seeing is believing
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-08-29

Red Hat Security Advisory 2013-1185-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-0269, CVE-2013-1768, CVE-2013-1821, CVE-2013-2160
MD5 | 68a3fa42afe54d2707b9e06ea4e89eb4
Performance Guard Arbitrary File Read / Traversal
Posted Aug 29, 2013
Authored by Kerem Kocaer

Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2013-5216
MD5 | e15ef3a03dd34d4947102f54cc5dd345
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
MD5 | 88e4ec31c93f6095787092327295bae6
Apprain 3.0.2 Cross Site Request Forgery
Posted Aug 29, 2013
Authored by Yashar shahinzadeh

Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 0417b5170d123e414fa90d713c7d3e09
CyberArk Vault User Enumeration
Posted Aug 29, 2013
Authored by Moshe Zioni

CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-6344, CVE-2012-6345
MD5 | 06201c391ac04c150480f7dcaa738d48
Debian Security Advisory 2746-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
MD5 | 4f48df35a81513cc50d08a928485007d
Gentoo Linux Security Advisory 201308-06
Posted Aug 29, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, CVE-2012-0540
MD5 | adc200e2c073522b8f99db820401142d
Debian Security Advisory 2745-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163
MD5 | b0547ebbff6eb63a5b603f94c1624466
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
MD5 | 39928e924c6c07063963edbf2916d536
Microsoft MSRC RSS ASPX Cross Site Scripting
Posted Aug 29, 2013
Authored by Mohd. Shadab Siddiqui | Site vulnerability-lab.com

Microsoft Online Services suffered from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | eab8bbd80570e77827addb93dba2731e
Department Of Transport UK SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor | Site vulnerability-lab.com

The official UK Department for Transport website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 0d75e6731923c1a8e1cd8c48063f17be
CyberBizia Cross Site Scripting / SQL Injection
Posted Aug 29, 2013
Authored by Ashiyane Digital Security Team

Sites powered by CyberBizia suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | c03392b08679f6550932a4c971be85c4
UTA EDU University ENG SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor | Site vulnerability-lab.com

The University of Texas at Arlington's College of Engineering website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | d7ce07e17d00298dedb6adb8f27454e8
VMWare Setuid vmware-mount Unsafe popen(3)
Posted Aug 29, 2013
Authored by Tavis Ormandy, egypt | Site metasploit.com

VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.

tags | exploit, arbitrary, shell, root
systems | linux, debian
advisories | CVE-2013-1662, OSVDB-96588
MD5 | f174ca6c5c6bd8439fdc4605e284321b
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Posted Aug 29, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.

tags | exploit, activex
systems | windows, xp
advisories | CVE-2013-2370, OSVDB-95640
MD5 | 8abb525c779efa76355554b3961f0bbc
Firefox XMLSerializer Use After Free
Posted Aug 29, 2013
Authored by regenrecht, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This Metasploit module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2013-0753, OSVDB-89021
MD5 | 6d919208c10f274c997a34ba8bbff8d7
SPIP Connect Parameter PHP Injection
Posted Aug 29, 2013
Authored by Davy Douhine, Arnaud Pachot, Frederic Cikala | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.

tags | exploit, web, arbitrary, php
systems | linux, fedora, ubuntu
advisories | OSVDB-83543
MD5 | 41e27d5057143146b91bd375a6db4f5c
Gentoo Linux Security Advisory 201308-05
Posted Aug 29, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-5 - Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.10.1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0041, CVE-2012-0042, CVE-2012-0043, CVE-2012-0066, CVE-2012-0067, CVE-2012-0068, CVE-2012-3548, CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298, CVE-2013-3540, CVE-2013-3541, CVE-2013-3542, CVE-2013-3555, CVE-2013-3556
MD5 | db812d531fa3d923bf059fa6a3ab4181
Red Hat Security Advisory 2013-1182-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1182-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with a bogus Distinguished Name. A remote, unauthenticated attacker could use this flaw to cause the 389 Directory Server to crash. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-4283
MD5 | 53cb288ed79432ac2f38f2cd9ee5e632
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close