Exploit the possiblities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-09-20

Apple Security Advisory 2013-09-20-1
Posted Sep 20, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-2391, CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010
MD5 | 46c6f327ff025947e5f2f7361afc299e
CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow
Posted Sep 20, 2013
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | OSVDB-68330
MD5 | 79d49a3ee66b72970958f4f53c0d1b48
PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow
Posted Sep 20, 2013
Authored by Rick Flores, Polunchis | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.

tags | exploit, overflow
advisories | OSVDB-94624
MD5 | 5d926943a6c8b1e98a988d529e12ccb1
MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
Posted Sep 20, 2013
Authored by corelanc0d3r, sinn3r | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-3205, OSVDB-97094
MD5 | b222591cf314e782b7770e70d0c3f3a6
MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
Posted Sep 20, 2013
Authored by juan vazquez, Eduardo Braun Prado | Site metasploit.com

This Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.

tags | exploit, remote, arbitrary, code execution
systems | windows, xp
advisories | CVE-2013-0810, OSVDB-97136
MD5 | 5b024ccf59e4977c948fb7340c41f235
GLPI install.php Remote Command Execution
Posted Sep 20, 2013
Authored by Tristan Leiter | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.

tags | exploit, arbitrary, php
advisories | CVE-2013-5696
MD5 | f94cb9639ca372a51c555e48c13a73e8
Linksys WRT110 Remote Command Execution
Posted Sep 20, 2013
Authored by Craig Young | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
MD5 | bbdf7fb19e1abc379b80c5ee33c26243
Clam AntiVirus Toolkit 0.98
Posted Sep 20, 2013
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Code quality fixes in libclamav, clamd, sigtool, clamav-milter, clamconf, and clamdtop. Code quality fixes in libclamav, libclamunrar and freshclam. Valgrind suppression rules for dl_catch_error complaints.
tags | tool, virus
systems | unix
MD5 | ca0b8c930efcb8be1d47592d268006c5
WordPress NOSpamPTI 2.1 Blind SQL Injection
Posted Sep 20, 2013
Authored by Alexandro Silva

WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5917
MD5 | f6799f0b1ba1bc79342c983f6d6c57fe
Mental JS Sandbox Bypass
Posted Sep 20, 2013
Authored by Rafay Baloch, Giuseppe Trotta

Mental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.

tags | exploit, javascript, bypass
MD5 | 9c4162c118fa0355c9c61252196d47be
Monstra CMS 1.2.0 Blind SQL Injection
Posted Sep 20, 2013
Authored by linc0ln.dll | Site vulnerability-lab.com

Monstra CMS version 1.2.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 81b60d5030e82bc63057b91f53ee1f67
WordPress Comment Attachment 1.0 Cross Site Scripting
Posted Sep 20, 2013
Authored by Arsan

WordPress Comment Attachment plugin version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c3f5134fc22826c1ebd9cc3ae3ebf120
HP Security Bulletin HPSBGN02925
Posted Sep 20, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02925 - Potential security vulnerabilities have been identified with HP IceWall SSO, IceWall File Manager and IceWall Federation Agent. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-4817, CVE-2013-4818, CVE-2013-4819, CVE-2013-4820
MD5 | 37ce62f7c4fa627bdd150b37965804f4
HP Security Bulletin HPSBGN02923
Posted Sep 20, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02923 - A potential security vulnerability has been identified with HP ArcSight Enterprise Security Manager Management Web Interface. The vulnerability could be exploited remotely resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, web, xss
advisories | CVE-2013-4815
MD5 | 4118241b90b55a3cb0d1e198790db303
Debian Security Advisory 2761-1
Posted Sep 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2761-1 - Several vulnerabilities were discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4761, CVE-2013-4956
MD5 | ebbf4f9bcba9ed995e3b3242da421ed0
Paypal Bug Bounty #99 Cross Site Scripting
Posted Sep 20, 2013
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

The customer service message in the My Selling Tools section of Paypal allowed for script insertion.

tags | exploit
MD5 | 0073b85f78e831f402836d9f8bfbe1e2
Western Digital Arkeia Remote Code Execution
Posted Sep 20, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10.

tags | exploit, arbitrary, local, php, code execution, file inclusion
MD5 | bd9d0aefacadd5854df4107283f8bdce
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
Posted Sep 20, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.

tags | exploit, arbitrary, php, sql injection
MD5 | 35fc05e9cd467ed94aa6be2b04ec3c52
Red Hat Security Advisory 2013-1274-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1274-01 - The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project, which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4325
MD5 | 22f8f6b0a7edb42018f2314075ddab93
Red Hat Security Advisory 2013-1270-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1270-01 - PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges. Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-4288
MD5 | 0ed8d13241b45b85160b584437fc31d1
Red Hat Security Advisory 2013-1273-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1273-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4324
MD5 | edfc2a0be49c104cbd48b56b8e19ba50
Red Hat Security Advisory 2013-1272-01
Posted Sep 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1272-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue.

tags | advisory, remote, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2013-4296, CVE-2013-4311
MD5 | d887f38eb043f97a6ba73be622714486
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    12 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close