what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-08-27

Packet Storm Advisory 2013-0827-1 - Oracle Java ByteComponentRaster.verify()
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | 9fd26d41fd22e4129c77a4d73ea91dc162b341382d20abaf8a4da3c11006e787
Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | b839d5970482f3cd66e3ee8e41489d0f6ff55dcbb61c65d376fe88669b834be3
oclHashcat+ Advanced GPU Hash Cracking Utility 0.15
Posted Aug 27, 2013
Authored by dropdead | Site hashcat.net

oclHashcat+ is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more.

Changes: Support added for multiple GPUs. Various speed changes, kernel additions, and other improvements.
tags | tool, cracker
SHA-256 | 545bbaa4ea4fb45a4c4af365e880c56dce8d8bd9c8d73ad2f9cdc16b5df47f14
Microsoft Security Bulletin Re-Release For August, 2013
Posted Aug 27, 2013
Site microsoft.com

This bulletin summary lists four re-released Microsoft security bulletins for August, 2013.

tags | advisory
SHA-256 | 8785bf1419d277108c889ac3baa9bbd0bc93dd5beb125a2286b87baacd8a5181
POC2013 Call For Papers
Posted Aug 27, 2013
Site powerofcommunity.net

The Call For Papers for POC2013 has been released. The 8th POC "POC2013" will be held in Seoul, Korea November 7th through the 8th.

tags | paper, conference
SHA-256 | 89f88102d7da0900b29a04c909c390c3de61797ee6373ef5f850b691fb9fc994
IBM iNotes Cross Site Scripting
Posted Aug 27, 2013
Authored by Alexander Klink

IBM Lotus iNotes suffered from four cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0590, CVE-2013-0591, CVE-2013-0595
SHA-256 | 618ce3eda1131f575c8580bda8bf0d3b521173ae62782e832850453ccb773385
Atlassian Confluence 3.x / 4.x Information Disclosure
Posted Aug 27, 2013
Authored by majinboo

Atlassian Confluence versions 3.x and 4.x allow for anonymous users to list all registered users of the system. The vendor does not believe this is a security concern.

tags | exploit, info disclosure
SHA-256 | 4a4c16d6b5e27d2551991426235eaa47ad13ed9c1e9766bd8e50813c068e0802
Debian Security Advisory 2743-1
Posted Aug 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2743-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak.

tags | advisory, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2013-3077, CVE-2013-4851, CVE-2013-5209
SHA-256 | 569d8b0cda13d3a73e841bf15e6cefd040a645974771d3bc8fc7fc5adeea0929
Red Hat Security Advisory 2013-1173-01
Posted Aug 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1173-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2237
SHA-256 | 9700f82bdc10eeda814ac97795a008dafe46c72aa62da3f3cb548d663ffbe8f8
Red Hat Security Advisory 2013-1181-01
Posted Aug 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1181-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-0791, CVE-2013-1620, CVE-2013-4236
SHA-256 | c9ef6b0e618b611300179156206106cdff91ea723fef48c2288632319326506a
Mandriva Linux Security Advisory 2013-222
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-222 - It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker.

tags | advisory, arbitrary, local, ruby
systems | linux, mandriva
advisories | CVE-2013-4761, CVE-2013-4956
SHA-256 | b9b2e0d9a30061a4929ce87461ea0acf12f98e9413ea4e6c9ff8fcd444c02674
Debian Security Advisory 2744-1
Posted Aug 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2744-1 - Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-4231, CVE-2013-4232, CVE-2013-4244
SHA-256 | 28493f2a76208a5335d6abcb7ed91978040d7a674fc1aa40821edf071e19f880
Mandriva Linux Security Advisory 2013-221
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-221 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Additionally a patch has been applied to fix an UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, spoof, php
systems | linux, mandriva
advisories | CVE-2013-4248
SHA-256 | 645f59943e5f467ddce2176dbf8da00053c3a0235f9de73ed2f48beec92773eb
Mandriva Linux Security Advisory 2013-220
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-220 - Three buffer overflows in Little CMS version 1.19 that could possibly be exploited through user input.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-4276
SHA-256 | e42dc83e33c2698de8d2f76eb73c5a30901010106bb9f9cd591c46164807717b
Opera Browser Speed Dial Extensions CSRF / XSS
Posted Aug 27, 2013
Authored by Lostmon | Site lostmon.blogspot.com

The Opera Speed Dial extensions suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 6f6cb4062f0f63fde672c830d1a7d39c6f57f0a6ea74a83d42cc11a3f35f9611
WinAmp 5.63 Buffer Overflow
Posted Aug 27, 2013
Authored by Ayman Sagy

WinAmp version 5.63 buffer overflow exploit that leverages how skins are handled incorrectly.

tags | exploit, overflow
advisories | CVE-2013-4694
SHA-256 | b7b8323d0f2912432388831222006fc44f18caa39d9dfcb7d498e1994fe67ee5
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close