the original cloud security
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-10-07

HP LoadRunner magentproc.exe Overflow
Posted Oct 7, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP LoadRunner before 11.52. The vulnerability exists on the LoadRunner Agent Process magentproc.exe. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2013-4800, OSVDB-95644
MD5 | aaa58205dd6d6eff3740467bef8496dd
GestioIP Remote Command Execution
Posted Oct 7, 2013
Authored by bperry | Site metasploit.com

This Metasploit module exploits a command injection flaw to create a shell script on the filesystem and execute it. If GestioIP is configured to use no authentication, no password is required to exploit the vulnerability. Otherwise, an authenticated user is required to exploit.

tags | exploit, shell
MD5 | a1bf71b26d2eec6ef53cbdc049d4c735
ClipBucket Remote Code Execution
Posted Oct 7, 2013
Authored by Gabby | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket version 2.6 and lower. The script "/admin_area/charts/ofc-library/ofc_upload_image.php" can be used to upload arbitrary code without any authentication. This Metasploit module has been tested on version 2.6 on CentOS 5.9 32-bit.

tags | exploit, arbitrary, php
systems | linux, centos
MD5 | c62007c943c9b015fa58412ec3a8a406
FlashChat Arbitrary File Upload
Posted Oct 7, 2013
Authored by x-hayben21 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in FlashChat versions 6.0.2 and 6.0.4 to 6.0.8. Attackers can abuse the upload feature in order to upload malicious PHP files without authentication which results in arbitrary remote code execution as the web server user.

tags | exploit, remote, web, arbitrary, php, code execution, file upload
MD5 | 88a119b53572dc173d3b712b506a8f6e
Vanilla Forums 2.0.18.5 Local File Inclusion
Posted Oct 7, 2013
Authored by EgiX

Vanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion.

tags | exploit, local, php, file inclusion
advisories | CVE-2013-3528
MD5 | 8ca4ff041c8771d6f49da028be9cdc5e
Gentoo Linux Security Advisory 201310-03
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-3 - Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609, CVE-2009-3938, CVE-2010-3702, CVE-2010-3703, CVE-2010-3704, CVE-2010-4653, CVE-2010-4654, CVE-2012-2142
MD5 | 9d698e86a4c6e0b1408266880570bae1
Gentoo Linux Security Advisory 201310-02
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-2 - A vulnerability in isync could allow remote attackers to perform man-in-the-middle attacks. Versions less than 1.0.6 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2013-0289
MD5 | e25c887c78479e517785e6c0b38350fe
Mandriva Linux Security Advisory 2013-246
Posted Oct 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-246 - The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-1768
MD5 | da86cf1276b1916c7c3234f006be8638
Red Hat Security Advisory 2013-1409-01
Posted Oct 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1409-01 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-4342
MD5 | 15aee953d1bd54c977a8f5fc59e1e6c8
Red Hat Security Advisory 2013-1410-01
Posted Oct 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1410-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following security issues: Restlet applications which use ObjectRepresentation to map HTTP request data directly to an object deserialize arbitrary user-provided XML using XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform arbitrary remote code execution in the context of the server running the Restlet application.

tags | advisory, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4221, CVE-2013-4271, CVE-2013-4330
MD5 | b0b9399662f00c2e613c729c6bfe593d
Gentoo Linux Security Advisory 201310-06
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-6 - A buffer overflow vulnerability in Aircrack-ng could result in execution of arbitrary code or Denial of Service. Versions less than 1.1-r2 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-1159
MD5 | f2902e9dfd1fdd1deb893dd3465ddd87
Gentoo Linux Security Advisory 201310-05
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-5 - A vulnerability in GEGL might allow a remote attacker to execute arbitrary code. Versions less than 0.2.0-r2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4433
MD5 | dcbcc4cfa582d169bdb1fa6fc24bf1dc
Gentoo Linux Security Advisory 201310-04
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-4 - Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Versions less than 1.4.1-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0337, CVE-2013-2028, CVE-2013-2070
MD5 | 10584c0bc5bcf6c2caac9e3fa0d48661
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
Posted Oct 7, 2013
Authored by Juan Carlos Garcia

Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues.

tags | exploit, remote, denial of service, vulnerability, xss, sql injection, info disclosure, csrf
MD5 | 129ad4bfa860653849102b0facf37753
Apple Motion 5.0.7 Integer Overflow
Posted Oct 7, 2013
Authored by Jean Pascal Pereira

Apple Motion version 5.0.7 suffers from an integer overflow overflow vulnerability.

tags | exploit, overflow
systems | apple
MD5 | f694d24a558f405de8893f009685c7d0
S-Mail.com PHP / Apache Issues
Posted Oct 7, 2013
Authored by Juan Carlos Garcia

Secure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.

tags | advisory, php, vulnerability
MD5 | e7865d656493c7b1b8db59ef1ef67dad
WordPress Woopra Remote Code Execution
Posted Oct 7, 2013
Authored by wantexz

WordPress Woopra plugin remote PHP arbitrary code execution exploit.

tags | exploit, remote, arbitrary, php, code execution
MD5 | ed89e7cd80c4aaeb320d331c2835fe9f
Chiangraientersoft HTML Injection
Posted Oct 7, 2013
Authored by DevilScreaM

Sites using the Chiangraientersoft code base suffer from a html injection vulnerability that can allow for cross site scripting attacks. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 9584dfd6e4989d7cbab606153c799e41
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close