 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3d21692e1e13afe7a200f66fcab00615
Static HTTP Server 1.0 SEH Overflow
Posted Jun 29, 2013
Authored by Jacob Holcomb

Static HTTP Server version 1.0 SEH overflow exploit that leverages the configuration file and binds a shell to port 4444.

tags | exploit, web, overflow, shell
MD5 | e7496895749f7c883a90a2e50982c685
AVS Media Player 4.1.11.100 Denial Of Service
Posted Jun 29, 2013
Authored by metacom

AVS Media Player version 4.1.11.100 local denial of service exploit that generates a malicious AC3 file.

tags | exploit, denial of service, local
MD5 | b1edb4d4ec3a451f488e40f3f8b4c8a2
WordPress WP-Private-Messages SQL Injection
Posted Jun 29, 2013
Authored by IeDb

WordPress WP-Private-Messages this party plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 83c286a433013961d7df49cfc52968b6
Debian Security Advisory 2717-1
Posted Jun 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2717-1 - Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2013-2210
MD5 | e77b2ac1c69587019e6303726502b7af
Mandriva Linux Security Advisory 2013-186
Posted Jun 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-186 - Updated puppet packages fix remote code execution vulnerability. When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.

tags | advisory, remote, code execution, ruby
systems | linux, mandriva
advisories | CVE-2013-3567
MD5 | d84c160ca7e05a2b999e98cd41a576ac
Slackware Security Advisory - ruby Updates
Posted Jun 28, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4073.

tags | advisory, ruby
systems | linux, slackware
advisories | CVE-2013-4073
MD5 | 4f6fde76da879e81713e68dd639551e4
Fortigate Firewall Cross Site Request Forgery
Posted Jun 28, 2013
Authored by Sven Wurth

Fortigate Firewall versions prior to 4.3.13 and 5.0.2 suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2013-1414
MD5 | fbca49c87adc2d6887f9b55df4504d6b
YOPMail XSS / Injection / HTTP Response Splitting
Posted Jun 28, 2013
Authored by Juan Carlos Garcia

YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | a5d9881d634167e06e2db886f4cca8b3
Windows 7 SP1 Local Access SYSTEM Compromise
Posted Jun 28, 2013
Authored by Anastasios Monachos

If you have physical access to a Microsoft Windows 7 SP1 instance, you can leverage the "Launch startup Repair" functionality to gain SYSTEM access.

tags | exploit
systems | windows, 7
MD5 | c52e640cc11080951b3b69430724c758
Red Hat Security Advisory 2013-1001-01
Posted Jun 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1001-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired on December 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, after December 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.

tags | advisory
systems | linux, redhat
MD5 | d6e9e6e8bab7cfee4a7eb576004543db
Mobile USB Drive HD 1.2 Shell Upload
Posted Jun 28, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Mobile USB Drive HD version 1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 57bd463871e8a0cb71bbfc62aac51778
Barracuda CudaTel Communication Server 2.6.002.040 XSS
Posted Jun 28, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda CudaTel Communication Server version 2.6.002.040 suffers from multiple script injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 4684145ae35bcc6c956181686c6b3503
PCMan's FTP Server 2.0 Buffer Overflow
Posted Jun 28, 2013
Authored by Chako

PCMan's FTP Server version 2.0 remote buffer overflow exploit that leverages USER and pops calc.exe.

tags | exploit, remote, overflow
MD5 | 75b5495b82efc4e8713620080cbaa441
PayPal Enumeration / Information Disclosure
Posted Jun 28, 2013
Authored by Karim H.B. | Site vulnerability-lab.com

The PayPal Hong Kong marketing site suffers from information disclosure, user enumeration, and bruteforcing vulnerabilities.

tags | exploit, vulnerability, info disclosure
MD5 | b517c2fc98d08ea05db8c5e8e6f1a8af
eFile Wifi Transfer Manager 1.0 LFI / XSS
Posted Jun 28, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

eFile Wifi Transfer Manager version 1.0 for iOS suffers from local file inclusion and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
systems | ios
MD5 | 730f03745fd75d14f23b6285dbf1288d
Sony Playstation Network Password Reset
Posted Jun 28, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A critical password reset (session) vulnerability was detected in the Sony PSN Network web server auth system account application. The vulnerability allows remote attackers without a privileged application account to exchange session values and reset any psn user accounts.

tags | advisory, remote, web
MD5 | d6e4bc15b8000387851d15849913b56b
PCMan's FTP Server 2.0.7 Remote Root
Posted Jun 28, 2013
Authored by Jacob Holcomb

PCMan's FTP Server version 2.0.7 remote root buffer overflow exploit that leverages the USER command and binds a shell to port 4444.

tags | exploit, remote, overflow, shell, root
MD5 | 26b44400415603fc3d92809f89abd244
Apache Santuario XML Security For C++ Heap Overflow
Posted Jun 27, 2013
Authored by Jon Erickson

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154, CVE-2013-2210
MD5 | 94f3d21daa75c010adc2c62206b9ca7d
HP Security Bulletin HPSBUX02886
Posted Jun 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02886 - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, shell
systems | hpux
advisories | CVE-2010-5107
MD5 | 5b1893de2900ee77fcd2f6bd22011007
HP Security Bulletin HPSBST02890
Posted Jun 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02890 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. A user who is logged in via the HPSupport user account does not have access to the data that has been backed up to the HP StoreOnce Backup system, and hence is not able to read or download the backed up data. However, it is possible to reset the device to factory defaults, and hence delete all backed up data that is present on the device. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-2342
MD5 | b63d30eb84bd01e6b908a514cacd7356
Red Hat Security Advisory 2013-0992-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0992-01 - Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw was found in the way python-keystoneclient handled encrypted data from memcached. Even when the memcache_security_strategy setting in "/etc/swift/proxy-server.conf" was set to ENCRYPT to help prevent tampering, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to bypass intended restrictions and modify data in memcached that will later be used by services utilizing python-keystoneclient.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2013-2166, CVE-2013-2167
MD5 | 4eeb9d4e18db369c37944f65c60769f3
Red Hat Security Advisory 2013-0997-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0997-01 - This is the 5-Month notification of the End Of Life plans for Red Hat Storage Software Appliance 3.2 and Red Hat Virtual Storage Software Appliance 3.2. In accordance with the Red Hat Storage Software Appliance Support Life Cycle Policy, support will end on November 30, 2013. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat Storage Server product once the life cycle for SSA and VSA is complete. If customers cannot migrate, the product will become unsupported. In addition, after November 30, 2013, technical support through Red Hat’s Global Support Services will no longer be provided. We encourage customers to plan their migration from Storage Software Appliance 3.2 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.

tags | advisory
systems | linux, redhat
MD5 | e918eb2e9ba033725b43ec2f02ffc2a1
Red Hat Security Advisory 2013-0993-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0993-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. An XML injection flaw in OpenStack Swift could allow remote attackers to manipulate the contents of XML responses via specially-crafted data. This could be used to trigger a denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-2161
MD5 | 4671a0bd48279fb67b8ad8d799857797
Red Hat Security Advisory 2013-0996-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0996-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.6 will be retired on July 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.

tags | advisory
systems | linux, redhat
MD5 | 67bb0d0dacc01ee2b92ad0d013b44a33
Page 1 of 16
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close