Exploit the possiblities
Showing 1 - 25 of 402 RSS Feed

Files Date: 2013-08-01 to 2013-08-31

Microsoft Internet Explorer Protected Mode Sandbox Bypass
Posted Aug 30, 2013
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.

tags | advisory, remote, arbitrary
MD5 | b4cd495fe88af28f76b0dc4dd627d0ef
Microsoft Internet Explorer "ReplaceAdjacentText" Use-After-Free
Posted Aug 30, 2013
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.

tags | advisory, remote
MD5 | 8c4344194f6ec36ff3585d9f6be72702
Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass
Posted Aug 30, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.

tags | advisory, remote, arbitrary, code execution, bypass
systems | windows
MD5 | 6442e7981c8d7e1d2975931b3757391d
Gentoo Linux Security Advisory 201308-05-02
Posted Aug 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-5 - The references section of the original advisory contained wrong CVE references.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0041, CVE-2012-0042, CVE-2012-0043, CVE-2012-0066, CVE-2012-0067, CVE-2012-0068, CVE-2012-3548, CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298, CVE-2013-3555, CVE-2013-3556, CVE-2013-3557, CVE-2013-3558, CVE-2013-3559
MD5 | 48a90a7c098f7fca4867a7b6e171ccf0
Slackware Security Advisory - php Updates
Posted Aug 30, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, and -current to fix a security issue.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-4248
MD5 | ae5ab2b5c2801fdc180912777854b0bc
Slackware Security Advisory - gnutls Updates
Posted Aug 30, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1619
MD5 | cced5b313186ea0473d532c7a4233368
TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting
Posted Aug 30, 2013
Authored by xistence

TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 9df222ebb90b0f43b8c66e5c2e0010d7
Mac OS X 10.8.4 Local Privilege Escalation
Posted Aug 30, 2013
Authored by David Kennedy

Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.

tags | exploit, local, root, python
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
MD5 | 8a8a4379f218aceef346e60421e30d68
Mandriva Linux Security Advisory 2013-223
Posted Aug 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-5641, CVE-2013-5642
MD5 | 10d1ba6020fbf722f75b381de709e3a5
VMware Security Advisory 2013-0011
Posted Aug 30, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0011 - VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.

tags | advisory, protocol
advisories | CVE-2013-1661
MD5 | 9c14f53dffbd8eb92d67fece8baaae11
Gentoo Linux Security Advisory 201308-06-02
Posted Aug 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-6-2 - The references section of the original advisory contained wrong CVE references.

tags | advisory
systems | linux, gentoo
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, CVE-2012-0540
MD5 | bfe196a5473dfa505df15c8094698dd2
Tripwire 2.4.2.2
Posted Aug 30, 2013
Site sourceforge.net

Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.

Changes: Various updates.
tags | tool, intrusion detection
systems | unix
MD5 | 2462ea16fb0b5ae810471011ad2f2dd6
Soltech.CMS 0.4 Cross Site Scripting / Content Spoofing
Posted Aug 30, 2013
Authored by MustLive

Soltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | b2da09524a16086b08138dce1db8a59e
InnovNET Cross Site Scripting
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 4f4027f26d4fd0b7c412b3ce50c6f54b
10Ninety SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.

tags | exploit, remote, sql injection
MD5 | 4acffec063f609db9abce0fde65827bc
NetOrange SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | adcdda2381d1b13ebbfc8d07449d0d59
Red Hat Security Advisory 2013-1185-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-0269, CVE-2013-1768, CVE-2013-1821, CVE-2013-2160
MD5 | 68a3fa42afe54d2707b9e06ea4e89eb4
Performance Guard Arbitrary File Read / Traversal
Posted Aug 29, 2013
Authored by Kerem Kocaer

Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2013-5216
MD5 | e15ef3a03dd34d4947102f54cc5dd345
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
MD5 | 88e4ec31c93f6095787092327295bae6
Apprain 3.0.2 Cross Site Request Forgery
Posted Aug 29, 2013
Authored by Yashar shahinzadeh

Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 0417b5170d123e414fa90d713c7d3e09
CyberArk Vault User Enumeration
Posted Aug 29, 2013
Authored by Moshe Zioni

CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-6344, CVE-2012-6345
MD5 | 06201c391ac04c150480f7dcaa738d48
Debian Security Advisory 2746-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
MD5 | 4f48df35a81513cc50d08a928485007d
Gentoo Linux Security Advisory 201308-06
Posted Aug 29, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, CVE-2012-0540
MD5 | adc200e2c073522b8f99db820401142d
Debian Security Advisory 2745-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163
MD5 | b0547ebbff6eb63a5b603f94c1624466
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
MD5 | 39928e924c6c07063963edbf2916d536
Page 1 of 17
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close