what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2013-08-21

Bitbot C2 Panel Cross Site Scripting / SQL Injection
Posted Aug 21, 2013
Authored by bwall

Bitbot C2 Panel suffers from cross site scripting and remote SQL injection vulnerabilities in gate2.php.

tags | exploit, remote, php, vulnerability, xss, sql injection
MD5 | 0f4dc4726704e210ced0dadbe089357b
Gentoo Linux Security Advisory 201308-01
Posted Aug 21, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-1 - Multiple vulnerabilities have been found in Putty, allowing attackers to compromise user system. Versions less than 0.63 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4607, CVE-2013-4852
MD5 | 1ae474a67b14e713e45a307fbb80fd4a
Debian Security Advisory 2739-1
Posted Aug 21, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2739-1 - Two security issues (SQL injection and command line injection via SNMP settings) were found in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, sql injection
systems | linux, debian
advisories | CVE-2013-1434, CVE-2013-1435
MD5 | 14e13b75e32940f53a89648551a844ab
Red Hat Security Advisory 2013-1171-01
Posted Aug 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1171-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A denial of service flaw was found in the way HTCondor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service user could use this flaw to cause condor_startd to exit by submitting a job that caused such a policy definition to be evaluated to either the ERROR or UNDEFINED states.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4255
MD5 | cbac5d6763643d87b3f5b776eca2f619
Red Hat Security Advisory 2013-1172-01
Posted Aug 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1172-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A denial of service flaw was found in the way HTCondor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service user could use this flaw to cause condor_startd to exit by submitting a job that caused such a policy definition to be evaluated to either the ERROR or UNDEFINED states.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4255
MD5 | e40a88f790a2647d3cceab2547e28323
Red Hat Security Advisory 2013-1170-01
Posted Aug 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1170-01 - MongoDB is a NoSQL database. PyMongo provides tools for working with MongoDB. A flaw was found in the run() function implementation in MongoDB. A database user permitted to send database queries to a MongoDB server could use this flaw to crash the server or, possibly, execute arbitrary code with the privileges of the mongodb user. A NULL pointer dereference flaw was found in PyMongo. An invalid DBRef record received from a MongoDB server could cause an application using PyMongo to crash.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-1892, CVE-2013-2132
MD5 | ceff92671f692de94467a2b04fffbaac
Mandriva Linux Security Advisory 2013-214
Posted Aug 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-214 - Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname against the certificate's subjectAltName's dNSName general names.

tags | advisory, python
systems | linux, mandriva
advisories | CVE-2013-4328
MD5 | 003a92eea68babd43195fc3585679ed4
Samba Remote Denial Of Service
Posted Aug 21, 2013
Authored by x90c

Samba malformed nttrans smb packet remote denial of service exploit.

tags | exploit, remote, denial of service
advisories | CVE-2013-4124
MD5 | 113373cd7b0372c4f7190e40014c7627
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
Posted Aug 21, 2013
Authored by Ramon de C Valle | Site metasploit.com

This Metasploit module exploits a mass assignment vulnerability in the create action of users controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator account. For this exploit to work, your account must have create_users permission (e.g., Manager role).

tags | exploit, arbitrary
systems | linux, redhat
advisories | CVE-2013-2113, OSVDB-94655
MD5 | 6b7d123975185a045bc7808f5ce92877
Samba nttrans Replay Integer Overflow
Posted Aug 21, 2013
Authored by x90c

This is a brief paper detailing the Samba nttrans reply integer overflow vulnerability.

tags | paper, overflow
advisories | CVE-2013-4124
MD5 | 2dd13b92c134e4d1285d33a405573e06
DeWeS 0.4.2 Path Traversal
Posted Aug 21, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

DeWeS web server version 0.4.2 suffers from a path traversal vulnerability.

tags | exploit, web, file inclusion
advisories | CVE-2013-4900
MD5 | 7410c62cf2e2129574d3e8395680f13c
Sparty 0.1
Posted Aug 21, 2013
Site sparty.secniche.org

Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

tags | tool, web, scanner, python
systems | unix
MD5 | 2a8a9effbbd046f6de6f8550de023516
WordPress ThinkIT 0.1 CSRF / Cross Site Scripting
Posted Aug 21, 2013
Authored by Yashar shahinzadeh

WordPress ThinkIT plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 2273d6dac1c8299d36c5817a9adb79e2
AlgoSec Firewall Analyzer 6.4 Cross Site Scripting
Posted Aug 21, 2013
Authored by asheesh anaconda, Asheesh Kumar Mani Tripathi

AlgoSec Firewall Analyzer version 6.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5043291b531114b392f9907725929971
freeFTPd 1.0.10 Buffer Overflow
Posted Aug 21, 2013
Authored by Wireghoul | Site justanotherhacker.com

freeFTPd version 1.0.10 PASS command SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | 706f878acc4678d22b7b11d8bf0d6c7f
ALLMediaServer 0.95 Overflow For Win 7
Posted Aug 21, 2013
Authored by metacom

ALLMediaServer version 0.95 SEH overflow exploit written for Windows 7 German.

tags | exploit, overflow
systems | windows, 7
MD5 | d32b7646cd4ed4f7eb923ad473d79034
Graphite Web Unsafe Pickle Handling
Posted Aug 21, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the pickle handling of the rendering code in the Graphite Web project between version 0.9.5 and 0.9.10 (both included).

tags | exploit, remote, web, code execution
advisories | CVE-2013-5093
MD5 | 40478b29ed1ac71ebfeb54e5fe779a0f
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close