what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-08-29

Red Hat Security Advisory 2013-1185-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-0269, CVE-2013-1768, CVE-2013-1821, CVE-2013-2160
SHA-256 | 0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24ac
Performance Guard Arbitrary File Read / Traversal
Posted Aug 29, 2013
Authored by Kerem Kocaer

Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2013-5216
SHA-256 | ef90193100f7cdc65bdecf8b7d836ffcd9708cba4b2d4d930fc7cec1e399cd46
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
SHA-256 | 97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7
Apprain 3.0.2 Cross Site Request Forgery
Posted Aug 29, 2013
Authored by Yashar shahinzadeh

Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | e606476fb827bd1dfe2fc1fc86cba2d171d51472da3a964744a23aa25cdf5e2d
CyberArk Vault User Enumeration
Posted Aug 29, 2013
Authored by Moshe Zioni

CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-6344, CVE-2012-6345
SHA-256 | 2c9165f3e7ef400778699bc7ee1575c639a581bd0fa9c04fa40e4fac52460c6c
Debian Security Advisory 2746-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 066d7c113b0c85a7655f00b154282b537f716ce919215cbc842ab76b2915d745
Gentoo Linux Security Advisory 201308-06
Posted Aug 29, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, CVE-2012-0540
SHA-256 | a5ac28b86f0822c45d84e94416073eff2e1458438f359271b10e054b23cae04e
Debian Security Advisory 2745-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163
SHA-256 | 3eec460e99a9f554b7bc89f94799ac98b40ec17e5325c416c1ece8a5c548e48f
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
SHA-256 | 8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
Microsoft MSRC RSS ASPX Cross Site Scripting
Posted Aug 29, 2013
Authored by Mohd. Shadab Siddiqui, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Online Services suffered from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | ac8f587b214e78fe60fc63bef72a529ea7ee0d7a2fe599ea1178e65161a44489
Department Of Transport UK SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The official UK Department for Transport website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 53f155f273318d0f9851d19a79ed0550d489cb4188fc5a2e0495ecf5a9344fc5
CyberBizia Cross Site Scripting / SQL Injection
Posted Aug 29, 2013
Authored by Ashiyane Digital Security Team

Sites powered by CyberBizia suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b5001e20cbe7dc3bdcb15d4aacf0d5be097d3df653269d605438d071b1f9228e
UTA EDU University ENG SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The University of Texas at Arlington's College of Engineering website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | a8403741d5c50ea00355b08845351cc8d61ca25d32a6dc7ba79d32fa99fee12b
VMWare Setuid vmware-mount Unsafe popen(3)
Posted Aug 29, 2013
Authored by Tavis Ormandy, egypt | Site metasploit.com

VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.

tags | exploit, arbitrary, shell, root
systems | linux, debian
advisories | CVE-2013-1662, OSVDB-96588
SHA-256 | d6d99d5e820653afe8fadb60e5b5067b276b612b74c995ebca5507a7c34190b3
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Posted Aug 29, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.

tags | exploit, activex
systems | windows
advisories | CVE-2013-2370, OSVDB-95640
SHA-256 | a5e106a110e475d117b3500d373abbf472e7b81cec4cfdde2c8f9d7957853a9b
Firefox XMLSerializer Use After Free
Posted Aug 29, 2013
Authored by regenrecht, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This Metasploit module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2013-0753, OSVDB-89021
SHA-256 | f58157e305e4290dd4e3a5a36814841073537da1ad441ef4e8c63cdafe49db1c
SPIP Connect Parameter PHP Injection
Posted Aug 29, 2013
Authored by Davy Douhine, Arnaud Pachot, Frederic Cikala | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.

tags | exploit, web, arbitrary, php
systems | linux, fedora, ubuntu
advisories | OSVDB-83543
SHA-256 | d27325e9d83bde4fc580a0bfde93a3bfbc111c65ffc0b7db562ca093df580462
Gentoo Linux Security Advisory 201308-05
Posted Aug 29, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-5 - Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.10.1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0041, CVE-2012-0042, CVE-2012-0043, CVE-2012-0066, CVE-2012-0067, CVE-2012-0068, CVE-2012-3548, CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298, CVE-2013-3540, CVE-2013-3541, CVE-2013-3542, CVE-2013-3555, CVE-2013-3556
SHA-256 | afc074569b171377b721881b1008798f9d7adea3d3545cc57e14f5899a9a8a18
Red Hat Security Advisory 2013-1182-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1182-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with a bogus Distinguished Name. A remote, unauthenticated attacker could use this flaw to cause the 389 Directory Server to crash. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-4283
SHA-256 | ad79a80c525e40f5a8b8e35492bf65f8f8480d0c5b00f47e089143dfe954475d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close