seeing is believing
Showing 1 - 8 of 8 RSS Feed

Files Date: 2013-09-26

Astium Remote Code Execution
Posted Sep 26, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.

tags | exploit, remote, web, arbitrary, local, root, php, vulnerability, code execution, sql injection
advisories | OSVDB-88860
MD5 | 432ed72ac7cc26bfbd358d5604b17bd2
Red Hat Security Advisory 2013-1292-01
Posted Sep 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2012-3511, CVE-2013-2141, CVE-2013-4162
MD5 | 431af5caa713d02a87c8868f96420d36
EMC VPLEX Information Disclosure
Posted Sep 26, 2013
Site emc.com

EMC VPLEX contains a vulnerability that stores the LDAP/AD bind password in plain text in the VPLEX management server configuration file. This can potentially be exploited by a malicious user who has access to the configuration file to obtain the sensitive password and gain privileged access to protected resources. Affected versions include EMC VPLEX Local/Metro/Geo with GeoSynchrony 5.2 Patch1 and below.

tags | advisory, local
advisories | CVE-2013-3278
MD5 | d63eb6ff8de7e45e16326dd32356a72e
mod_accounting 0.5 Blind SQL Injection
Posted Sep 26, 2013
Authored by Wireghoul

mod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5697
MD5 | 6c05a142030e492bec48c90159aac337
XAMPP 1.8.1 Local Write Access
Posted Sep 26, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk.

tags | exploit, local
advisories | CVE-2013-2586
MD5 | ceaa4484ed6ee7b162e38edd366cf8b1
LinkedIn Cross Site Scripting
Posted Sep 26, 2013
Authored by Eduardo Garcia Melia | Site isecauditors.com

The LinkedIn social network suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 49f061faaa526fdfdaa2c86e64468882
Mandriva Linux Security Advisory 2013-242
Posted Sep 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-242 - Multiple vulnerabilities has been found and corrected in the Linux kernel. Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service via a crafted device that provides an invalid Report ID. drivers/hid/hid-zpff.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. drivers/hid/hid-pl.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. Various other issues were also addressed. The updated packages provides a solution for these security issues.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4162, CVE-2013-4163, CVE-2013-4254
MD5 | 39a874396da5d8bde1097836cabd52b8
Red Hat Security Advisory 2013-1286-01
Posted Sep 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1286-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 3 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0, including bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4372
MD5 | acbb507a788d402eebf38f027deb9772
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close