exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-08-09

D-Link Devices Unauthenticated Remote Command Execution
Posted Aug 9, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in command.php, which is accessible without authentication. This Metasploit module has been tested with the versions DIR-600 2.14b01, DIR-300 rev B 2.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit, web, php
advisories | OSVDB-89861
SHA-256 | 8a06110527ae3c72725545cc043ee9d4ea6e4d06ff5b64679ba754e17db95b66
OpenX Backdoor PHP Code Execution
Posted Aug 9, 2013
Authored by egypt, temp66 | Site metasploit.com

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload.

tags | exploit
advisories | CVE-2013-4211
SHA-256 | e988ca61d33c8f55653084886e430badc06f1b7c8ab5e01912529cbb5ff29495
Squash YAML Code Execution
Posted Aug 9, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the YAML request processor of the Squash application.

tags | exploit, remote, code execution
advisories | CVE-2013-5036, OSVDB-95992
SHA-256 | fc00f4fbda4fdc1a32aa9bdff033447322b5fcafce8ce2e1bc082b5640a25f2d
sXid 4.20130802
Posted Aug 9, 2013
Authored by Ben Collins

sXid is an all-in-one suid/sgid monitoring program designed to be run from cron on a regular basis. It tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that are not set any more, or they have changed bits or other modes, it reports the changes in an easy to read format via email or on the command line.

Changes: sXid now uses a SHA-256 hash function to track files. autoconf settings was updated to version 2.69. automake 1.13.3 is used to generate Makefiles. A --version option was added. /media and /sys directories were added to the EXCLUDE option. Man pages were converted to an mdoc macro. The README was converted to Markdown format. There were minor code improvements and miscellaneous bugfixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 935d665dc508bc537bc4d0fca352a66610dc8e945d9aeee246b0546a86100124
Tribq CMS 5.2.7 Cross Site Request Forgery
Posted Aug 9, 2013
Authored by Yashar shahinzadeh

Tribq CMS version 5.2.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4d44e3fea6c244f5e104df9950d911d07dfcc6234e98964332b407825d055065
WordPress HMS Testimonials 2.0.10 XSS / CSRF
Posted Aug 9, 2013
Authored by RogueCoder

WordPress HMS Testimonials plugin version 2.0.10 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | b170cac016ca75bde2a90b9cfe397923741d38a080b18d51db3ab1b7c56cc983
Taint Analysis And Pattern Matching With Pin
Posted Aug 9, 2013
Authored by Jonathan Salwan

This is a whitepaper called Taint analysis and pattern matching with Pin. All examples in this document are considered a proof of concept and are meant to give others ideas.

tags | paper, proof of concept
SHA-256 | ec76a2f8def58b42c1d7b3105a4bea93f29bbf23d2776a4316a9981f1cb84489
HP Security Bulletin HPSBHF02912
Posted Aug 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02912 - Potential security vulnerabilities have been identified with HP Networking Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and denial of service. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4806
SHA-256 | d03c9b169146e0687bb59aaab2fe47550ed986257cae1e3086ec8b1ef4ab08e9
Joomla redSHOP 1.2 SQL Injection
Posted Aug 9, 2013
Authored by Matias Fontanini

Joomla redSHOP component version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c15326a129a72e3584876c4ff3df10d8d4b2691cb885ec30419442cf9ab2d643
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Aug 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | f4f1e674b053b5d94b19ef14c2d585594e4bbb6ddcc4c7a0fb4e67afe988ebfa
Slackware Security Advisory - seamonkey Updates
Posted Aug 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 9f2c94e67d57a39aae74593e196dbad4aaff96fa307a146a39df18ec91e28927
Slackware Security Advisory - mozilla-firefox Updates
Posted Aug 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | ab0e1f8e42680410b7df3e2081ad1f09161607cb4d1b61492aa92e1d58469041
Red Hat Security Advisory 2013-1147-01
Posted Aug 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1147-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-5783, CVE-2013-0269, CVE-2013-1821
SHA-256 | 11be102b169787b03d6c2152f3add04d435de5e2cb57176df49df6ccdaf958a5
NetworkMiner 1.4.1 DLL Hijacking / Directory Traversal
Posted Aug 9, 2013
Authored by Erik Hjelmvik

NetworkMiner versions 1.4.1 and below suffer from DLL hijacking and directory traversal vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | 92e3944c0ec7f6f7571cad8827f0f0ea22455c258d2d835385eb79a442e59aef
Open Real Estate CMS 1.5.1 CSRF / Path Disclosure / SQL Injection
Posted Aug 9, 2013
Authored by Yashar shahinzadeh

Open Real Estate CMS version 1.5.1 suffers from cross site request forgery, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion, info disclosure, csrf
SHA-256 | 18a7cc01027a952a1c8ff2f3d301acd72b126bdb325df567f52c713fc167c5d4
ZZN SQL Injection / XSS / Credential Disclosure
Posted Aug 9, 2013
Authored by Juan Carlos Garcia

ZZN (Web Hosting and Free email accounts) suffers from cross site scripting, remote blind SQL injection, and credential disclosure vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection, info disclosure
SHA-256 | 6366cc696316ce5d9a9ad1c083d31746295d4a474bb3f4aeb475ce0ef05f30a9
Exact Audio Copy 1.0 Beta 3 Vulnerable Components
Posted Aug 9, 2013
Authored by Stefan Kanthak

Exact Audio Copy version 1.0 beta 3 ship with outdated, unsupported, and vulnerable third party components.

tags | advisory
SHA-256 | d7401c6892ad2df18ff9b12c1511d96fd4462a5e69d677d669cd5e0b25e1edee
PHPFox 3.4.1 Cross Site Scripting
Posted Aug 9, 2013
Authored by Mehdi Dadkhah

PHPFox version 3.4.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3531b4b75e68b1c21bed7dfd07202f1930665093ef0368fe32928a381b2b0a4d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close