what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-07-25

Debian Security Advisory 2727-1
Posted Jul 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2727-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473
MD5 | e62694963c1764d710b9144a3c00be45
Debian Security Advisory 2726-1
Posted Jul 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2726-1 - A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.

tags | advisory, overflow, php
systems | linux, debian
advisories | CVE-2013-2220
MD5 | 124b6d03535cf6cd15e4c6543da92085
Mandriva Linux Security Advisory 2013-199
Posted Jul 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-199 - Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service. The updated packages have been patched to correct this issue.

tags | advisory, web, overflow
systems | linux, mandriva
advisories | CVE-2013-4115
MD5 | 2f16e7ead094d1ed637dfef5bc3689b7
Ubuntu Security Notice USN-1909-1
Posted Jul 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1909-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1861, CVE-2013-2162, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812
MD5 | 11b3434915e8e904fe50c1248d2e2410
Alienvault OSSIM Cross Site Scripting
Posted Jul 25, 2013
Authored by xistence

Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7e00cea61a072e5a7d6a76b224857d56
HP Security Bulletin HPSBGN02905
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-2368, CVE-2013-2369, CVE-2013-2370, CVE-2013-4797, CVE-2013-4798, CVE-2013-4799, CVE-2013-4800, CVE-2013-4801
MD5 | b2cf205493c8ebaea51737271a24652f
HP Security Bulletin HPSBGN02906
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02906 - A potential security vulnerability has been identified with HP Application Lifecycle Management Quality Center (ALM). The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2013-4802
MD5 | 83097080327b818d81f9e1ae5cb1cb35
HP Security Bulletin HPSBMU02894
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858, CVE-2012-3546
MD5 | 52209165529830d2a9b070a87e821507
Trickfire Spoofing Script
Posted Jul 25, 2013
Authored by Vittorio Milazzo

Bash script that permits spoofing of LAN connections and deceive firewalls, proxies, and IDS/NIDS traffic logging.

tags | tool, spoof, bash
systems | linux, unix
MD5 | 5f621ccc1b8707aeb1cec6a14971ddb4
Powershell Payload Web Delivery
Posted Jul 25, 2013
Authored by Ben Campbell, Christopher Campbell | Site metasploit.com

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is unlikely to trigger AV solutions and will allow to attempt local privilege escalations supplied by meterpreter etc. You could also try your luck with social engineering. Ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

tags | exploit, remote, web, x86, local
MD5 | 430aaebf868e9484d75294b7d275f3d8
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Posted Jul 25, 2013
Authored by sinn3r, juan vazquez, Takeshi Terada | Site metasploit.com

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.

tags | exploit
systems | linux, windows, ubuntu
advisories | CVE-2013-2251, OSVDB-95405
MD5 | f4dcb90843377c8138d0fd07f5f040c5
Cisco Security Advisory 20130724-vsm
Posted Jul 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.

tags | advisory, vulnerability
systems | cisco
MD5 | 39fe47317d91895a8edff9641396da34
Windu CMS 2.2 Cross Site Request Forgery
Posted Jul 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

Windu CMS version 2.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 60c054ab0f55f05a93cedf834b95efee
ARP-Scan ARP Generation Tool 1.9
Posted Jul 25, 2013
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: This release adds support for ARM 64-bit CPUs and Dragonfly BSD, adds a --rtt (-D) option to display the packet round-trip time, uses libpcap functions to obtain the interface IP address and send the packet (to increase portability), requires libpcap 0.9.3 or later, raises the default timeout from 100ms to 500ms to avoid missed responses from slow-responding hosts, modifies the get-iab and get-oui scripts to the support new IEEE website URL and new file format (also fixes the -u option in these scripts), updates MAC/Vendor mapping files from the IEEE website, and adds additional arp-fingerprint patterns.
tags | tool, scanner, protocol
systems | unix
MD5 | 38584d6c1edfa9f6b41d496e4a5539f1
Broadkam PJ871 Authentication Bypass
Posted Jul 25, 2013
Authored by d3c0der

The Broadkam PJ871 DSL router does not authenticate password change requests. Broadkam is a knock-off Chinese vendor.

tags | exploit, bypass
MD5 | 1a2e77c68e986b126deefd6be19a734f
Page 1 of 1

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By