what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 402 RSS Feed

Files Date: 2013-08-01 to 2013-08-31

Microsoft Internet Explorer Protected Mode Sandbox Bypass
Posted Aug 30, 2013
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.

tags | advisory, remote, arbitrary
SHA-256 | 3d6e15caa33453b5524370e307651de35239a58b0caa6422c0ed2d1d0c5641f4
Microsoft Internet Explorer "ReplaceAdjacentText" Use-After-Free
Posted Aug 30, 2013
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.

tags | advisory, remote
SHA-256 | 683c33dd6eb12cee75b2e4d6ed700f0698a0917bade475617e2d9fec55f60a67
Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass
Posted Aug 30, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.

tags | advisory, remote, arbitrary, code execution, bypass
systems | windows
SHA-256 | 80c160d6c598062067a6a89779a585babc9a0065f719657a207d41d32477c58a
Gentoo Linux Security Advisory 201308-05-02
Posted Aug 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-5 - The references section of the original advisory contained wrong CVE references.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0041, CVE-2012-0042, CVE-2012-0043, CVE-2012-0066, CVE-2012-0067, CVE-2012-0068, CVE-2012-3548, CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298, CVE-2013-3555, CVE-2013-3556, CVE-2013-3557, CVE-2013-3558, CVE-2013-3559
SHA-256 | ebd71cf22019908747f1ea5cdd3a86acfb248e6a38bfa41979b555e7a1acbe4c
Slackware Security Advisory - php Updates
Posted Aug 30, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, and -current to fix a security issue.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-4248
SHA-256 | ecb1893087d0d66f7dad6cf8deaa65276787950af36d4ce86965243130244165
Slackware Security Advisory - gnutls Updates
Posted Aug 30, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1619
SHA-256 | d8b63bcd49f44bb59448c810296db5ea1c1da32b571e78c2773ee2634be2daf9
TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting
Posted Aug 30, 2013
Authored by xistence

TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 6f8f17c7fe77da4b4fb9dc2dbb22d7bc2130afdfd2ddf5f70ee72cef17ddb028
Mac OS X 10.8.4 Local Privilege Escalation
Posted Aug 30, 2013
Authored by David Kennedy

Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.

tags | exploit, local, root, python
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
SHA-256 | a0b32edb63a75a52f36b3b0a16898f214ffdda7d8f01efbf9482265d991f663b
Mandriva Linux Security Advisory 2013-223
Posted Aug 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-5641, CVE-2013-5642
SHA-256 | fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277
VMware Security Advisory 2013-0011
Posted Aug 30, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0011 - VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.

tags | advisory, protocol
advisories | CVE-2013-1661
SHA-256 | 0789baa7bebd1d751cfec338c14d6c275606f4495052e7dfa5e95751824ad5e3
Gentoo Linux Security Advisory 201308-06-02
Posted Aug 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-6-2 - The references section of the original advisory contained wrong CVE references.

tags | advisory
systems | linux, gentoo
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, CVE-2012-0540
SHA-256 | f55dddfb5e32f8447e8f4c85d600ec6b3af91b45f0d4851a964df1ee21ef722b
Tripwire 2.4.2.2
Posted Aug 30, 2013
Site sourceforge.net

Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.

Changes: Various updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | e09a7bdca9302e704cc62067399e0b584488f825b0e58c82ad6d54cd2e899fad
Soltech.CMS 0.4 Cross Site Scripting / Content Spoofing
Posted Aug 30, 2013
Authored by MustLive

Soltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | 3a2128ffc8465d8e9ab1437eee66ccd0120c1ab286e6b4e9656695dcdae0c80b
InnovNET Cross Site Scripting
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | cc8a5a522b2375d69ee3a4d6f8f2c0a2d801ef0278c4b5ce1f94a8115dabf0a6
10Ninety SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.

tags | exploit, remote, sql injection
SHA-256 | 22bced0651b954ffd992c7d05b169412b5cccc21f9d0c513894db79d4f5178af
NetOrange SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | c6d899774f7bdc71045706d65cae5014cc9528ddd33b73325104aa782aa78ba3
Red Hat Security Advisory 2013-1185-01
Posted Aug 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-0269, CVE-2013-1768, CVE-2013-1821, CVE-2013-2160
SHA-256 | 0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24ac
Performance Guard Arbitrary File Read / Traversal
Posted Aug 29, 2013
Authored by Kerem Kocaer

Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2013-5216
SHA-256 | ef90193100f7cdc65bdecf8b7d836ffcd9708cba4b2d4d930fc7cec1e399cd46
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
SHA-256 | 97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7
Apprain 3.0.2 Cross Site Request Forgery
Posted Aug 29, 2013
Authored by Yashar shahinzadeh

Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | e606476fb827bd1dfe2fc1fc86cba2d171d51472da3a964744a23aa25cdf5e2d
CyberArk Vault User Enumeration
Posted Aug 29, 2013
Authored by Moshe Zioni

CyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-6344, CVE-2012-6345
SHA-256 | 2c9165f3e7ef400778699bc7ee1575c639a581bd0fa9c04fa40e4fac52460c6c
Debian Security Advisory 2746-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 066d7c113b0c85a7655f00b154282b537f716ce919215cbc842ab76b2915d745
Gentoo Linux Security Advisory 201308-06
Posted Aug 29, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0117, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0490, CVE-2012-0491, CVE-2012-0492, CVE-2012-0493, CVE-2012-0494, CVE-2012-0495, CVE-2012-0496, CVE-2012-0540
SHA-256 | a5ac28b86f0822c45d84e94416073eff2e1458438f359271b10e054b23cae04e
Debian Security Advisory 2745-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163
SHA-256 | 3eec460e99a9f554b7bc89f94799ac98b40ec17e5325c416c1ece8a5c548e48f
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
SHA-256 | 8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
Page 1 of 17
Back12345Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close