what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 17 of 17

Files Date: 2013-10-03

Mandriva Linux Security Advisory 2013-245

Posted Oct 3, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-245 - Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow

systems | linux, mandriva

advisories | CVE-2013-4359

SHA-256 | e4f9f86ca1ec517a8ee256a4c2d1c6b5b638a8a2f18528122bb728d1c874c6cd

Download | Favorite | View

Lynis Auditing Tool 1.3.1

Posted Oct 3, 2013

Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release has several generic updates, including adjustments of text and fixes in the detection of binaries, including performance tweaks. Several minor adjustments have been implemented to improve several audit checks.

tags | tool, scanner

systems | unix

SHA-256 | 10532b626e8182605e3ca9215d856a20145f776c30c729387f374dd753230a15

Download | Favorite | View

Zenphoto 1.4.5.2 Cross Site Scripting / SQL Injection

Posted Oct 3, 2013

Authored by Sojobo Dev Team

Zenphoto version 1.4.5.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 186e32de10a3e7dda397488f868c181cbea223eeaf97d5fa65c9c8a4de5db329

Download | Favorite | View

EMC Atmos Unauthenticated Database Access

Posted Oct 3, 2013

Site emc.com

Atmos nodes prior to version 2.1.4 allow connections to the remote PostgreSQL database server using a default user account with no password. The PostgreSQL database stores system information data used to administer Atmos nodes.

tags | advisory, remote

advisories | CVE-2013-3279

SHA-256 | 5e4ac6a7e0202c43697bfc3df33ee600bccdb3fee8349f53c8ffe61056868469

Download | Favorite | View

Citrix Netscaler 10.0 Denial Of Service

Posted Oct 3, 2013

Authored by S. Viehbock | Site sec-consult.com

A vulnerability was found in the nsconfigd daemon (TCP port 3008/SSL and 3010). This daemon can be crashed by sending a specially crafted message. No prior authentication is necessary. A watchdog daemon (pitboss) automatically restarts nsconfigd after the first six crashes and then reboots the appliance. By sending just a few packets the appliance can be kept in a constant reboot loop resulting in total loss of availability. The vulnerabilities have been verified to exist in Citrix NetScaler VPX (Build 70.7.nc), which was the most recent version at the time of discovery.

tags | advisory, tcp, vulnerability

SHA-256 | 58dcdce47632f720bc628f80305effb40ef074b20b017ef9442a1abcc451ee3b

Download | Favorite | View

HP Security Bulletin HPSBPI02892

Posted Oct 3, 2013

Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02892 - Potential security vulnerabilities have been identified with certain HP FutureSmart LaserJet printers. The vulnerabilities might lead to weak encryption of PDF documents or local disclosure of scanned information. Revision 1 of this advisory.

tags | advisory, local, vulnerability

advisories | CVE-2013-4828, CVE-2013-4829

SHA-256 | 6fa5d4c637fa52dc3ecd517150d8ee41c3cd9b916c71349e4ba1429fe5261fdf

Download | Favorite | View

Aanval 7.1 Build 70151 SQL Injection / Cross Site Scripting

Posted Oct 3, 2013

Authored by xistence

Aanval version 7.1 build 70151 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 25c6581c50e70623be4df653e794e6218f92804314f2bd7664a2d6b31e5a06b5

Download | Favorite | View

WebAssist PowerCMS PHP Cross Site Scripting

Posted Oct 3, 2013

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

WebAssist PowerCMS PHP suffers from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss

SHA-256 | 6fc868abcb18310896d829df9b0a6d0530380058beae2c964f7c7ac6f21c9eea

Download | Favorite | View

Apple Security Advisory 2013-10-03-1

Posted Oct 3, 2013

Authored by Apple | Site apple.com

Apple Security Advisory 2013-10-03-1 - OS X version 10.8.5 Supplemental Update is now available and addresses a logic issue in Directory Service's verification of authentication credentials.

tags | advisory

systems | apple, osx

advisories | CVE-2013-5163

SHA-256 | 4a73c6b3f66419ffc682c15f58284c701a52641d52fe5e8b937b967b4a687bdb

Download | Favorite | View

SilverStripe Framework CMS 3.0.5 Cross Site Scripting

Posted Oct 3, 2013

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SilverStripe Framework CMS version 3.0.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 2b771ae8f3a35f7ab9bc5a1fb65e5cce149fb153b8b308c95772c9a55632ada8

Download | Favorite | View

Hide Photo+Video Safe 1.6 LFI / XSS

Posted Oct 3, 2013

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Hide Photo+Video Safe version 1.6 suffers from local file inclusion and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion

SHA-256 | 2adba6964e32ad40cea84bbbc4d4d0e987f5a0d56241a0b542b1ced551b55897

Download | Favorite | View

ZeroShell 2.0 RC3 Command Injection / Cross Site Scripting

Posted Oct 3, 2013

Authored by xistence

ZeroShell version 2.0 RC3 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | c6b7a171ee0acfbc63038e7082d14a3c678fc1589e9e4db140b10e4c2c32b948

Download | Favorite | View

Security Guard CMS QT 4.7.3 Buffer Overflow

Posted Oct 3, 2013

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Security Guard CMS QT version 4.7.3 suffers from a local stack buffer overflow vulnerability.

tags | advisory, overflow, local

SHA-256 | e337b29c9abe7f018791eace7e3978986e243436724a2227c3ca3ec164dcbae3

Download | Favorite | View

elproLOG MONITOR WebAccess 2.1 XSS / SQL Injection

Posted Oct 3, 2013

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

elproLOG MONITOR WebAccess version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | d161c80d8b1e4da060ee9651719266cdc777ed36571d5f91f285927707c309e9

Download | Favorite | View

WordPress Slimstat Ex Code Execution

Posted Oct 3, 2013

Authored by wantexz

WordPress Slimstat Ex plugin remote PHP arbitrary code execution exploit.

tags | exploit, remote, arbitrary, php, code execution

SHA-256 | 8ed6ec6d5399189b0d500e2817fd117e9e5da303c52a66bce3ba5263df85eb15

Download | Favorite | View

Evince PDF Reader 2.32.0.145 / 3.4.0 Denial Of Service

Posted Oct 3, 2013

Authored by Deva

Evince PDF Reader versions 2.32.0.145 (Windows) and 3.4.0 (Linux) suffer from a denial of service vulnerability.

tags | exploit, denial of service

systems | linux, windows

SHA-256 | 991428249cbe929860d2599990338a2127ae1aebe48f41fc531a342c63cdaffe

Download | Favorite | View

WordPress SEO Watcher Remote Code Execution

Posted Oct 3, 2013

Authored by wantexz

WordPress SEO Watcher plugin remote code execution exploit.

tags | exploit, remote, code execution

SHA-256 | f4717c8b12ddb539492284d5c7dfd2d0f0f2fa6e209a9c9fa7e6515d4d4d7940

Download | Favorite | View