what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-07-02

ABBS Audio Media Player .LST Buffer Overflow
Posted Jul 2, 2013
Authored by Julien Ahrens | Site metasploit.com

This Metasploit module exploits a buffer overflow in ABBS Audio Media Player. The vulnerability occurs when adding an .lst, allowing arbitrary code execution with the privileges of the user running the application. This Metasploit module has been tested successfully on ABBS Audio Media Player 3.1 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows, xp, 7
advisories | OSVDB-75096
MD5 | f19370c5e9c6b75a14cbfad554a80e23
Ubuntu Security Notice USN-1895-1
Posted Jul 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1895-1 - It was discovered that libvirt incorrectly handled certain storage pool requests. A remote attacker could use this issue to cause libvirt to consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1962
MD5 | 39a97d480f952cfced03cdd880e3d396
Mandriva Linux Security Advisory 2013-192
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-192 - A security vulnerability was discovered and fixed in php-radius. Fixed a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2013-2220
MD5 | cc38faae5a9608455427e7e844b6ff2c
Real Player 16.0.2.32 Resource Exhaustion
Posted Jul 2, 2013
Authored by Akshaysinh Vaghela

Real Player versions 16.0.2.32 and below suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-3299
MD5 | 2280e75a48195b7d07f3bb424bc34e9c
Skype Android Lockscreen Bypass
Posted Jul 2, 2013
Authored by Pulser on XDA

The Skype for Android application appears to have a bug which permits the Android lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily, if the device is logged into Skype, and the "attacker" is able to call the "victim" on Skype.

tags | exploit, bypass
MD5 | debede8cb2db977c0a64255f58cba528
XML-Sitemaps.com Sitemap Generator 6.0 Cross Site Scripting
Posted Jul 2, 2013
Authored by Christy Philip Mathew

XML-Sitemaps.com Sitemap Generator version 6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f7c0cc7e6cee6fa73dbbb3f4b6f2b21b
Mandriva Linux Security Advisory 2013-190
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-190 - Stack-based buffer overflow in bmp parser. Updated autotrace package corrects the issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-1953
MD5 | 2d49962f0a096fe71f19d930344ad447
Mandriva Linux Security Advisory 2013-189
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-189 - A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially-crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption. Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to which was specific to SSRF in pingback requests and was fixed in 3.5.1. Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it; and to assign posts to other authors. Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins. The processing of an oEmbed response is vulnerable to an XXE. If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory. Content Spoofing in the MoxieCode MoxiePlayer project. Cross-domain XSS in SWFUpload.

tags | advisory, remote, web, denial of service, spoof, xss, xxe
systems | linux, mandriva
advisories | CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
MD5 | 72722938515381873f84bbd819def4b7
Mandriva Linux Security Advisory 2013-188
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-188 - Updated otrs package fixes security vulnerabilities. An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-3551, CVE-2013-4088
MD5 | 5ac714d6d36bf5acac7f058be33cbb04
Ubuntu Security Notice USN-1894-1
Posted Jul 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2174
MD5 | 64cb425c8db8d0271efc95c1417a28ab
Mandriva Linux Security Advisory 2013-187
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-187 - When ModSecurity receives a request body with a size bigger than the value set by the SecRequestBodyInMemoryLimit and with a Content-Type that has no request body processor mapped to it, ModSecurity will systematically crash on every call to forceRequestBodyVariable (in phase 1).

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2765
MD5 | 11770209673531481c084bfad1327387
Mandriva Linux Security Advisory 2013-191
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-191 - Updated fail2ban packages fix CVE-2013-2178. Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, thus causing a denial of service.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-2178
MD5 | 744a1884fc74026ba59a82306df57936
Feedly.com Cross Site Scripting
Posted Jul 2, 2013
Authored by Andrea Menin

Feedly.com suffers from cross site scripting vulnerability that can be injected via a malicious RSS feed.

tags | exploit, xss
MD5 | b3936fc021b68989b07cc457dbc6042d
FileCOPA 7.01 Denial Of Service
Posted Jul 2, 2013
Authored by Chako

FileCOPA HTTP server version 7.01 suffers from a remote denial of service vulnerability.

tags | exploit, remote, web, denial of service
MD5 | 06900ecb92ee63970a3f52764700842a
Simple Weevely Guide
Posted Jul 2, 2013
Authored by n4sss

This is a whitepaper called Simple Weevely Guide. It is written in Portuguese.

tags | paper
MD5 | abe21b22c2a43987f5ed6fab30bf9a2f
Machform Form Maker 2 XSS / Shell Upload / SQL Injection
Posted Jul 2, 2013
Authored by Yashar shahinzadeh

Machform Form Maker 2 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
MD5 | bd6ce211eaaf6f2176b6f23bf7f47611
WordPress Category-Grid-View-Gallery XSS
Posted Jul 2, 2013
Authored by IeDb

WordPress category-grid-view-gallery plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 60b12287410a5fa0ef2830d90aecd738
WordPress Feed SQL Injection
Posted Jul 2, 2013
Authored by IeDb

WordPress Feed plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f20f1b75292a43148cf52927d3132f3c
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close