what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-09-24

IBM AIX 6.1 / 7.1 Local Root Privilege Escalation
Posted Sep 24, 2013
Authored by Kristian Hermansen

IBM AIX versions 6.1 and 7.1 local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
advisories | CVE-2013-4011, OSVDB-95420
MD5 | e5611fde696ce3f8486c6c6c17f2ed14
Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
MD5 | 59b33ed589d9ea8d9e202dcd2431989
Gentoo Linux Security Advisory 201309-16
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-16 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 29.0.1457.57 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5116, CVE-2012-5117, CVE-2012-5118, CVE-2012-5119, CVE-2012-5120, CVE-2012-5121, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5127, CVE-2012-5128, CVE-2012-5130, CVE-2012-5132, CVE-2012-5133, CVE-2012-5135, CVE-2012-5136, CVE-2012-5137, CVE-2012-5138, CVE-2012-5139, CVE-2012-5140, CVE-2012-5141, CVE-2012-5142, CVE-2012-5143, CVE-2012-5144, CVE-2012-5145, CVE-2012-5146
MD5 | c19fd606c60df01d8123e085a352b524
Red Hat Security Advisory 2013-1284-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1284-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
MD5 | 465fc1948a0450b2d436ffea9e20625f
Gentoo Linux Security Advisory 201309-15
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-15 - Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. Versions less than 1.3.4d are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3555, CVE-2010-3867, CVE-2010-4221, CVE-2010-4652, CVE-2011-1137, CVE-2011-4130, CVE-2012-6095, CVE-2013-4359
MD5 | 255c728eaa41a9d45387aacc972a92bd
Ubuntu Security Notice USN-1967-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2013-1443, CVE-2013-4315, CVE-2013-1443, CVE-2013-4315
MD5 | 06b787777e43ce80edbca32e1d95a66b
Ubuntu Security Notice USN-1966-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1966-1 - Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4124
MD5 | 598d2b03f5b040871ca8c1e350074129
Red Hat Security Advisory 2013-1283-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1283-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
MD5 | eb9c6325528af554e462d08715d10cb8
Red Hat Security Advisory 2013-1282-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1282-01 - RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4326
MD5 | a82d7ca0eab388be507b26e7d4a03df2
Gentoo Linux Security Advisory 201309-14
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-14 - Multiple vulnerabilities have been reported in MoinMoin, the worst of which may allow execution of arbitrary code. Versions less than 1.9.6 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6080, CVE-2012-6081, CVE-2012-6082, CVE-2012-6495
MD5 | 52f7be1778b0b7487894021f6be3828b
Gentoo Linux Security Advisory 201309-13
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-13 - Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code. Versions less than 2.3.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-2221, CVE-2013-2222, CVE-2013-2223
MD5 | fdc684cf0aac8679b0d753b1118c04bf
Understanding C Integer Boundaries
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial to help facilitate the understanding of C integer boundaries (overflows and underflows).

tags | paper, overflow
MD5 | 02d16ecc1d470b4f905b6182220218ce
Return-to-libc Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial discussing return-to-libc exploitation.

tags | paper
MD5 | 36ad127077dbb443d3de03b719f4bda6
WordPress Miniaudioplayer Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Miniaudioplayer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 06d228744833b4432f43dd0b00a98397
Debian Security Advisory 2763-1
Posted Sep 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2763-1 - It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.

tags | advisory, python
systems | linux, debian
advisories | CVE-2013-4314
MD5 | b4ef8de1d2bb865847755f9470548f3a
WordPress LBG Zoominoutslider Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress LBG Zoominoutslider plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | b4407123f200c8b825dcb8951259776f
Good For Enterprise 2.2.2.1611 Cross Site Scripting
Posted Sep 24, 2013
Authored by Mario

Good for Enterprise iOS application versions 2.2.2.1611 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
advisories | CVE-2013-5118
MD5 | d83a1ae0543ce8c4900ea2a39297005b
WordPress Sharebar 1.2.5 Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | b4ec524982ff6df20745a00a08053c17
Integer Overflow / Underflow Exploitation Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses integer overflows and underflows.

tags | paper, overflow
MD5 | 5e274db932a361e8e05c82abc9eec15a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close