what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-10-02

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
Posted Oct 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.

tags | exploit, remote, code execution, activex
systems | windows
advisories | OSVDB-93696
SHA-256 | e226e603a3f8f22c21c0f2712cbfeaa7a0838b3fecca9d66915509a6db1d2185
Red Hat Security Advisory 2013-1402-01
Posted Oct 2, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1402-01 - Adobe Reader allows users to view and print documents in Portable Document Format. Adobe Reader 9 reached the end of its support cycle on June 26, 2013, and will not receive any more security updates. Future versions of Adobe Acrobat Reader will not be available with Red Hat Enterprise Linux. The Adobe Reader packages in the Red Hat Network channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to the Adobe Reader packages.

tags | advisory
systems | linux, redhat
SHA-256 | 15112bbb2757da8d97c09071d647a3eed807bc162c6815d183d625c1fbc5bc1c
Drupal Quick Tabs 6.x / 7.x Access Bypass
Posted Oct 2, 2013
Authored by Steven William | Site drupal.org

Drupal Quick Tabs third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | b146de9016fc6e95091150c9aed5700cf4891ef1dd8f89a660eb7f867382efe5
Cisco Security Advisory 20131002-iosxr
Posted Oct 2, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, denial of service
systems | cisco, osx
SHA-256 | 6d404124b869068e9d1fb227d65ef05b716547ed226f50f43230aba22391e4c5
Gnew 2013.1 PHP File Inclusion / SQL Injection
Posted Oct 2, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Gnew version 2013.1 suffers from file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion
advisories | CVE-2013-5639, CVE-2013-5640
SHA-256 | 5199ad852acda0940d57030b7959f51f670c52fe7e8e02ec5f376e9a5ea53bec
GLPI 0.84.1 Access Control / Code Injection
Posted Oct 2, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
advisories | CVE-2013-5696
SHA-256 | eff44306fe558c9ddee7deaada237abd8335437f7528971070868f8ecce632f6
ClipBucket Remote Code Execution
Posted Oct 2, 2013
Authored by Gabby

ClipBucket suffers from a remote code execution vulnerability that allows for a shell upload.

tags | exploit, remote, shell, code execution
SHA-256 | da2f74182f3ada40b94de330c0a44721cab69310c2e568b8c1e64aae6164dbf2
Facebook Port Scanning / Open Redirect
Posted Oct 2, 2013
Authored by Dimopoulos Elias

The Facebook debugger tool allows for arbitrary port scanning through Facebook's systems, based upon responses received for open ports versus closed ports. In addition to this, Facebook suffers from an open redirection vulnerability.

tags | exploit, arbitrary
systems | linux
SHA-256 | 3d59bd6ecabdd925d88119c5b3ccec4e9cee1f6557665ba434f2bd600c213c89
WordPress Semper Fi Cross Site Scripting
Posted Oct 2, 2013
Authored by Charlie Briggs, Richard Clifford

The Semper Fi Web Design WordPress plugin suffers from a cross site scripting vulnerability due to the use of stripcslashes().

tags | exploit, web, xss
SHA-256 | 2c1c34797bbfda372b7ccd583f5cd48d7f0a94a81c2eabecd541fa90ca61a321
Digital Whisper Electronic Magazine #45
Posted Oct 2, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 45. Written in Hebrew.

tags | magazine
SHA-256 | b440a356de647c092c92d1c874bf443f68d9d4200aaf8fe6d6a412fa4dcca7f3
WordPress Social Hashtag 2.0.0 Cross Site Scripting
Posted Oct 2, 2013
Authored by Arsan

WordPress Social Hashtag plugin version 2.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7bf7ae4b6feba80a69e7d845f070293668773ceb1f16c07383517dbebe7de626
XPATH Injection
Posted Oct 2, 2013
Authored by Chetan Soni

This is a brief whitepaper that covers XPATH injection attacks and use cases.

tags | paper
SHA-256 | 72d2972397b3492bd0d1d375cb0e92be5b5ce54c9372c0809f8b6dc6a39cc58d
CodeCrypt 1.4
Posted Oct 2, 2013

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds a complete range of Cubehash-based algorithms. Crypto++ dependency is now optional. The KeyID algorithm has been changed, so old ciphertexts/signed messages may be incompatible with this version.
tags | encryption
systems | unix
SHA-256 | eee6b58d11a9fae9a72b635655881b8340d3bf27af3db8035b8ce96953f03074
Packet Storm New Exploits For September, 2013
Posted Oct 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 156 exploits added to Packet Storm in September, 2013.

tags | exploit
systems | linux
SHA-256 | dfb4ce944f8b9d50311d3c0f4103f34084e4c7841c73cd06b55a1514de0c82ba
PinApp Mail-SeCure Access Control Failure
Posted Oct 2, 2013
Authored by Core Security Technologies, John Petrusa | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was discovered in PineApp Mail-SeCure Suite, allowing a non-privileged attacker to get a root shell by sending a specially crafted command from the Mail-SeCure console. A valid user account is needed to launch the attack, so this is a privileged escalation vulnerability that can be exploited locally only. All Mail-SeCure versions prior to 3.70 are affected.

tags | exploit, shell, root
advisories | CVE-2013-4987
SHA-256 | d5784fca160f27d4512fc94c354e9db07e14b87205f4f9a1c92f11ca795c0ad8
Page 1 of 1

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By