what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2013-07-03

InstantCMS 1.6 Remote PHP Code Execution
Posted Jul 3, 2013
Authored by Akastep | Site metasploit.com

This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.

tags | exploit, arbitrary, php
SHA-256 | f892f3ba804eed45332252715f4d92a0ebdcd7ca8371e0832ec7162473120f06
SSLsplit 0.4.7
Posted Jul 3, 2013
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release prevents IETF draft public key pinning by removing HPKP headers from responses. Also, remaining threading issues in daemon mode are fixed, and the connection log now contains the HTTP status code and the size of the response.
tags | encryption
SHA-256 | 7e75b73ed026d9c776cf93a1d7ed5ad247973c3ce94a6b3367f474f7a56117db
Kasseler CMS 2 r1223 CSRF / XSS / SQL Injection
Posted Jul 3, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Kasseler CMS version 2 r1223 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2013-3727, CVE-2013-3728, CVE-2013-3729
SHA-256 | 12b1c13062d11a8309a56e262bd4c347eba49d379b6c1cbf8c2226e042152117
OpenX 2.8.10 Cross Site Scripting / Local File Inclusion
Posted Jul 3, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

OpenX version 2.8.10 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2013-3514, CVE-2013-3515
SHA-256 | d08e9e5a6bd82b06d1b3ad7f393924720a46ca189b23c473f598bd45b9eeed98
Apple Security Advisory 2013-07-02-1
Posted Jul 3, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-07-02-1 - Security Update 2013-003 is now available and addresses multiple arbitrary code execution vulnerabilities in QuickTime.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2013-1019, CVE-2013-1018, CVE-2013-1022
SHA-256 | c9b13d54d297a2db3d423a575aded10be3fbd77b2ef2e80d714924e848546c51
HP Security Bulletin HPSBUX02893
Posted Jul 3, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02893 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform Cross Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2012-2687, CVE-2012-4557
SHA-256 | a026ac31493a39f6f261c4aec7d39803b709c1fe4c6b7c6d2240611c6fa91a58
HP Security Bulletin HPSBUX02889 SSRT101252
Posted Jul 3, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02889 SSRT101252 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-0401, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2439, CVE-2013-2440
SHA-256 | b50420794c14b06ab55ad4945395d8ae2c7e9c3ca73b147fa80f486873254d64
Opera 12.15 Denial Of Service
Posted Jul 3, 2013

Opera 12.15 memory exhaustion denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | e80bf0b28cac486ed8ed4c65a980b26f413e23a47119c3060562212b52f3126c
Realtek Sound Manager Denial Of Service
Posted Jul 3, 2013
Authored by Asesino04

Realtek Sound Manager AvRack crash proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 5571c3274778602d5afbf29bf1a1f44fab2246bd70775144e79425502671e49d
Nokia 1280 Denial Of Service
Posted Jul 3, 2013
Authored by Un0wn_X

Nokia 1280 phones suffers from a denial of service vulnerability when receiving a large SMS.

tags | exploit, denial of service
SHA-256 | d9f25bc24431834e58b1a2f00204206fea4b065de403fb48237847e8901525ed
Ubuntu Security Notice USN-1897-1
Posted Jul 3, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1897-1 - Jibbers McGee discovered that PyMongo incorrectly handled certain invalid DBRefs. An attacker could use this issue to cause PyMongo to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2132
SHA-256 | f7df6691afceec93e40d2b7c17cfe08566dab81217a8c75bf19fb9bb583a07c3
Red Hat Security Advisory 2013-1014-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1014-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473
SHA-256 | 1ea596445194e8038f13aa4fba7db27eb68b91237da76b94dea648c9dafd2f06
Red Hat Security Advisory 2013-1013-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-0166, CVE-2013-0169, CVE-2013-2067, CVE-2013-2071
SHA-256 | 4d8adaa9bcaef993e656ec1d999154261c28702c77c144918b0a2f0f34812afd
Red Hat Security Advisory 2013-1011-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1011-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-2067, CVE-2013-2071
SHA-256 | cadd38f37fb1b46b32962ed1bb5969dfd435931e8d2d4a4d9dff2d5e6173a51c
Red Hat Security Advisory 2013-1012-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1012-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-2067, CVE-2013-2071
SHA-256 | 35427631191e8b8a15c2ccf348534c44c88f0f64d52cc8050a784c8592125f6c
Ubuntu Security Notice USN-1890-2
Posted Jul 3, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1890-2 - USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699
SHA-256 | 846f7f1bf324cd93d4bdbadbe1398e3342216f1da6747b6cd738d2ecd16507c3
Ubuntu Security Notice USN-1896-1
Posted Jul 3, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1896-1 - Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-2145
SHA-256 | cd9b66aa4310380ddd651277bec994c6ab25f0629793f8f40a7b052a5a172fe4
Debian Security Advisory 2718-1
Posted Jul 3, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2718-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
SHA-256 | 2b70fccd085f14980881182fe8865f3ab759e475f3afdd54e1319ff3a020960c
Linksys EA2700 / EA3500 / E4200 / EA4500 Unauthenticated Access
Posted Jul 3, 2013
Authored by Kyle Lovett

Linksys versions EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 suffer from an unauthenticated access vulnerability.

tags | advisory, bypass
systems | linux
SHA-256 | 266da9dd8a7b398661ea49b23a60a0543c4ac5cb9c8e7faecc5ce203cbee23b6
WordPress 3.5.1 Cross Site Scripting
Posted Jul 3, 2013
Authored by MustLive

WordPress versions 3.5.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 399aaad0a5a0c95b905a8449580b6486f0eff6989d9a49975f44518cc7308ae9
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close