what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-09-19

Mandriva Linux Security Advisory 2013-239
Posted Sep 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-239 - Updated wordpress and php-phpmailer packages fix security vulnerabilities. wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of.htm and.html files, which might make it easier for remote authenticated users to conduct cross-site scripting attacks via a crafted file. The default configuration of WordPress before 3.6.1 does not prevent uploads of.swf and.exe files, which might make it easier for remote authenticated users to conduct cross-site scripting attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. Additionally, php-phpmailer has been updated to a newer version required by the updated wordpress.

tags | advisory, remote, web, arbitrary, spoof, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2013-4338, CVE-2013-4339, CVE-2013-4340, CVE-2013-5738, CVE-2013-5739
SHA-256 | 14d3e4af5ccf56ce47340ad79ec994f4f64d3f8a5ec89000dfd5cb60a7c7a95e
Mandriva Linux Security Advisory 2013-238
Posted Sep 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-238 - The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service via a crafted packet. epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service via a crafted packet. Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service via a crafted packet. This advisory provides the latest supported version of Wireshark which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-5718, CVE-2013-5719, CVE-2013-5720, CVE-2013-5721, CVE-2013-5722
SHA-256 | 59f514761be19fd8610b15bd6386922bee2038f6ecab24aabefb8b76061ac264
Ajax File And Image Manager 1.1 Code Execution
Posted Sep 19, 2013
Authored by Ilya Krupenko | Site ptsecurity.com

Ajax File and Image Manager versions 1.1 and below suffer from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 31237d5de06bf26d9ad7ab55fd1d1c9458637ce9c4fee50f8d6fb5185bddb0d1
Slackware Security Advisory - glibc Updates
Posted Sep 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4332
SHA-256 | 4be24f840f572fb691ede47d78c81bed25a1b4f21cd556207faf96e20152327f
HP Security Bulletin HPSBMU02900 3
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 3 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2012-5217, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-4821
SHA-256 | b930d764b9b0c0dddad54a771b6387f16cd50297af79c0ae2ab5b835d0ef2fa3
freeFTPd 1.0.10 PASS Command SEH Overflow
Posted Sep 19, 2013
Authored by Wireghoul, Muhamad Fadzil Ramli | Site metasploit.com

This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.

tags | exploit, overflow
advisories | OSVDB-96517
SHA-256 | 9b1b3722c40ca89375f977802175807d831acd844ac69afb11a55ae6296de174
McKesson Active-X 11.0.10.38 Enumeration
Posted Sep 19, 2013
Authored by Blake

McKesson active-x control version 11.0.10.38 suffers from a variable enumeration vulnerability.

tags | exploit, activex
SHA-256 | eb5a347719e20933c95310d59d0af5d7d0a513bcbf2f6ec63b483b1c7dc9b822
WordPress RokMicroNews 1.5 XSS / DoS / Shell Upload
Posted Sep 19, 2013
Authored by MustLive

WordPress RokMicroNews plugin versions 1.5 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.

tags | exploit, remote, denial of service, shell, vulnerability, xss
SHA-256 | ea1a5a7a7041572f9f1666622d7a30d7aaf1299bc892596fc238dd0d0c44d675
A-PDF WAV to MP3 1.0.0 Buffer Overflow
Posted Sep 19, 2013
Authored by Dr_IDE, dookie, d4rk-h4ck3r | Site metasploit.com

This Metasploit module exploits a buffer overflow in A-PDF WAV to MP3 version 1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-67241
SHA-256 | c36f8e21b4b97cee5ba878b04ceb9d74b2c3487cf9055592c90c45c97711c507
Apple Security Advisory 2013-09-18-3
Posted Sep 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-3 - Xcode 5.0 is now available and addresses a security issue in Git. When using the imap-send command, git did not verify that the server hostname matched a domain name in the X.509 certificate, which allowed a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. This issue was addressed by updating git to version 1.8.3.1.

tags | advisory, arbitrary, spoof, imap
systems | apple
advisories | CVE-2013-0308
SHA-256 | 36470237c2b9e2979b0fb025e050ba382aeb9d886ccd43cd170b2d45dd2f3523
Apple Security Advisory 2013-09-18-2
Posted Sep 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-2 - iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2011-2391, CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-0879, CVE-2013-0926, CVE-2013-0957, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007
SHA-256 | 28033ee75b46e43dd395d653bcaeafcb70f1b640306db4446062bdbfd7ff9c7f
HP Security Bulletin HPSBUX02927 SSRT101288
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02927 SSRT101288 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2013-1862, CVE-2013-1896
SHA-256 | aa6b7ac4280371a19f7882c9282af21cd79cd3f23a82758bd65a72326125e77d
Adtran Netvanta 7100 Bypass / XSS / Injection
Posted Sep 19, 2013
Authored by Jesus Oquendo

Adtran Netvanta 7100 with firmware prior to R10.5.3.HA suffers from bypass, injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass
advisories | CVE-2013-5210
SHA-256 | de57cf95a25a199d03c85cba970136084ba737d94ce33a865bda94b7d07f6e41
Drupal Google Site Search 6.x / 7.x Cross Site Scripting
Posted Sep 19, 2013
Authored by Philip Hornig | Site drupal.org

Drupal Google Site Search third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 972ae26c92439b0920ff497bcf979ab17d02b18b0344435efc7a96269a876aae
WordPress Complete Gallery Manager 3.3.3 File Upload
Posted Sep 19, 2013
Authored by Fuad Pilus, Vulnerability Laboratory

WordPress Complete Gallery Manager version 3.3.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 30600a42195af3e9dafb7dd91b072eaf413f11eb0a730f8d5b36d9226bcdafde
WordPress RokIntroScroller 1.8 XSS / DoS / Disclosure / Upload
Posted Sep 19, 2013
Authored by MustLive

WordPress RokIntroScroller plugin versions 1.8 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.

tags | exploit, remote, denial of service, shell, vulnerability, xss
SHA-256 | 51756b3d26e947a4e3e7bee9dc5b4b36ee6fcc6a1dfe1823c1e33467cf47748e
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close