what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-07-01

Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
Posted Jul 1, 2013
Authored by Tavis Ormandy, egypt, sinn3r, juan vazquez, progmboy, Meatballs, Keebie4e | Site metasploit.com

This Metasploit module exploits a vulnerability on EPATHOBJ::pprFlattenRec due to the usage of uninitialized data which allows to corrupt memory. At the moment, the module has been tested successfully on Windows XP SP3, Windows 2003 SP1, and Windows 7 SP1.

tags | exploit
systems | windows
advisories | CVE-2013-3660, OSVDB-93539
SHA-256 | 2612430b8b89a0e631ac0fc7cddbfe75efb7eff156c315c62b9215b7b3af9cda
Barracuda SSL VPN 680Vx 2.3.3.193 Cross Site Scripting
Posted Jul 1, 2013
Authored by LiquidWorm | Site zeroscience.mk

Barracuda SSL VPN 680Vx version 2.3.3.193 suffers from multiple stored cross site scripting vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 6cdaa46c9bda87ca1e53f2efc0784e86468f2880406bfb90ebb5411edcd0dffa
WinAmp 5.63 Null Pointer Dereference
Posted Jul 1, 2013
Authored by Julien Ahrens | Site security.inshell.net

An invalid pointer dereference vulnerability has been identified in WinAmp version 5.63. The application loads the contents of the %APPDATA%\WinAmp\links.xml on startup (the key lngId="default") and while browsing through the bookmarks in the Browser view of the GUI, but does not properly validate the length of the string loaded from the "<link name>" and "<home url>" keys before using them in a pointer call in the library gen_ff.dll, which leads to a invalid pointer dereference condition with possible code execution.

tags | advisory, code execution
advisories | CVE-2013-4695
SHA-256 | 99fc912aec9bf8e6915bfe5b9f35e6490007597a4a95e0a25c852c3364dc998f
Red Hat Security Advisory 2013-1006-01
Posted Jul 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1006-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-5575, CVE-2012-5783, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | cb65575734339ab1d8443e7504fc17b4b00c1fcfe52f5530b58826c2e7774085
WinAmp 5.63 Buffer Overflow
Posted Jul 1, 2013
Authored by Julien Ahrens | Site security.inshell.net

WinAmp version 5.63 suffers from a stack-based buffer overflow vulnerability. The application loads the directories in %PROGRAMFILES%\WinAmp\Skins on startup to determine the skins that have been installed and to list them in the application menu point "Skins" and in the Skins Browser. But the application does not properly validate the length of the directory name before passing it as argument to a lstrcpynW call in the library gen_jumpex.dll, which leads to a buffer overflow condition with possible code execution.

tags | exploit, overflow, code execution
advisories | CVE-2013-4694
SHA-256 | a76ea933b9df26a37cc6888564494cffff7f2cecd9238e9b31fca155cae86ed4
HP Security Bulletin HPSBHF02888
Posted Jul 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02888 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2340, CVE-2013-2341
SHA-256 | 1eb59cdc97c3f7849e0a2f83ef4e8f44509ad160024149da079d1292a6d1c01f
Apache Geronimo 3 RMI Classloader Exposure
Posted Jul 1, 2013
Authored by Pierre Ernst

A misconfigured RMI classloader in Apache Geronimo version 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.

tags | advisory
advisories | CVE-2013-1777
SHA-256 | 86669e472c9cf821a0760e19d102a87138e31d290ff34eba5d75915bcc9ca407
HP Security Bulletin HPSBST02846 SSRT100798 2
Posted Jul 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02846 SSRT100798 2 - Potential security vulnerabilities have been identified with HP LeftHand Virtual SAN Appliance hydra. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-3282, CVE-2012-3283, CVE-2012-3284, CVE-2012-3285, CVE-2013-2343
SHA-256 | ecd67a27e8bf5289d2c9aab6f35a36704f248b7cbdfc521e7ab41861ddd664d2
Link Farm Evolution 1.8.7 Cross Site Scripting
Posted Jul 1, 2013
Authored by Prakhar Prasad, Rafay Baloch

Link Farm Evolution version 1.8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5020d8f67969c4f8c291fe0640c5434a7e1e0adb0ad16d4a011077f64d73a5d4
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 1, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 2028c996580de522a32dde5854cbf70842581faf2ba0f030f8f845123ce2a451
Slackware Security Advisory - mozilla-firefox Updates
Posted Jul 1, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 71ad168c4e87b78e0c541319ff88a5dc66d33a4fcc47f0605690537a643953f3
Packet Storm New Exploits For June, 2013
Posted Jul 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 192 exploits added to Packet Storm in June, 2013.

tags | exploit
systems | linux
SHA-256 | 95019076b638e2f09aaf08a7874f0386a18e21c90290b3a25dd85a226c5662bc
Bifrost 1.2.1 Remote Buffer Overflow
Posted Jul 1, 2013
Authored by Mohamed Clay

Bifrost version 1.2.1 remote buffer overflow exploit that pops calc.exe.

tags | exploit, remote, overflow
SHA-256 | 62dd68238a1da5d034d191b4e95f75a9c2f18b158abd9e490b726604beb31d12
Bifrost 1.2d Remote Buffer Overflow
Posted Jul 1, 2013
Authored by Mohamed Clay

Bifrost version 1.2d remote buffer overflow exploit that pops calc.exe.

tags | exploit, remote, overflow
SHA-256 | 7aa0932d59358b9720ee801ba756f588bdae126d26de6daeba1dc040f4a04c2c
GLPI 0.83.9 Code Execution
Posted Jul 1, 2013

GLPI version 0.83.9 suffers from a remote PHP code execution vulnerability in the unserialize() function.

tags | exploit, remote, php, code execution
advisories | CVE-2013-2225
SHA-256 | 382173b69e5b1dc2a471b37ca3ebd677f1742f77e6ce5504c3668e6680febce1
Moxieplayer Content Spoofing
Posted Jul 1, 2013
Authored by MustLive

TinyMCE versions 3.4b2 through 4.0b3 and WordPress versions up to 3.5.1 suffer from content spoofing issues with Moxieplayer. .

tags | exploit, spoof
SHA-256 | 598b87e6a2a44fe517b2304a10e934f9b7d17b3ffadc7e40f05eb037bfca680d
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close