accept no compromises
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-08-14

Nmap NSE Vulscan 2.0
Posted Aug 14, 2013
Authored by Marc Ruef

This is a NSE script written for nmap that adds vulnerability scanning.

Changes: Added version identification support, which may improve the accuracy of findings as long as the linked vulnerability databases provide version information. Squashed a parsing bug if the server response did contain a special character. This caused the script to fail under some circumstances.
tags | tool, nmap
systems | unix
MD5 | 1a48a563112f7d4ed132994b785b521a
DotNetNuke DNNArticle 10.0 SQL Injection
Posted Aug 14, 2013
Authored by Sajjad Pourali

DotNetNuke DNNArticle module versions 10.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5117
MD5 | 5f08c601e0c660b1504874f2377ea360
Drupal Password Policy 6.x / 7.x Cross Site Scripting
Posted Aug 14, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Password Policy third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 7e5badbf44d775e6ef21db793b16d7d2
Drupal Entity API 7.x Access Bypass
Posted Aug 14, 2013
Authored by Ezra Barnett Gildesgame, Derek Ahmedzai, Daniel Wehner, tanius | Site drupal.org

Drupal Entity API version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 903cef3449552daf1aec8d86e24edeb1
Drupal BOTCHA Spam Prevention 7.x Information Disclosure
Posted Aug 14, 2013
Authored by Rob Hess | Site drupal.org

Drupal BOTCHA Spam Prevention third party module version 7.x suffers from an information disclosure vulnerability.

tags | advisory, info disclosure
MD5 | f8b4682557894b56c327bd77a9e4315e
Subverting BIND's SRTT Algorithm: Derandomizing NS Selection
Posted Aug 14, 2013
Authored by Roee Hay, Jonathan Kalechstein, Gabi Nakibly

BIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.

tags | advisory
MD5 | dfeff92eab9896fa7fecfa797864d3f2
Ubuntu Security Notice USN-1927-1
Posted Aug 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1927-1 - Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-2142
MD5 | fcec954da3de82af2ef0036ccf690f10
Ubuntu Security Notice USN-1926-1
Posted Aug 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1926-1 - David Gibson discovered that SPICE incorrectly handled certain network errors. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4130
MD5 | 88b0ae00eca328bb7e8899264a2cdc32
Tunna 0.1
Posted Aug 14, 2013
Authored by Nikos Vassakis | Site secforce.com

Tunna is an HTTP tunneling framework that encapsulates TCP traffic and can bind ports from the remote host to the localhost. It can be used to bypass firewall restrictions when testing web applications. It integrates with Metasploit.

tags | tool, remote, web, tcp
systems | unix
MD5 | 6d81549dfb9171d253569397c9f0b250
Microsoft Security Bulletin Re-Release For August, 2013
Posted Aug 14, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for August, 2013.

tags | advisory
MD5 | ff57460d27b22a02f58c10e2dca3eeed
Drupal 7.22 / 6.28 Cross Site Scripting
Posted Aug 14, 2013
Authored by Justin C. Klein Keane, Greg Knaddison

Drupal versions 7.22 and 6.28 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4eb998e931c5824252e44f9186af20d8
Intrasrv 1.0 Buffer Overflow
Posted Aug 14, 2013
Authored by xis_one | Site metasploit.com

This Metasploit module exploits a boundary condition error in Intrasrv Simple Web Server 1.0. The web interface does not validate the boundaries of an HTTP request string prior to copying the data to an insufficiently large buffer. Successful exploitation leads to arbitrary remote code execution in the context of the application.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-94097
MD5 | da075e4e6bcae38ea0d3d84857e63162
MiniWeb (Build 300) Arbitrary File Upload
Posted Aug 14, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, web, arbitrary, code execution, file upload
systems | windows
advisories | OSVDB-92198, OSVDB-92200
MD5 | fa38cf29be5e352355ed7ba6d0f4e3e4
Ultra Mini HTTPD Stack Buffer Overflow
Posted Aug 14, 2013
Authored by superkojiman | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21 allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request.

tags | exploit, remote, web, overflow, arbitrary
advisories | CVE-2013-5019, OSVDB-95164
MD5 | ba6c03a595c72b9373824b200d1411dc
Chasys Draw IES Buffer Overflow
Posted Aug 14, 2013
Authored by juan vazquez, Javier \soez\, Longinos Recuero Bustos, Christopher Gabriel | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in Chasys Draw IES (version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while parsing BMP files, where the ReadFile function is used to store user provided data on the stack in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted BMP file. This Metasploit module has been tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows, xp, 7
advisories | CVE-2013-3928
MD5 | ff8438fa506ca940bd0b7688c3585603
Joomla Media Manager File Upload Vulnerability
Posted Aug 14, 2013
Authored by juan vazquez, Jens Hinrichsen | Site metasploit.com

This Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly.

tags | exploit, arbitrary, code execution, file upload
systems | linux, ubuntu
advisories | OSVDB-95933
MD5 | cf5b61f56c69e484e93a550bb8d8378c
Quick Blind TCP Connection Spoofing With SYN Cookies
Posted Aug 14, 2013
Authored by Jakob Lell | Site jakoblell.com

TCP uses 32 bit Seq/Ack numbers in order to make sure that both sides of a connection can actually receive packets from each other. Additionally, these numbers make it relatively hard to spoof the source address because successful spoofing requires guessing the correct initial sequence number (ISN) which is generated by the server in a non-guessable way. It is commonly known that a 32 bit number can be brute forced in a couple of hours given a fast (gigabit) network connection. This article shows that the effort required for guessing a valid ISN can be reduced from hours to minutes if the server uses TCP SYN Cookies (a widely used defense mechanism against SYN-Flooding DOS Attacks), which are enabled by default for various Linux distributions including Ubuntu and Debian.

tags | paper, spoof, tcp
systems | linux, debian, ubuntu
MD5 | e45ccc2ac51d5bc09c7ebdf637082168
Bash 3.0 Shell Sniffer 0.2 Auto Installer
Posted Aug 14, 2013
Authored by x90c | Site x90c.org

This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.

tags | tool, shell, rootkit, bash
systems | unix
MD5 | 7180cd9a300346b510a10080701627c4
Bash 3.0 Shell Sniffer 0.2
Posted Aug 14, 2013
Authored by x90c | Site x90c.org

This code is a shell sniffer that logs keystrokes for bash 3.0.

tags | tool, shell, rootkit, bash
systems | unix
MD5 | 15f6b35cbcc70e3a7bfa07915825be60
Spitefire CMS 1.1.4 Cross Site Request Forgery
Posted Aug 14, 2013
Authored by Yashar shahinzadeh

Spitefire CMS version 1.1.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | f10d4bebcce01e452ba299b2927a785b
Soltech CMS 0.4 SQL Injection
Posted Aug 14, 2013
Authored by MustLive

Soltech CMS version 0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1615b0dd5bf6134a85ce6b6be7b3b3a0
Packet Storm Advisory 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify()
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 66b47dfda969e55a09e7ac25861c8486
Packet Storm Exploit 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 0dbe90f085f956db88aac3e897a70289
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    4 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close