what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-10-07

HP LoadRunner magentproc.exe Overflow
Posted Oct 7, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP LoadRunner before 11.52. The vulnerability exists on the LoadRunner Agent Process magentproc.exe. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2013-4800, OSVDB-95644
SHA-256 | 10612d367689153f57bead46fbc7d9c3f559849d4f0dbdad9c6bf963f80e878d
GestioIP Remote Command Execution
Posted Oct 7, 2013
Authored by bperry | Site metasploit.com

This Metasploit module exploits a command injection flaw to create a shell script on the filesystem and execute it. If GestioIP is configured to use no authentication, no password is required to exploit the vulnerability. Otherwise, an authenticated user is required to exploit.

tags | exploit, shell
SHA-256 | ff466c810472f8a9143ae99e56a4e7b6a912136e28c211e79853a3acf85c2641
ClipBucket Remote Code Execution
Posted Oct 7, 2013
Authored by Gabby | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket version 2.6 and lower. The script "/admin_area/charts/ofc-library/ofc_upload_image.php" can be used to upload arbitrary code without any authentication. This Metasploit module has been tested on version 2.6 on CentOS 5.9 32-bit.

tags | exploit, arbitrary, php
systems | linux, centos
SHA-256 | 81de352ecf23e3b327062e9f36fae90c61585126242110b19930863e60e3b355
FlashChat Arbitrary File Upload
Posted Oct 7, 2013
Authored by x-hayben21 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in FlashChat versions 6.0.2 and 6.0.4 to 6.0.8. Attackers can abuse the upload feature in order to upload malicious PHP files without authentication which results in arbitrary remote code execution as the web server user.

tags | exploit, remote, web, arbitrary, php, code execution, file upload
SHA-256 | b230ba5108504e4b3b85c2257c49c24de506b5124902d8bf02423c42657b5bcc
Vanilla Forums 2.0.18.5 Local File Inclusion
Posted Oct 7, 2013
Authored by EgiX

Vanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion.

tags | exploit, local, php, file inclusion
advisories | CVE-2013-3528
SHA-256 | 829bb0d9cc0b99656c9ede4877cba82c24d8fcd7cfe7d08bf5d263689320b351
Gentoo Linux Security Advisory 201310-03
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-3 - Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609, CVE-2009-3938, CVE-2010-3702, CVE-2010-3703, CVE-2010-3704, CVE-2010-4653, CVE-2010-4654, CVE-2012-2142
SHA-256 | 16eefcedc1f920563836019127836503bea995cfd0361da741d9651c6c38a920
Gentoo Linux Security Advisory 201310-02
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-2 - A vulnerability in isync could allow remote attackers to perform man-in-the-middle attacks. Versions less than 1.0.6 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2013-0289
SHA-256 | 8e33e50b6405effe0c44051a4a03921ca7cef243231fe9e702879cba5f544d38
Mandriva Linux Security Advisory 2013-246
Posted Oct 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-246 - The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-1768
SHA-256 | 4c55eb37a5c44844f39ac7313f686937c8667264af98281b9744075ef79ef28c
Red Hat Security Advisory 2013-1409-01
Posted Oct 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1409-01 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-4342
SHA-256 | 68e4349cfed4878328d640d99759481b78b8334bcff91a081146314aaee59df9
Red Hat Security Advisory 2013-1410-01
Posted Oct 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1410-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following security issues: Restlet applications which use ObjectRepresentation to map HTTP request data directly to an object deserialize arbitrary user-provided XML using XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform arbitrary remote code execution in the context of the server running the Restlet application.

tags | advisory, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4221, CVE-2013-4271, CVE-2013-4330
SHA-256 | a24fddd4e2ba4576b30f95a9dbb4f56350f5ec1ec9fc44a697a1fa670279e6f0
Gentoo Linux Security Advisory 201310-06
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-6 - A buffer overflow vulnerability in Aircrack-ng could result in execution of arbitrary code or Denial of Service. Versions less than 1.1-r2 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-1159
SHA-256 | a2c8b5440abd7e9b421ab7e0789591408393129385c154405cb2806b7d132f29
Gentoo Linux Security Advisory 201310-05
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-5 - A vulnerability in GEGL might allow a remote attacker to execute arbitrary code. Versions less than 0.2.0-r2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4433
SHA-256 | 549b2ac5e60132b35cc3491c45867ebb780bef628825ee306f76a35091ad58e0
Gentoo Linux Security Advisory 201310-04
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-4 - Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Versions less than 1.4.1-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0337, CVE-2013-2028, CVE-2013-2070
SHA-256 | d96dcaaddb6063a984eba219fdaa3a2560cef2dd98977d295609980830ed7f5d
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
Posted Oct 7, 2013
Authored by Juan Carlos Garcia

Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues.

tags | exploit, remote, denial of service, vulnerability, xss, sql injection, info disclosure, csrf
SHA-256 | 86e6756e6360245c7ec7594467c4b1d5869733852ffe83875227e09f6118918a
Apple Motion 5.0.7 Integer Overflow
Posted Oct 7, 2013
Authored by Jean Pascal Pereira

Apple Motion version 5.0.7 suffers from an integer overflow overflow vulnerability.

tags | exploit, overflow
systems | apple
SHA-256 | 91c40a0f5210a72956be6cab5d6bbc2cbf117ff75e22221cb0d96af1905ecbb3
S-Mail.com PHP / Apache Issues
Posted Oct 7, 2013
Authored by Juan Carlos Garcia

Secure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.

tags | advisory, php, vulnerability
SHA-256 | bcf4a8a35493dc589f526c3acdfdd2b8596c418c332e7d75666242af1c71a388
WordPress Woopra Remote Code Execution
Posted Oct 7, 2013
Authored by wantexz

WordPress Woopra plugin remote PHP arbitrary code execution exploit.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | 13097707eaa1cba018927d5aee73de7371e496620238497f38fad906da8209d2
Chiangraientersoft HTML Injection
Posted Oct 7, 2013
Authored by DevilScreaM

Sites using the Chiangraientersoft code base suffer from a html injection vulnerability that can allow for cross site scripting attacks. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | d38dda3ba4898e2f3f8c1b2ef87a8eeca9e35edf1c91e895409139fe5385b109
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close