exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-07-02

ABBS Audio Media Player .LST Buffer Overflow
Posted Jul 2, 2013
Authored by Julien Ahrens | Site metasploit.com

This Metasploit module exploits a buffer overflow in ABBS Audio Media Player. The vulnerability occurs when adding an .lst, allowing arbitrary code execution with the privileges of the user running the application. This Metasploit module has been tested successfully on ABBS Audio Media Player 3.1 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | OSVDB-75096
SHA-256 | 8e7dbe90958fe8302802551dc7fa864bd2477fa21cadd92aa30a40e30889a87b
Ubuntu Security Notice USN-1895-1
Posted Jul 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1895-1 - It was discovered that libvirt incorrectly handled certain storage pool requests. A remote attacker could use this issue to cause libvirt to consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1962
SHA-256 | cc8c5e950a851be9ee93ec12cbabf5a43f88343fc49fe60fc146fa4a1aa48612
Mandriva Linux Security Advisory 2013-192
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-192 - A security vulnerability was discovered and fixed in php-radius. Fixed a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2013-2220
SHA-256 | 5c6452b9c7ec35b97c7fe08d04405fe45650f48c747ee8ca2febcb9671b8f929
Real Player 16.0.2.32 Resource Exhaustion
Posted Jul 2, 2013
Authored by Akshaysinh Vaghela

Real Player versions 16.0.2.32 and below suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-3299
SHA-256 | ef659bfd5d0617b7a4f2de1976e29ae87d0164bbd37efe017b08f9288c9b767e
Skype Android Lockscreen Bypass
Posted Jul 2, 2013
Authored by Pulser on XDA

The Skype for Android application appears to have a bug which permits the Android lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily, if the device is logged into Skype, and the "attacker" is able to call the "victim" on Skype.

tags | exploit, bypass
SHA-256 | 1f17a0819dccaa0a5f029a95da9300687b5d1a579f8f77e93ac5afba7e00263e
XML-Sitemaps.com Sitemap Generator 6.0 Cross Site Scripting
Posted Jul 2, 2013
Authored by Christy Philip Mathew

XML-Sitemaps.com Sitemap Generator version 6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2bd42dbf91751de1628f25918e017d294b2f5f4b76c190a44f3b5310b1c37bf6
Mandriva Linux Security Advisory 2013-190
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-190 - Stack-based buffer overflow in bmp parser. Updated autotrace package corrects the issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-1953
SHA-256 | d4e436b09101da37934c11d538f3b6b951b6cda3fc4ab0b3620e62c0511de14d
Mandriva Linux Security Advisory 2013-189
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-189 - A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially-crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption. Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to which was specific to SSRF in pingback requests and was fixed in 3.5.1. Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it; and to assign posts to other authors. Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins. The processing of an oEmbed response is vulnerable to an XXE. If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory. Content Spoofing in the MoxieCode MoxiePlayer project. Cross-domain XSS in SWFUpload.

tags | advisory, remote, web, denial of service, spoof, xss, xxe
systems | linux, mandriva
advisories | CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
SHA-256 | 3e869d97c655df62325e93db12a848e89fa7b202bd9d44aa6cf2f3bdfc8b51b0
Mandriva Linux Security Advisory 2013-188
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-188 - Updated otrs package fixes security vulnerabilities. An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-3551, CVE-2013-4088
SHA-256 | 7d19a09f24ad02fd41db8729335c14e2fe8c6d59b8cc21103605f7e53a251c40
Ubuntu Security Notice USN-1894-1
Posted Jul 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2174
SHA-256 | b0c43d70dabde816e72333203f3561abb2c311b5c26d05e19a439e2952cf3e75
Mandriva Linux Security Advisory 2013-187
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-187 - When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will systematically crash on every call to forceRequestBodyVariable (in phase 1).

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2765
SHA-256 | 8e9568efd15667c1287ddbf31ad02c896d6b93fac9ac4b3cc661e72f0dab2501
Mandriva Linux Security Advisory 2013-191
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-191 - Updated fail2ban packages fix CVE-2013-2178. Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, thus causing a denial of service.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-2178
SHA-256 | 789db71a44c938e575613058deef73fd5ca9c091e2a2e4ca5b0acbc94e31c7a3
Feedly.com Cross Site Scripting
Posted Jul 2, 2013
Authored by Andrea Menin

Feedly.com suffers from cross site scripting vulnerability that can be injected via a malicious RSS feed.

tags | exploit, xss
SHA-256 | 97a62552bc6341353fdb589f230aeb8974ed991a01bbafb2666d81a597e91a72
FileCOPA 7.01 Denial Of Service
Posted Jul 2, 2013
Authored by Chako

FileCOPA HTTP server version 7.01 suffers from a remote denial of service vulnerability.

tags | exploit, remote, web, denial of service
SHA-256 | a76ee35b0f7d759c4d562adf3a1d14a9cc94da28a97598e0df3beb4ea33e0cbe
Simple Weevely Guide
Posted Jul 2, 2013
Authored by n4sss

This is a whitepaper called Simple Weevely Guide. It is written in Portuguese.

tags | paper
SHA-256 | 8c2b5a41f39788d44fc3d28422da6b1e9b25562ea89d908c4cd70a1e3ba22f5d
Machform Form Maker 2 XSS / Shell Upload / SQL Injection
Posted Jul 2, 2013
Authored by Yashar shahinzadeh

Machform Form Maker 2 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
SHA-256 | 7f42c27f6e28d5a9e1f2ce8ed5dc1aa4c22b31529a3dbbefb780bc816ddb4efc
WordPress Category-Grid-View-Gallery XSS
Posted Jul 2, 2013
Authored by IeDb

WordPress category-grid-view-gallery plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d50895115abdef51a1d31cf22905f2b4da78d91bf38eed7eb6e91bbe058103fa
WordPress Feed SQL Injection
Posted Jul 2, 2013
Authored by IeDb

WordPress Feed plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3c9014585a2a98dd1c953e82d1074c0017746df91597cdedfeac5f4ea54ba306
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close