exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2013-08-23

FreeBSD Security Advisory - sctp Kernel Memory Disclosure
Posted Aug 23, 2013
Authored by Michael Tuexen, Julian Seward | Site security.freebsd.org

FreeBSD Security Advisory - When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted. This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include an user-entered password.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2013-5209
SHA-256 | 31263b7b248f107d5f7ed98d3b388e63dc69a3862d01f93e4c9b344f9c86de7c
FreeBSD Security Advisory - IP_MSFILTER Integer Overflow
Posted Aug 23, 2013
Authored by Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation.

tags | advisory, overflow, kernel
systems | freebsd
advisories | CVE-2013-3077
SHA-256 | 831fd4ba520eff2086ca0682aa7616522338d8662d219c74c434ceb7166343db
Debian Security Advisory 2740-1
Posted Aug 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2740-1 - Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework.

tags | advisory, web, xss, python
systems | linux, debian
SHA-256 | 1671b9c95174b9e627098dc3bd5a91753223b915764d97e06efb1312af248f2f
Gentoo Linux Security Advisory 2013-08-04
Posted Aug 23, 2013
Site security.gentoo.org

Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-6120, CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275, CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
SHA-256 | 0540da72c54f57cbe5a156cdb95056d98fa489beca31a869e539fa0bb49ca073
Mandriva Linux Security Advisory 2013-219
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-219 - Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. Pedro Ribeiro discovered a use-after-free flaw in the t2p_readwrite_pdf_image\(\) function in tiff2pdf, a tool for converting a TIFF image to a PDF document. A remote attacker could provide a specially-crafted TIFF file that, when processed by tiff2pdf, would cause tiff2pdf to crash or, potentially, execute arbitrary code with the privileges of the user running tiff2pdf.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4231, CVE-2013-4232
SHA-256 | abadfaec26a7eeb332d6857b3d9a3fda4971210c3fa04c79b7632f3de3d6ec6e
Samba nttrans Denial Of Service
Posted Aug 23, 2013
Authored by x90c

Samba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.

tags | exploit, remote, denial of service
advisories | CVE-2013-4124
SHA-256 | 9ffc449f91de8aebdf2d549084d0b7ded62399e2e6a995fffee9b45af3a36af1
Mandriva Linux Security Advisory 2013-218
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-218 - The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript.

tags | advisory, web, javascript, xss, python
systems | linux, mandriva
advisories | CVE-2013-4249
SHA-256 | 1504a9f25eef5880d207471510df5d68d0689eb24ea616adf9a8ef6310edda32
Mandriva Linux Security Advisory 2013-217
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-217 - Updated spice packages address a vulnerability. A user able to initiate spice connection to the guest could use a flaw in server/red_channel.c to crash the guest.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4130
SHA-256 | 0141aa0c20e6ba7b8bc867edb78229f58246fea99e2959aac781d177685f0cec
Mandriva Linux Security Advisory 2013-216
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

tags | advisory, arbitrary, local, perl
systems | linux, mandriva
advisories | CVE-2011-4363
SHA-256 | e270d97c7c30cd1dfa32136b75cbfb5d2f2f8687db2bbac9746b8e5e5f17ef6a
FICOBank Information Disclosure / Cross Site Scripting
Posted Aug 23, 2013
Authored by Juan Carlos Garcia

FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.

tags | exploit, vulnerability, xss
SHA-256 | a3b64ae17ac6373785bfcea917ed3efed819ce567e81d61f13690c93de1a211e
mooSocial 1.3 Cross Site Scripting / Local File Inclusion
Posted Aug 23, 2013
Authored by Esac

mooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | f6d11b27cd9d0d5b9bcb61f738af8f5ae3e5d96e66ec3b7958aa519b6521ef89
Spring Framework XXE Injection
Posted Aug 23, 2013
Authored by Alvaro Munoz

Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.

tags | advisory, xxe
advisories | CVE-2013-4152
SHA-256 | 44db748efe1afb0144c46a27348301fabb29af09798bbf1a847a659236ae224d
Cloudflare Cross Site Scripting
Posted Aug 23, 2013
Authored by Glenn Grant

Cloudflare suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 681015cc7dbb3e4d2e076c6ae25daf1f2af32856d530de408b2030a5a71a1587
Paypal Account Deletion
Posted Aug 23, 2013
Authored by Cernica Ionut Cosmin, Vulnerability Laboratory | Site vulnerability-lab.com

Paypal suffers from an arbitrary account deletion vulnerability that leverages unvalidated email account additions.

tags | exploit, arbitrary
SHA-256 | 841c2aec9aded6aabc4378df632abfd8fa15c280ccb7f358a5f308e52fa80358
GDD FLVPlayer 3.635 Cross Site Scripting / Content Spoofing
Posted Aug 23, 2013
Authored by MustLive

GDD FLVPlayer version 3.635 suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | 44f7dd1212681cf231fd4da478749b23c764aaaf54bf4e11341f3f140cfc4311
VMware Security Advisory 2013-0010
Posted Aug 23, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0010 - VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.

tags | advisory
systems | linux
advisories | CVE-2013-1662
SHA-256 | 75310092496198f08a5f8a13a612852a0938bbfbb7b8f5a1b4e025180516c7f1
Gentoo Linux Security Advisory 201308-03
Posted Aug 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-3 - Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation. Versions less than 9.5.5 are affected.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1525, CVE-2012-1530, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4748, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4363, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608
SHA-256 | 0af6a1ac495592b06c6193c61dbd2103e6d15307eaa4f7913b78ebea124c01ba
Gentoo Linux Security Advisory 201308-02
Posted Aug 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-2 - A vulnerability has been found in D-Bus which allows a local user to cause a Denial of Service. Versions less than 1.6.12 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2013-2168
SHA-256 | f6e14ae68d9668ba0fe3c739ad991bb2d55d3e369778b6107e90e31b20957f01
Slackware Security Advisory - poppler Updates
Posted Aug 23, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New poppler packages are available for Slackware 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2012-2142.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-2142
SHA-256 | 6587966dd0d0af44dbefe57df78f76b6ed21b3d5d1c28a62f420bb8c360d5e57
Loftek CSRF / Memory Dump / Credential Disclosure
Posted Aug 23, 2013
Authored by Craig Young

This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.

tags | exploit, vulnerability, proof of concept, csrf
systems | linux
advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314
SHA-256 | d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206
Joomla Virtuemart 2.0.22a SQL Injection
Posted Aug 23, 2013
Authored by Matias Fontanini

Joomla VirtueMart component versions 2.0.22a and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2492d1981ba286f22ce07569a6fbf8d8800141d6ba82d7bd60588a6cbe01734d
PhpVibe 3.1 Shell Upload
Posted Aug 23, 2013
Authored by Gabby

PhpVibe version 3.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5f986cf1468601c9a88f20bd84f17fd1e3b3eb1767c9565d26314580885f8339
HP Security Bulletin HPSBST02897
Posted Aug 23, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02897 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-2353
SHA-256 | c61be9b28d817735212be9dbf6795f3d6a6c29561e407dffca71466661ea80b3
Slackware Security Advisory - xpdf Updates
Posted Aug 23, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2012-2142.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-2142
SHA-256 | ae28aa6055d227e157f5bec61d500f0a9f2584e6cf79d02dc70f9cc73ce5434f
Mandriva Linux Security Advisory 2013-215
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-215 - SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0.8.8b version which is not vulnerable to these issues.

tags | advisory, shell, sql injection
systems | linux, mandriva
advisories | CVE-2013-1434, CVE-2013-1435
SHA-256 | 1b7d6435cb76a412b78aa80f4b37e5b1fa3ac4f8c06b625dc1b3bc413a1b3fde
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close