all things security
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-10-02

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
Posted Oct 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.

tags | exploit, remote, code execution, activex
systems | windows, xp, 7
advisories | OSVDB-93696
MD5 | 28ccc8a6b178310297fa38093831ae80
Red Hat Security Advisory 2013-1402-01
Posted Oct 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1402-01 - Adobe Reader allows users to view and print documents in Portable Document Format. Adobe Reader 9 reached the end of its support cycle on June 26, 2013, and will not receive any more security updates. Future versions of Adobe Acrobat Reader will not be available with Red Hat Enterprise Linux. The Adobe Reader packages in the Red Hat Network channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to the Adobe Reader packages.

tags | advisory
systems | linux, redhat
MD5 | b9fd1c4dd214820209c299bfc799aaa1
Drupal Quick Tabs 6.x / 7.x Access Bypass
Posted Oct 2, 2013
Authored by Steven William | Site drupal.org

Drupal Quick Tabs third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 3b7a547bf610d02e4de89677bdf2a205
Cisco Security Advisory 20131002-iosxr
Posted Oct 2, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, denial of service
systems | cisco, osx
MD5 | 10faf9f5ef05984186f1a6b980fb83f0
Gnew 2013.1 PHP File Inclusion / SQL Injection
Posted Oct 2, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Gnew version 2013.1 suffers from file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion
advisories | CVE-2013-5639, CVE-2013-5640
MD5 | 27c79cd49c3d1915b20632df2093d04d
GLPI 0.84.1 Access Control / Code Injection
Posted Oct 2, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
advisories | CVE-2013-5696
MD5 | 111f2e2c481378f2a0a512d1963e88a1
ClipBucket Remote Code Execution
Posted Oct 2, 2013
Authored by Gabby

ClipBucket suffers from a remote code execution vulnerability that allows for a shell upload.

tags | exploit, remote, shell, code execution
MD5 | c9c7067c011ad00385d327bc7699a3bd
Facebook Port Scanning / Open Redirect
Posted Oct 2, 2013
Authored by Dimopoulos Elias

The Facebook debugger tool allows for arbitrary port scanning through Facebook's systems, based upon responses received for open ports versus closed ports. In addition to this, Facebook suffers from an open redirection vulnerability.

tags | exploit, arbitrary
systems | linux
MD5 | 2d16f12622de85100fd9e91845bef4fd
WordPress Semper Fi Cross Site Scripting
Posted Oct 2, 2013
Authored by Charlie Briggs, Richard Clifford

The Semper Fi Web Design WordPress plugin suffers from a cross site scripting vulnerability due to the use of stripcslashes().

tags | exploit, web, xss
MD5 | 7dc0f3302a00ccddc3e85ab268b71556
Digital Whisper Electronic Magazine #45
Posted Oct 2, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 45. Written in Hebrew.

tags | magazine
MD5 | 6e08aacd725f1d8168c9ea36b94db4d2
WordPress Social Hashtag 2.0.0 Cross Site Scripting
Posted Oct 2, 2013
Authored by Arsan

WordPress Social Hashtag plugin version 2.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dee14cc4dee4777f48b6453f3bad6f83
XPATH Injection
Posted Oct 2, 2013
Authored by Chetan Soni

This is a brief whitepaper that covers XPATH injection attacks and use cases.

tags | paper
MD5 | 9d0a94c181895a2a10ed0a785f5abcc1
CodeCrypt 1.4
Posted Oct 2, 2013

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds a complete range of Cubehash-based algorithms. Crypto++ dependency is now optional. The KeyID algorithm has been changed, so old ciphertexts/signed messages may be incompatible with this version.
tags | encryption
systems | unix
MD5 | c484c24beccd33c20fc912149ffe08ad
Packet Storm New Exploits For September, 2013
Posted Oct 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 156 exploits added to Packet Storm in September, 2013.

tags | exploit
systems | linux
MD5 | 234f4e5f1ade70577f7f93a8a8fad72d
PinApp Mail-SeCure Access Control Failure
Posted Oct 2, 2013
Authored by Core Security Technologies, John Petrusa | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was discovered in PineApp Mail-SeCure Suite, allowing a non-privileged attacker to get a root shell by sending a specially crafted command from the Mail-SeCure console. A valid user account is needed to launch the attack, so this is a privileged escalation vulnerability that can be exploited locally only. All Mail-SeCure versions prior to 3.70 are affected.

tags | exploit, shell, root
advisories | CVE-2013-4987
MD5 | a55819a06c6cdf1dc1795de1eca29e6f
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close