exploit the possibilities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2013-07-18

Apple Quicktime 7 Invalid Atom Length Buffer Overflow
Posted Jul 18, 2013
Authored by Jason Kratzer, sinn3r, Paul Bates, Tom Gallagher | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2013-1017
MD5 | a1646cb63cfaaeaaefb0a99f3bba7eb2
HP Managed Printing Administration jobAcct Remote Command Execution
Posted Jul 18, 2013
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 (and before). The vulnerability exists in the UploadFiles() function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory traversal and null byte injection in order to achieve arbitrary file upload.

tags | exploit, arbitrary, file upload
advisories | CVE-2011-4166, OSVDB-78015
MD5 | 971b98d962ddabcf86fc3c2bfb350b90
Debian Security Advisory 2725-1
Posted Jul 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2725-1 - Two security issues have been found in the Tomcat servlet and JSP engine.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3544, CVE-2013-2067
MD5 | 1d44dbda0a1369c19437385911dfa5da
Symantec Workspace Virtualization 6.4.1895.0 Privilege Escalation
Posted Jul 18, 2013
Authored by MJ0011

Symantec Workspace Virtualization version 6.4.1895.0 local kernel mode privilege escalation exploit.

tags | exploit, kernel, local
MD5 | 794a5e985015d6d389ee6abc56b38b1f
HP Security Bulletin HPSBMU02900
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-5217
MD5 | e68ece6eca4b6abd956305d2390b79f5
HP Security Bulletin HPSBST02896 2
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02896 2 - A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device. All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today. HP StoreVirtual products are storage appliances that use a custom operating system, LeftHand OS, which is not accessible to the end user. Limited access is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ) however root access is blocked. Root access may be requested by HP Support in some cases to help customers resolve complex support issues. To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access by preventing repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system. Revision 2 of this advisory.

tags | advisory, root
advisories | CVE-2013-2352
MD5 | f0d9f2a4a53be629b43527f81e5f3626
WordPress WooCommerce 2.0.12 Cross Site Scripting
Posted Jul 18, 2013
Authored by Mirza Burhan Baig | Site blackbitz.net

WordPress WooCommerce version 2.0.12 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3ff89e78866e388aeba273eb99457f9e
Drupal Hostmaster 6.x Access Bypass
Posted Jul 18, 2013
Authored by Tim Lovelock | Site drupal.org

Drupal Hostmaster third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 289c0f1c4917b09b0f707b813700511f
Cisco Security Advisory 20130717-ips
Posted Jul 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities. Customers running a vulnerable version of the Cisco IDSM-2 Module should refer to the "Workarounds" section of this advisory for available mitigations. Workarounds that mitigate the Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability and Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability are available.

tags | advisory, denial of service, tcp, vulnerability
systems | cisco
MD5 | eb101879cff72af5ed51904381032de5
Roundcube Webmail 0.9.2 Cross Site Scripting
Posted Jul 18, 2013
Authored by Andrea Menin

Roundcube Webmail version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5645
MD5 | 1430bf8a4cb3083e868bb12583153ebf
Java SE 7 Issue 69
Posted Jul 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.

tags | advisory, java
MD5 | 82cbd474f2ee8179acbe5cbab1a7d0a0
Dell PacketTrap PSA 7.1 Cross Site Scripting
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri, Ibrahim El-Sayed | Site vulnerability-lab.com

Dell PacketTrap PSA version 7.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 8b382691df32befea6a14155713405c8
Dell PacketTrap MSP RMM 6.6.x Cross Site Scripting
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Dell PacketTrap MSP RMM version 6.6.x suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | fc2086d7b87aa1b3d2699e71703fd2cf
ePhoto Transfer 1.2.1 XSS / DoS / Command Injection
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ePhoto Transfer version 1.2.1 for iOS suffers from cross site scripting, denial of service, and command injection vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | bcbc4d90f7c32b0e14ddbb9ab9b84b73
Barracuda CudaTel 2.6.02.04 Cross Site Scripting
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda CudaTel version 2.6.02.04 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4ab749790a0f0026e40e9c1323554c48
Drupal MRBS 6.x / 7.x CSRF / SQL Injection
Posted Jul 18, 2013
Authored by Michael Hess | Site drupal.org

Drupal MRBS third party module versions 6.x and 7.x suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection, csrf
MD5 | 83751558678080d7b308f4520f8f9b21
NanoSSH Denial Of Service
Posted Jul 18, 2013
Authored by Marcus Meissner

NanoSSH on Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
MD5 | 13b0b3d42c5c2f2a3323ca586fa619e9
Using A Password With A Netcat Shell
Posted Jul 18, 2013
Authored by Vittorio Milazzo

This is a brief write up that provides a shell script for passwording a shell bound with netcat.

tags | paper, shell
MD5 | 51e9b10d4fe378456c10d15d7eae41e1
HP Security Bulletin HPSBHF02888 2
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02888 2 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2340, CVE-2013-2341
MD5 | 70a22fd066212ca3be2314cc37910381
Flux Player 3.1.0 LFI / Shell Upload
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Flux Player version 3.1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
MD5 | c8a1a6eeadc94b5ac41f3d90b768ad6f
OpenCMS 8.5.1 Cross Site Scripting
Posted Jul 18, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4600
MD5 | e4db0b72d8295705b0b1e7ccb3940c1f
WiFly 1.0 Pro Local File Inclusion / Shell Upload
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WiFly version 1.0 Pro for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
MD5 | e1adb7dcb305c1fedf0e0491571423dd
EMC Avamar 7.0 XSF / Improper Authorization
Posted Jul 18, 2013
Site emc.com

EMC Avamar version 7.0 suffers from improper authorization checks and cross frame scripting vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2013-3274, CVE-2013-3275
MD5 | 1d254f46ca39e8972770cd4f9cf40be4
Cisco Security Advisory 20130717-cucm
Posted Jul 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM. Cisco has released a Cisco Options Package (COP) file that addresses three of the vulnerabilities documented in this advisory. Cisco is currently investigating the remaining vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, vulnerability
systems | cisco
MD5 | 2f40b44b2c9f207decb8324056950c86
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close