seeing is believing
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-07-24

WordPress Duplicator 0.4.4 Cross Site Scripting
Posted Jul 24, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4625
MD5 | f5ed38919ebf60c33cdf7aced877de1d
Windu CMS 2.2 Cross Site Scripting
Posted Jul 24, 2013
Authored by LiquidWorm | Site zeroscience.mk

Windu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 319d10014a209c8e62f3a8b2d72e2a14
AutoCAD DWG-AC1021 Heap Corruption
Posted Jul 24, 2013
Authored by Joshep J. Cortez Sanchez

AutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.

tags | advisory, arbitrary
advisories | CVE-2013-3665
MD5 | 2a13729243557456ed22e71e7aa751f3
Mandriva Linux Security Advisory 2013-198
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0339, CVE-2013-2877
MD5 | 25beea34e921a3859fbf38b5e844e2a8
Drupal Scald 6.x / 7.x Cross Site Scripting
Posted Jul 24, 2013
Authored by Klaus Purer | Site drupal.org

Drupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 1ff12cd1aca1579ef087f7e90cc65336
Magnolia CMS 5.0.1 Community Edition Cross Site Scripting
Posted Jul 24, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Magnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4759
MD5 | 0a455352ea15e7e429543669786b1f7b
JDWP Exploitation
Posted Jul 24, 2013
Authored by prdelka

This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).

tags | exploit, java, arbitrary, code execution, protocol
MD5 | d2393fd5c46ac860e38c29fc4e30d965
Juniper JunOS 9.x Cross Site Scripting
Posted Jul 24, 2013
Authored by Andrea Menin

Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.

tags | exploit, xss
systems | juniper
advisories | CVE-2014-3821
MD5 | 09aec546e2e8fb3a83f2428948e03269
Basic Forum XSS / CSRF / SQL Injection
Posted Jul 24, 2013
Authored by Sp3ctrecore

Basic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | c02990ec441e59e507897fed52722db2
iPic Sharp 1.2.1 Wifi Script Insertion
Posted Jul 24, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

iPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.

tags | exploit, local
systems | cisco, ios
MD5 | 98afefe7d6bbe8cd52212973bf7722d3
Easy Blog XSS / SQL Injection / Shell Upload
Posted Jul 24, 2013
Authored by Sp3ctrecore

Easy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
MD5 | 589e28cb13972bb2f6f3b49b77b0c419
FileChucker 4.56t-e07 Shell Upload
Posted Jul 24, 2013
Authored by Iranian_Dark_Coders_Team

FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 8bb5d6c43efff7d4f470fd1a33ed95e7
WhatsApp Abuse Issues
Posted Jul 24, 2013
Authored by Curesec Research Team

WhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.

tags | advisory
MD5 | 5bdfe282c884d3b9fe15ef1e9dd0a09d
Orbit Downloader SYN Flood
Posted Jul 24, 2013
Authored by Bhadresh Patel

Cyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.

tags | advisory, denial of service
MD5 | ebfc3dc4518a3de3814b626d1128381d
vBulletin 4.0.x SQL Injection
Posted Jul 24, 2013
Authored by n3tw0rk

vBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.

tags | exploit, remote, sql injection
MD5 | 2b64e85f5ca1b2250207d8ee15c00910
Mandriva Linux Security Advisory 2013-197
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-1861, CVE-2013-3802, CVE-2013-3804
MD5 | 629543ce28ec3bf0b57331577b982009
Red Hat Security Advisory 2013-1103-01
Posted Jul 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2013-4073
MD5 | 5e928029aabf36840608ca8a207f9a9a
Ubuntu Security Notice USN-1908-1
Posted Jul 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-2458, CVE-2013-1571, CVE-2013-2407, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451
MD5 | 1414986458488de8c4c736aee36c3594
Page 1 of 1
Back1Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close