what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-09-20

Apple Security Advisory 2013-09-20-1
Posted Sep 20, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-2391, CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010
SHA-256 | 1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9
CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow
Posted Sep 20, 2013
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | OSVDB-68330
SHA-256 | 9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039c
PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow
Posted Sep 20, 2013
Authored by Rick Flores, Polunchis | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.

tags | exploit, overflow
advisories | OSVDB-94624
SHA-256 | aff42bc0d13d90c28ae3e11d84b0970e7da59f5d0794391bf2eda1629b411de3
MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
Posted Sep 20, 2013
Authored by corelanc0d3r, sinn3r | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-3205, OSVDB-97094
SHA-256 | ee4538ddb8dd6f77e4bd70d5e7a430e46f6d5d7ff97a0c2c23d04883b7fb837e
MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
Posted Sep 20, 2013
Authored by juan vazquez, Eduardo Braun Prado | Site metasploit.com

This Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2013-0810, OSVDB-97136
SHA-256 | 29aaf07dcb5542222f7a271a446b80f5ab4686dc9025e8ce1f3c8d7045454193
GLPI install.php Remote Command Execution
Posted Sep 20, 2013
Authored by Tristan Leiter | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.

tags | exploit, arbitrary, php
advisories | CVE-2013-5696
SHA-256 | 79ddcfadea6c138a29a453a0dc3ff975e1ac590cc8150a6246c57abfb76852b1
Linksys WRT110 Remote Command Execution
Posted Sep 20, 2013
Authored by Craig Young | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
SHA-256 | 5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
Clam AntiVirus Toolkit 0.98
Posted Sep 20, 2013
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Code quality fixes in libclamav, clamd, sigtool, clamav-milter, clamconf, and clamdtop. Code quality fixes in libclamav, libclamunrar and freshclam. Valgrind suppression rules for dl_catch_error complaints.
tags | tool, virus
systems | unix
SHA-256 | 113450537f46ed47f010a179be333a0dcd79eac13f264dce26db7aac8d52b3b6
WordPress NOSpamPTI 2.1 Blind SQL Injection
Posted Sep 20, 2013
Authored by Alexandro Silva

WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5917
SHA-256 | 58aa4142de2233611890f47f72f2972f2c389dd1fa2abe3fb8100667a4fc03fe
Mental JS Sandbox Bypass
Posted Sep 20, 2013
Authored by Rafay Baloch, Giuseppe Trotta

Mental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.

tags | exploit, javascript, bypass
SHA-256 | d3c1668d510834211878dda3ef864e35ccdb1c64178a379e9c6c843e14ba7119
Monstra CMS 1.2.0 Blind SQL Injection
Posted Sep 20, 2013
Authored by linc0ln.dll, Vulnerability Laboratory | Site vulnerability-lab.com

Monstra CMS version 1.2.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8f646b41ef7d6398179c427aec485dce9f11cf86266f17f63bfb8ccaea4a854c
WordPress Comment Attachment 1.0 Cross Site Scripting
Posted Sep 20, 2013
Authored by Arsan

WordPress Comment Attachment plugin version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ee16f6f50293855bcd58cc0c73ac5efb633bd28634e6029c4580e4b6cda87866
HP Security Bulletin HPSBGN02925
Posted Sep 20, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02925 - Potential security vulnerabilities have been identified with HP IceWall SSO, IceWall File Manager and IceWall Federation Agent. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-4817, CVE-2013-4818, CVE-2013-4819, CVE-2013-4820
SHA-256 | 865b38cec1bd86fdc0034e40330659537f196b428d904e25fbada9b55d21b391
HP Security Bulletin HPSBGN02923
Posted Sep 20, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02923 - A potential security vulnerability has been identified with HP ArcSight Enterprise Security Manager Management Web Interface. The vulnerability could be exploited remotely resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, web, xss
advisories | CVE-2013-4815
SHA-256 | e0bc0b88ed354611d5545f47992f9e59a454b06f4c59fc92cd67aa0d6eb1fb34
Debian Security Advisory 2761-1
Posted Sep 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2761-1 - Several vulnerabilities were discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4761, CVE-2013-4956
SHA-256 | e21a0bf299d290b68b0968e965c5bec067190587b93633d31aefda8ca029212a
Paypal Bug Bounty #99 Cross Site Scripting
Posted Sep 20, 2013
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

The customer service message in the My Selling Tools section of Paypal allowed for script insertion.

tags | exploit
SHA-256 | 4fc0aab28d40e382320645dd2458e2851b10845c325983e88d3580f2925be850
Western Digital Arkeia Remote Code Execution
Posted Sep 20, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10.

tags | exploit, arbitrary, local, php, code execution, file inclusion
SHA-256 | b6be92789311b465be99dfdca2d0ac2207f5eb8fd1d7de3d361ab48a8421df40
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
Posted Sep 20, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.

tags | exploit, arbitrary, php, sql injection
SHA-256 | 153813f0acc368a45adcb43f7156aa643bd4c5305a6564c6562b51d3c58cec74
Red Hat Security Advisory 2013-1274-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1274-01 - The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project, which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4325
SHA-256 | 64b0ccd1dc6a95b6696b153ccbef3c292d4db5c72bfb5e09000f48a0e5d4777a
Red Hat Security Advisory 2013-1270-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1270-01 - PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges. Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-4288
SHA-256 | 369462751485ce57a7dc4368daa0729692f200cbd02c367e79046bde85ccbc66
Red Hat Security Advisory 2013-1273-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1273-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4324
SHA-256 | 07c72c42ad7d65ee017a1ca3182c241b7aea1fb50be1454c7aa0aa3ef86feee2
Red Hat Security Advisory 2013-1272-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1272-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue.

tags | advisory, remote, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2013-4296, CVE-2013-4311
SHA-256 | d92904347fa422567abf49e49fb5c4c1e4959e1c56937eff10d983ba67e44e91
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close