exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-08-27

Packet Storm Advisory 2013-0827-1 - Oracle Java ByteComponentRaster.verify()
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 77519f9b4876e7d0d73f2f37ac46a425
Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 0484b9b754cdc4c848b8b28389bc8aaa
oclHashcat+ Advanced GPU Hash Cracking Utility 0.15
Posted Aug 27, 2013
Authored by dropdead | Site hashcat.net

oclHashcat+ is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more.

Changes: Support added for multiple GPUs. Various speed changes, kernel additions, and other improvements.
tags | tool, cracker
MD5 | 7a221f9b5d00ebc3474b33949d0fb250
Microsoft Security Bulletin Re-Release For August, 2013
Posted Aug 27, 2013
Site microsoft.com

This bulletin summary lists four re-released Microsoft security bulletins for August, 2013.

tags | advisory
MD5 | b65bfe166cac356949e7d8d0c87311de
POC2013 Call For Papers
Posted Aug 27, 2013
Site powerofcommunity.net

The Call For Papers for POC2013 has been released. The 8th POC "POC2013" will be held in Seoul, Korea November 7th through the 8th.

tags | paper, conference
MD5 | b1a47d29198ae9ec8133cebc72c172d2
IBM iNotes Cross Site Scripting
Posted Aug 27, 2013
Authored by Alexander Klink

IBM Lotus iNotes suffered from four cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0590, CVE-2013-0591, CVE-2013-0595
MD5 | a668564eb96884f679abb44f540211b2
Atlassian Confluence 3.x / 4.x Information Disclosure
Posted Aug 27, 2013
Authored by majinboo

Atlassian Confluence versions 3.x and 4.x allow for anonymous users to list all registered users of the system. The vendor does not believe this is a security concern.

tags | exploit, info disclosure
MD5 | 428d64445ef697372746306caa3d478b
Debian Security Advisory 2743-1
Posted Aug 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2743-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak.

tags | advisory, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2013-3077, CVE-2013-4851, CVE-2013-5209
MD5 | 6ea91cbdd5c5d2b8e9461e1866de49b6
Red Hat Security Advisory 2013-1173-01
Posted Aug 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1173-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2237
MD5 | c5030731224f6d0ef5233bad9ff34e34
Red Hat Security Advisory 2013-1181-01
Posted Aug 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1181-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-0791, CVE-2013-1620, CVE-2013-4236
MD5 | 629457e201a2d4abbacbe448965d4935
Mandriva Linux Security Advisory 2013-222
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-222 - It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker.

tags | advisory, arbitrary, local, ruby
systems | linux, mandriva
advisories | CVE-2013-4761, CVE-2013-4956
MD5 | 26d456c885f0459f3cc8ae86f86abe5c
Debian Security Advisory 2744-1
Posted Aug 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2744-1 - Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-4231, CVE-2013-4232, CVE-2013-4244
MD5 | 0ab9ed579f1bf162073c7516b2b56878
Mandriva Linux Security Advisory 2013-221
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-221 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Additionally a patch has been applied to fix an UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, spoof, php
systems | linux, mandriva
advisories | CVE-2013-4248
MD5 | 8ffbdebfc98249a63129cff0769fb50c
Mandriva Linux Security Advisory 2013-220
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-220 - Three buffer overflows in Little CMS version 1.19 that could possibly be exploited through user input.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-4276
MD5 | 604958be833d3047ad8df3f499634c27
Opera Browser Speed Dial Extensions CSRF / XSS
Posted Aug 27, 2013
Authored by Lostmon | Site lostmon.blogspot.com

The Opera Speed Dial extensions suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | be4de6065dc517b692c413a4365db319
WinAmp 5.63 Buffer Overflow
Posted Aug 27, 2013
Authored by Ayman Sagy

WinAmp version 5.63 buffer overflow exploit that leverages how skins are handled incorrectly.

tags | exploit, overflow
advisories | CVE-2013-4694
MD5 | 2ab56b1266f0929efb5076c1462403a4
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close