all things security
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-08-02

Rite CMS 1.0.0 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 2, 2013
Authored by Yashar shahinzadeh

Rite CMS version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 846d512d73782d4292b46d1e6c2842f4
HP Security Bulletin HPSBUX02909
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02909 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
MD5 | 82cd82c0d2fb924b8690bc26820e638b
Telmanik CMS Press 1.01b SQL Injection
Posted Aug 2, 2013
Authored by Anarchy Angel

Telmanik CMS Press version 1.01b suffers from a remote SQL injection vulnerability in pages.php.

tags | exploit, remote, php, sql injection
MD5 | e81585afe9678fcbcafcf9c73d5f36d0
D-Link DIR-645 Buffer Overflow / Cross Site Scripting
Posted Aug 2, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from buffer overflow and cross site scripting vulnerabilities.

tags | exploit, overflow, vulnerability, xss
MD5 | 38e7a18c34392ffd2cf78fc889e126df
INSTEON Hub 2242-222 Lack Of Authentication
Posted Aug 2, 2013
Authored by David Bryan | Site trustwave.com

INSTEON Hub version 2242-222, a home automation controller for INSTEON and X10 compatible devices, fails to authenticate access to various APIs.

tags | exploit
advisories | CVE-2013-4859
MD5 | c848cd3f7d52dda197b27a7bf097dae1
Radio Thermostat Of America, Inc Lack Of Authentication
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API.

tags | exploit
advisories | CVE-2013-4860
MD5 | c7002a42578a939a30737a517afe49aa
Karotz Smart Rabbit 12.07.19.00 Hijacking / Cleartext Token
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities.

tags | exploit, vulnerability, python
advisories | CVE-2013-4868, CVE-2013-4867
MD5 | 0a70ef688d61234f7b84408bf6dd6616
LIXIL Satis Toilet Hard-Coded Bluetooth PIN
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory.

tags | exploit
advisories | CVE-2013-4866
MD5 | 7608f52aea3d01f53c378eba4365c1a6
MiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

MiCasaVerde VeraLite version 1.5.408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2013-4861, CVE-2013-4862, CVE-2013-4863, CVE-2013-4865
MD5 | 858b486823da52b68dbcfeb2198ebd23
HP Security Bulletin HPSBUX02908
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02908 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2433, CVE-2013-2437, CVE-2013-2442, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469
MD5 | aca475991c3b5c37b4c613c536b11fd9
HP Security Bulletin HPSBUX02907
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02907 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465
MD5 | 2a8b16aa8fdc274f5a16a7d6c97dbc64
SilverStripe CMS 3.0.3 Information Disclosure
Posted Aug 2, 2013
Authored by Fara Denise Rustein

SilverStripe CMS version 3.0.3 suffers from an information exposure issue through query strings in GET requests.

tags | exploit
advisories | CVE-2013-2653
MD5 | 0cc67f59fc0a8ab38f5b778dac50414a
Netsniff-NG High Performance Sniffer 0.5.8 RC2
Posted Aug 2, 2013
Authored by Tobias Klauser, Daniel Borkmann | Site code.google.com

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: Build system fixes and clean ups. Mausezahn man pages improvements. Compiler warnings fixed. Support for replaying/reading pcap capture files from/to tunnel devices.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
MD5 | 54ab185545de71b4250e0f3d2334c0c9
Fully Arbitrary 802.3 Packet Injection: Maximizing The Ethernet Attack Surface
Posted Aug 2, 2013
Authored by Andrea Barisani, Daniele Bianco | Site inversepath.com

It is generally assumed that sending and sniffing arbitrary, Fast Ethernet packets can be performed with standard Network Interface Cards (NIC) and generally available packet injection software. However, full control of frame values such as the Frame Check Sequence (FCS) or Start-of-Frame delimiter (SFD) has historically required the use of dedicated and costly hardware. This presentation, given at Blackhat 2013, dissects Fast Ethernet layer 1 and 2 presenting novel attack techniques supported by an affordable hardware setup that, using customized firmware, allows fully arbitrary frame injection. Proof of concept code also included.

tags | paper, arbitrary, proof of concept
systems | linux
MD5 | 1dace7812895df9b7323841146cc1e00
Fluidgalleries Photo Upload Shell Upload
Posted Aug 2, 2013
Authored by Iranian_Dark_Coders_Team

Fluidgalleries Photo Upload suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 4e02d0d3d0cbbc7c96e5b8b46f465b16
Digital Whisper Electronic Magazine #44
Posted Aug 2, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 44. Written in Hebrew.

tags | magazine
MD5 | c699eb17ea8db222a02ed18d38396549
vtiger CRM 5.4.0 Authentication Bypass
Posted Aug 2, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.

tags | advisory, bypass
advisories | CVE-2013-3215
MD5 | 9b6cd45b8617951a38992ce83060d4f9
Siemens WinCC (TIA Portal) CSRF / URL Redirection
Posted Aug 2, 2013
Authored by Siemens ProductCERT | Site siemens.com

Siemens has updated WinCC SCADA and TIA Portal to address cross site request forgery and URL redirection vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2013-4911, CVE-2013-4912
MD5 | 00fc6448d12bde0f64dce230ed8d9234
Mandriva Linux Security Advisory 2013-205
Posted Aug 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-205 - A vulnerability has been discovered and corrected in gnupg and in libgcrypt. Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-4242
MD5 | 4b097be799ee433a1a9a180fe0368cbe
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    4 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close