exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-09-24

IBM AIX 6.1 / 7.1 Local Root Privilege Escalation
Posted Sep 24, 2013
Authored by Kristian Hermansen

IBM AIX versions 6.1 and 7.1 local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
advisories | CVE-2013-4011, OSVDB-95420
SHA-256 | 2044d2c0c7004c32aa43899957870c25f1b7d0b6493c5f27d7f0d26e92f87580
Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
SHA-256 | ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6
Gentoo Linux Security Advisory 201309-16
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-16 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 29.0.1457.57 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5116, CVE-2012-5117, CVE-2012-5118, CVE-2012-5119, CVE-2012-5120, CVE-2012-5121, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5127, CVE-2012-5128, CVE-2012-5130, CVE-2012-5132, CVE-2012-5133, CVE-2012-5135, CVE-2012-5136, CVE-2012-5137, CVE-2012-5138, CVE-2012-5139, CVE-2012-5140, CVE-2012-5141, CVE-2012-5142, CVE-2012-5143, CVE-2012-5144, CVE-2012-5145, CVE-2012-5146
SHA-256 | 293018f8600eb4af907da24f3a7de835c23ff421a14f1d5725376bc9025713ce
Red Hat Security Advisory 2013-1284-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1284-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
SHA-256 | 4bb7805d5def15a8dc28ddfaae2ef552d6d9441335f4d97325b7f1fdf1f7cc80
Gentoo Linux Security Advisory 201309-15
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-15 - Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. Versions less than 1.3.4d are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3555, CVE-2010-3867, CVE-2010-4221, CVE-2010-4652, CVE-2011-1137, CVE-2011-4130, CVE-2012-6095, CVE-2013-4359
SHA-256 | 791bb06b4102a706095adc46d590ae0b5ea0a225e56966180f59fa840c1de6d2
Ubuntu Security Notice USN-1967-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2013-1443, CVE-2013-4315, CVE-2013-1443, CVE-2013-4315
SHA-256 | b392b918c4a2132a058b80068ecb5d6b09912f2551f9368b0623a0e6b05f9241
Ubuntu Security Notice USN-1966-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1966-1 - Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4124
SHA-256 | ac2fb018077ff85b5f0ba303e50222cfa407826452614624bdce0b05b6b38069
Red Hat Security Advisory 2013-1283-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1283-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
SHA-256 | 63ebc0aa0fac12c356a13589f9eb998f453cf710856dedc04932ebb1d46ecd16
Red Hat Security Advisory 2013-1282-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1282-01 - RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4326
SHA-256 | 0c4ac21cdde7e806c617a55e30cacf46e89b8ea87b28d067577c29d5569e2e19
Gentoo Linux Security Advisory 201309-14
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-14 - Multiple vulnerabilities have been reported in MoinMoin, the worst of which may allow execution of arbitrary code. Versions less than 1.9.6 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6080, CVE-2012-6081, CVE-2012-6082, CVE-2012-6495
SHA-256 | 6a08d9bee44e6479fda1f205ce909241ff0aff3b3633609ae564bc28978818cf
Gentoo Linux Security Advisory 201309-13
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-13 - Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code. Versions less than 2.3.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-2221, CVE-2013-2222, CVE-2013-2223
SHA-256 | af3db29ede5b0c9e93ddaaa1bc876bbedc0791bc71711edafa2fe40be107e27c
Understanding C Integer Boundaries
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial to help facilitate the understanding of C integer boundaries (overflows and underflows).

tags | paper, overflow
SHA-256 | 9017f0c8e3e11504b161f2abf7f058a5d57d87373489674675bfd92f1d5caf25
Return-to-libc Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial discussing return-to-libc exploitation.

tags | paper
SHA-256 | f1935f980e5eab5d3c4772be6b97efb487d82c08b13fc527519a912c04c08094
WordPress Miniaudioplayer Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Miniaudioplayer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | dd8134a154849569a93f038bae0d108d64c84c09b21dab4477b068a0348be4f1
Debian Security Advisory 2763-1
Posted Sep 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2763-1 - It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.

tags | advisory, python
systems | linux, debian
advisories | CVE-2013-4314
SHA-256 | 49f7af93886cb2e4925c18af4a4080e0c1640e728c84299dcb893d6514dbfc87
WordPress LBG Zoominoutslider Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress LBG Zoominoutslider plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 44134a7e3bee4ab9d030999ba0179c1860102c9503e9a2eeff937b036916c103
Good For Enterprise 2.2.2.1611 Cross Site Scripting
Posted Sep 24, 2013
Authored by Mario

Good for Enterprise iOS application versions 2.2.2.1611 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
advisories | CVE-2013-5118
SHA-256 | 9824e01c248eb8f060865f76eace7ae4777a6461f7136f0972ad8ea4dc0eb4c3
WordPress Sharebar 1.2.5 Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | d28550236ec0587220af38f8654ee2cf9fccb27b1a29c80ead8598c11f6482e4
Integer Overflow / Underflow Exploitation Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses integer overflows and underflows.

tags | paper, overflow
SHA-256 | 9b9f3ebcd70a62a4189cceeaf49edd91a6d027ae60c29bc9f51bfd8eb1a1f3fa
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close