exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2013-08-07

MyBB 1.6.10 Open Redirection
Posted Aug 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

MyBB version 1.6.10 suffers from an arbitrary site redirection vulnerability.

tags | exploit, arbitrary
MD5 | 233e2bd1df9ccfb555d54d3c3bc72b5b
GNU MAC Changer 1.6.0
Posted Aug 7, 2013
Site github.com

MAC Changer is a GNU/Linux utility for viewing/manipulating the MAC addresses of network interfaces. It can set specific, random, vendor-based (with a 6600+ vendor list), and device-type-based MACs.

Changes: This release fixed various important and less important issues.
tags | tool
systems | linux, unix
MD5 | 1257b18e9067a8192c9747da52aabdda
NIELD (Network Interface Events Logging Daemon) 0.4.0
Posted Aug 7, 2013
Authored by Tetsumune KISO | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.

Changes: This release adds traffic control support.
tags | tool, kernel, system logging
systems | unix
MD5 | 99941fdd0f41b119cdfff759dac6f2b1
Atlassian JIRA 6.0.3 Cross Site Scripting
Posted Aug 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

Atlassian JIRA suffers from a reflective cross site scripting issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Versions 6.0.2 and 6.0.3 are affected.

tags | exploit, arbitrary, xss
MD5 | 1665248a5b20c05c6f037bcd43b7ecf2
Apache CloudStack 4.0.x / 4.1.0 Cross Site Scripting
Posted Aug 7, 2013
Site cloudstack.apache.org

Apache CloudStack suffers from a cross site scripting vulnerability. Versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2, and 4.1.0 are affected.

tags | advisory, xss
advisories | CVE-2013-2136
MD5 | 9a63df0e087249a653679ca29df03fde
Nmap Http-domino-enum-passwords File Upload
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

An arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.

tags | advisory, web, arbitrary, file upload
advisories | CVE-2013-4885
MD5 | a5fc2d275d961f0c05933b6a24ed1221
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
Posted Aug 7, 2013
Authored by Alberto Solino, Core Security Technologies, Anibal Sacco, Alejandro Rodriguez | Site coresecurity.com

Core Security Technologies Advisory - Hikvision IP Cameras suffer from buffer overflow, authentication bypass, hard-coded credential, and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-4975, CVE-2013-4976, CVE-2013-4977
MD5 | 411332e5cd4f468d6326f947784eaaa6
Atlassian Confluence 5.3 Cross Site Scripting
Posted Aug 7, 2013
Authored by Muhammad Waqar

Atlassian Confluence versions 3.5.6 through 5.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | eefbe5dcd962b9b8c0d9392d1fdbd2b5
Microsoft Yammer Social Network O-Auth Bypass
Posted Aug 7, 2013
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Microsoft Yammer Social Network suffered from a critical information disclosure vulnerability due to an insecure O-Auth 2 implementation.

tags | exploit, info disclosure
MD5 | 519750349eb479b4882d32999b3c6b18
McAfee Superscan 4.0 Cross Site Scripting
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

McAfee Superscan version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4884
MD5 | 9d1beb98cd5f8def347f664747c29e7f
LibPKI 0.8.0
Posted Aug 7, 2013
Site openca.org

The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI-enabled application development. The library provides the developer with all the needed functionality to manage certificates, from generation to validation. It helps developers integrate X509 digital certificates into their applications, and implement complex cryptographic operations with a few simple function calls using a high-level cryptographic API. The library constitutes the core of other OpenCA Labs Projects like the PRQP Server, the OCSP Responder, and the OpenCA-NG PKI.

Changes: Improvements over the last publicly available release (0.6.7) include fixing of various memory leaks in BIO handling and in OCSP responses signing, adding new errors for better logging of token issues, adding SOCK_DGRAM in PKI_NET_* interface, and a fixed OCSP interface for response building.
tags | library
systems | unix
MD5 | c184c210e7faa4c49d0ec9d351df689c
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta

This python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl, python
advisories | CVE-2011-0923, OSVDB-72526
MD5 | 170a7d65a9fbfba5d4a2f9d411ee7f6a
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta | Site metasploit.com

This Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl
systems | windows
advisories | CVE-2011-0923, OSVDB-72526
MD5 | 0930bb4ab77459873c9f363e210b5225
Mandriva Linux Security Advisory 2013-209
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-209 - The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service via a certain MOVE request against a revision root. This advisory provides the latest version of subversion which is not vulnerable to this issue.

tags | advisory, remote, denial of service, root
systems | linux, mandriva
advisories | CVE-2013-4131
MD5 | 57669466df4b3489ef0c7ace634f4ea8
Mandriva Linux Security Advisory 2013-208
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-208 - A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. A stack-based buffer overflow was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-1960, CVE-2013-1961
MD5 | 043933168e59786f5094b4ebadb7cfe1
Mandriva Linux Security Advisory 2013-207
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-207 - Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service via a malformed packet. The updated packages for Enterprise Server 5.2 has been patched to correct this issue. The updated packages for Business Server 1 has been upgraded to the 3.6.17 version which resolves many upstream bugs and is not vulnerable to this issue. Additionally the libtevent packages are being provided which is a requirement since samba 3.6.16.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-4124
MD5 | 610557b99cfa511357a8efe60fd5f0d7
Slackware Security Advisory - httpd Updates
Posted Aug 7, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1896,CVE-2013-2249.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1896, CVE-2013-2249
MD5 | 05dae9e262a1d9c7721437cc7f8eb6ce
Ubuntu Security Notice USN-1924-1
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-1 - Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717, CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
MD5 | f91c4790e1839345d6a954b15bd64d78
Ubuntu Security Notice USN-1924-2
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, local, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
MD5 | 648ad9664d024d837cfaa2d628f25ba2
Slackware Security Advisory - samba Updates
Posted Aug 7, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4124.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4124
MD5 | 8626400fb0ab3a9acbd3a3112998776a
SocialEngine 4.5 Shell Upload
Posted Aug 7, 2013
Authored by Wesley Henrique Leite

SocialEngine version 4.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2013-4898
MD5 | 73a132b08904808a1a9119dc80eb5104
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close