Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-09-19

Mandriva Linux Security Advisory 2013-239
Posted Sep 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-239 - Updated wordpress and php-phpmailer packages fix security vulnerabilities. wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of.htm and.html files, which might make it easier for remote authenticated users to conduct cross-site scripting attacks via a crafted file. The default configuration of WordPress before 3.6.1 does not prevent uploads of.swf and.exe files, which might make it easier for remote authenticated users to conduct cross-site scripting attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. Additionally, php-phpmailer has been updated to a newer version required by the updated wordpress.

tags | advisory, remote, web, arbitrary, spoof, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2013-4338, CVE-2013-4339, CVE-2013-4340, CVE-2013-5738, CVE-2013-5739
MD5 | 4b46ef2acbc22abc56850070a27a831d
Mandriva Linux Security Advisory 2013-238
Posted Sep 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-238 - The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service via a crafted packet. epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service via a crafted packet. Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. This advisory provides the latest supported version of Wireshark which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-5718, CVE-2013-5719, CVE-2013-5720, CVE-2013-5721, CVE-2013-5722
MD5 | ecabe2ac60fe11293a12820666698df5
Ajax File And Image Manager 1.1 Code Execution
Posted Sep 19, 2013
Authored by Ilya Krupenko | Site ptsecurity.com

Ajax File and Image Manager versions 1.1 and below suffer from a code execution vulnerability.

tags | exploit, code execution
MD5 | d398b9e398aa12a2ab1f9461239a5bee
Slackware Security Advisory - glibc Updates
Posted Sep 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4332
MD5 | 23e9f1dcf1c1e55e99bac9512a3c26e4
HP Security Bulletin HPSBMU02900 3
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 3 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2012-5217, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-4821
MD5 | 6247d63137613f824273fabce2d85e26
freeFTPd 1.0.10 PASS Command SEH Overflow
Posted Sep 19, 2013
Authored by Wireghoul, Muhamad Fadzil Ramli | Site metasploit.com

This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.

tags | exploit, overflow
advisories | OSVDB-96517
MD5 | 390e79a936507d6e2472c72683a46639
McKesson Active-X 11.0.10.38 Enumeration
Posted Sep 19, 2013
Authored by Blake

McKesson active-x control version 11.0.10.38 suffers from a variable enumeration vulnerability.

tags | exploit, activex
MD5 | 7fc9cb81d75a7a73baadd00098a2af2d
WordPress RokMicroNews 1.5 XSS / DoS / Shell Upload
Posted Sep 19, 2013
Authored by MustLive

WordPress RokMicroNews plugin versions 1.5 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.

tags | exploit, remote, denial of service, shell, vulnerability, xss
MD5 | a08b6f173b139c2365b5f99cfc6973d7
A-PDF WAV to MP3 1.0.0 Buffer Overflow
Posted Sep 19, 2013
Authored by Dr_IDE, dookie, d4rk-h4ck3r | Site metasploit.com

This Metasploit module exploits a buffer overflow in A-PDF WAV to MP3 version 1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-67241
MD5 | ba4f9a99330879edcc62acfb1503ab93
Apple Security Advisory 2013-09-18-3
Posted Sep 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-3 - Xcode 5.0 is now available and addresses a security issue in Git. When using the imap-send command, git did not verify that the server hostname matched a domain name in the X.509 certificate, which allowed a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. This issue was addressed by updating git to version 1.8.3.1.

tags | advisory, arbitrary, spoof, imap
systems | apple
advisories | CVE-2013-0308
MD5 | 8c0e1f8377579ef9092eca4bbc89914a
Apple Security Advisory 2013-09-18-2
Posted Sep 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-2 - iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2011-2391, CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-0879, CVE-2013-0926, CVE-2013-0957, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007
MD5 | 53c5afa6b4f05a46d075c6a9e3ae7cdc
HP Security Bulletin HPSBUX02927 SSRT101288
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02927 SSRT101288 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2013-1862, CVE-2013-1896
MD5 | 57ac2943531369f2dbc0235f60a4a098
Adtran Netvanta 7100 Bypass / XSS / Injection
Posted Sep 19, 2013
Authored by Jesus Oquendo

Adtran Netvanta 7100 with firmware prior to R10.5.3.HA suffers from bypass, injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass
advisories | CVE-2013-5210
MD5 | 31e242a5c99e137173cffaa45dc55a68
Drupal Google Site Search 6.x / 7.x Cross Site Scripting
Posted Sep 19, 2013
Authored by Philip Hornig | Site drupal.org

Drupal Google Site Search third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 6867a13532c35356a90c54a42af42c86
WordPress Complete Gallery Manager 3.3.3 File Upload
Posted Sep 19, 2013
Authored by Fuad Pilus

WordPress Complete Gallery Manager version 3.3.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 147f5aa0e87fb280a74cd070b632678d
WordPress RokIntroScroller 1.8 XSS / DoS / Disclosure / Upload
Posted Sep 19, 2013
Authored by MustLive

WordPress RokIntroScroller plugin versions 1.8 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.

tags | exploit, remote, denial of service, shell, vulnerability, xss
MD5 | bb5b9f500ada070db5eb8ac120607d01
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close