Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-08-28

AVTECH DVR Buffer Overflow / CAPTCHA Bypass
Posted Aug 28, 2013
Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.

tags | exploit, remote, overflow, arbitrary, vulnerability, code execution, proof of concept
advisories | CVE-2013-4980, CVE-2013-4981, CVE-2013-4982
MD5 | 6a4ca880a47d5f05f81bbde1afe7ff9a
EPS Viewer Buffer Overflow
Posted Aug 28, 2013
Authored by Core Security Technologies, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - EPS Viewer is prone to a security vulnerability when processing EPS files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing EPS Viewer users to open a specially crafted EPS file (client-side vulnerability).

tags | advisory, remote, arbitrary
advisories | CVE-2013-4979
MD5 | 6e20e2165f3d983bd6a478a8c73c4009
Drupal Node View Permissions 7.x Access Bypass
Posted Aug 28, 2013
Authored by Mark Theunissen | Site drupal.org

Drupal Node View Permissions third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 21b30919597a48a76a0f1bd8fd1c919b
Asterisk Project Security Advisory - AST-2013-005
Posted Aug 28, 2013
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.

tags | advisory
MD5 | b715f9c2eaad10cad18835c40db97b9c
Aloaha PDF Suite Buffer Overflow
Posted Aug 28, 2013
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Core Security Technologies Advisory - Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.

tags | advisory, remote, arbitrary
advisories | CVE-2013-4978
MD5 | 983629709074b723ab6bf46505538188
WordPress Wordfence 3.8.1 Cross Site Scripting
Posted Aug 28, 2013
Authored by Dylan Irzi

WordPress Wordfence plugin version 3.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 84f47098edb58f873d521d1faef7d8dc
HP Security Bulletin HPSBHF02888 3
Posted Aug 28, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02888 3 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2340, CVE-2013-2341
MD5 | bc285d1be26e9b2a57492ce8a4f31b6c
Drupal Flag 7.x Cross Site Scripting
Posted Aug 28, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Flag third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 15273fdc972edba5e062c27c731c5fc8
Cisco Security Advisory 20130828-acs
Posted Aug 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS server. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server. There are no workarounds for this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | c56ed167bc3e3ebea2657d7d0fab091a
Asterisk Project Security Advisory - AST-2013-004
Posted Aug 28, 2013
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.

tags | advisory
MD5 | 7a62518551aefdf4d135c81e2573574c
WordPress Encrypted Blog 0.0.6.2 XSS / Open Redirect
Posted Aug 28, 2013
Authored by Keith Makan

WordPress Encrypted Blog plugin version 0.0.6.2 suffers from cross site scripting and open redirection vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 34033e182abe357b4321554e8bc92997
Instagram Crypto Issue / Hardcoded Key
Posted Aug 28, 2013
Authored by Georg Lukas

Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.

tags | exploit
MD5 | ad2b32bf620ecef495a3625253ff0b3a
Google Docs Information Disclosure
Posted Aug 28, 2013
Authored by Jacob Morgan

Google Docs suffers from a clickjacking vulnerability that allows you to get someone's full name and email address.

tags | exploit
MD5 | 193854c3d8b097ad98cd91f3ab27cb92
Blakord Portal Cross Site Scripting
Posted Aug 28, 2013
Authored by Ashiyane Digital Security Team

Sites powered by Blakord Portal suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 64a6f14895067952faca6ac059624161
WordPress silverOrchid Cross Site Scripting
Posted Aug 28, 2013
Authored by Ashiyane Digital Security Team

The WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | a9e1fd3be6519722af1cb148c1ec72b8
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close