exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-08-14

Nmap NSE Vulscan 2.0
Posted Aug 14, 2013
Authored by Marc Ruef

This is a NSE script written for nmap that adds vulnerability scanning.

Changes: Added version identification support, which may improve the accuracy of findings as long as the linked vulnerability databases provide version information. Squashed a parsing bug if the server response did contain a special character. This caused the script to fail under some circumstances.
tags | tool, nmap
systems | unix
SHA-256 | 83f3c568ec7872a28bedb9da04a868377573b2544d75b2e1d2a7e96f0de281aa
DotNetNuke DNNArticle 10.0 SQL Injection
Posted Aug 14, 2013
Authored by Sajjad Pourali

DotNetNuke DNNArticle module versions 10.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5117
SHA-256 | 3418ca4d1ae20f2fa6d4bc50f7515ed9bbbff0fa1ebe71846e7fb3de94fd2c36
Drupal Password Policy 6.x / 7.x Cross Site Scripting
Posted Aug 14, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Password Policy third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | c40e41a826657748ed02ee7f8067fcec7db89f9c774f0574fccd0d67621dd868
Drupal Entity API 7.x Access Bypass
Posted Aug 14, 2013
Authored by Ezra Barnett Gildesgame, Derek Ahmedzai, Daniel Wehner, tanius | Site drupal.org

Drupal Entity API version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 306ad4a749d55e82431c05e5f483a030e0fea776244a2611db478fa23950bfec
Drupal BOTCHA Spam Prevention 7.x Information Disclosure
Posted Aug 14, 2013
Authored by Rob Hess | Site drupal.org

Drupal BOTCHA Spam Prevention third party module version 7.x suffers from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | e75e969fb138b8aa3836533eddc56d325b52dfa0dd6b756b49f028b37e2b0aa4
Subverting BIND's SRTT Algorithm: Derandomizing NS Selection
Posted Aug 14, 2013
Authored by Roee Hay, Jonathan Kalechstein, Gabi Nakibly

BIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.

tags | advisory
SHA-256 | 84356c82ef3047b3388b1711d4f92e2ade893d39556c93520d7e0953f3faf27f
Ubuntu Security Notice USN-1927-1
Posted Aug 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1927-1 - Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-2142
SHA-256 | f119bb9310e69655e310ff5fd8b5ab4e4715f2598b8ece8795beafcd0f842e7f
Ubuntu Security Notice USN-1926-1
Posted Aug 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1926-1 - David Gibson discovered that SPICE incorrectly handled certain network errors. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4130
SHA-256 | cf1acb68ba0a829481703e54c3382683d9a83d1059212ebee71b20e35b60e212
Tunna 0.1
Posted Aug 14, 2013
Authored by Nikos Vassakis | Site secforce.com

Tunna is an HTTP tunneling framework that encapsulates TCP traffic and can bind ports from the remote host to the localhost. It can be used to bypass firewall restrictions when testing web applications. It integrates with Metasploit.

tags | tool, remote, web, tcp
systems | unix
SHA-256 | c34b4727681dca141173b9fb57f1fa072bb84acc0eef0ce9d956ba209d64326d
Microsoft Security Bulletin Re-Release For August, 2013
Posted Aug 14, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for August, 2013.

tags | advisory
SHA-256 | 066f7e15f031a55988c403f8d1948b35ece80a4583eaab245bf5e9faa005da1f
Drupal 7.22 / 6.28 Cross Site Scripting
Posted Aug 14, 2013
Authored by Justin C. Klein Keane, Greg Knaddison

Drupal versions 7.22 and 6.28 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e04775da7a9ee6e34c96ad35efc7a981fa752926363c46cfdef6ebd1d28e355d
Intrasrv 1.0 Buffer Overflow
Posted Aug 14, 2013
Authored by xis_one | Site metasploit.com

This Metasploit module exploits a boundary condition error in Intrasrv Simple Web Server 1.0. The web interface does not validate the boundaries of an HTTP request string prior to copying the data to an insufficiently large buffer. Successful exploitation leads to arbitrary remote code execution in the context of the application.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-94097
SHA-256 | 49e8f27267aed47c682375ea5911705765e895cff8046206e064332f203dd75a
MiniWeb (Build 300) Arbitrary File Upload
Posted Aug 14, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, web, arbitrary, code execution, file upload
systems | windows
advisories | OSVDB-92198, OSVDB-92200
SHA-256 | b4d11d94bdfda21fed51296f5789bea65f23c1f03f5b7bd525895268f5a560b0
Ultra Mini HTTPD Stack Buffer Overflow
Posted Aug 14, 2013
Authored by superkojiman | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21 allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request.

tags | exploit, remote, web, overflow, arbitrary
advisories | CVE-2013-5019, OSVDB-95164
SHA-256 | 038f10bb10c9227f8c10522b7408feabf6f8db03f7a4f6c92e23b302fab084dd
Chasys Draw IES Buffer Overflow
Posted Aug 14, 2013
Authored by juan vazquez, Javier Soez, Longinos Recuero Bustos, Christopher Gabriel | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in Chasys Draw IES (version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while parsing BMP files, where the ReadFile function is used to store user provided data on the stack in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted BMP file. This Metasploit module has been tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3928
SHA-256 | 56e7fba84288627ba505da717c62532dbb987a53ddb5f03f8701ff982a5809ad
Joomla Media Manager File Upload Vulnerability
Posted Aug 14, 2013
Authored by juan vazquez, Jens Hinrichsen | Site metasploit.com

This Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly.

tags | exploit, arbitrary, code execution, file upload
systems | linux, ubuntu
advisories | OSVDB-95933
SHA-256 | 346ac09164eab95f37585db1e9d762bf419fcb281b6d4c1fd3c23cf6499a9c20
Quick Blind TCP Connection Spoofing With SYN Cookies
Posted Aug 14, 2013
Authored by Jakob Lell | Site jakoblell.com

TCP uses 32 bit Seq/Ack numbers in order to make sure that both sides of a connection can actually receive packets from each other. Additionally, these numbers make it relatively hard to spoof the source address because successful spoofing requires guessing the correct initial sequence number (ISN) which is generated by the server in a non-guessable way. It is commonly known that a 32 bit number can be brute forced in a couple of hours given a fast (gigabit) network connection. This article shows that the effort required for guessing a valid ISN can be reduced from hours to minutes if the server uses TCP SYN Cookies (a widely used defense mechanism against SYN-Flooding DOS Attacks), which are enabled by default for various Linux distributions including Ubuntu and Debian.

tags | paper, spoof, tcp
systems | linux, debian, ubuntu
SHA-256 | b8f8a5a1565210c001b8928ecc2c9c00ee0638f668d5a0c9e076bda0c08391c5
Bash 3.0 Shell Sniffer 0.2 Auto Installer
Posted Aug 14, 2013
Authored by x90c | Site x90c.org

This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.

tags | tool, shell, rootkit, bash
systems | unix
SHA-256 | 0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885
Bash 3.0 Shell Sniffer 0.2
Posted Aug 14, 2013
Authored by x90c | Site x90c.org

This code is a shell sniffer that logs keystrokes for bash 3.0.

tags | tool, shell, rootkit, bash
systems | unix
SHA-256 | 9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0
Spitefire CMS 1.1.4 Cross Site Request Forgery
Posted Aug 14, 2013
Authored by Yashar shahinzadeh

Spitefire CMS version 1.1.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | ea3407f1824ad7c77a3cacdc1905bae5111be20f4e6cfb3d3bf1e7fb544d7510
Soltech CMS 0.4 SQL Injection
Posted Aug 14, 2013
Authored by MustLive

Soltech CMS version 0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c456e6512195b6a7b73173fbd126978ba516f9a26da09e2b8db06a723582941d
Packet Storm Advisory 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify()
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | c91966468587a351ac5a5ab7a6a5efec2d287d47df6ed6e6126cbf0ebccbe4b2
Packet Storm Exploit 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | f02354c5057ad3ef8f665611f60e6520a4278402c6472e75be9045ca31f8566e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close