Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-10-17

Oracle Portal Demo Organization Chart PL/SQL Injection
Posted Oct 17, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

Oracle Portal Demo Organization Chart suffers from multiple remote PL/SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2013-3831
MD5 | b9a29359a5f067565efbbee9f0981e2d
Microweber 0.8 Arbitrary File Deletion
Posted Oct 17, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Microweber version 0.8 suffers from an arbitrary, unauthenticated file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2013-5984
MD5 | a6c187e9010ce64239088a308d92830b
Apple Security Advisory 2013-10-15-1
Posted Oct 17, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-10-15-1 - Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_65.

tags | advisory, java, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825
MD5 | 71eca77f6b1a5478048c10eec50b5d5d
Red Hat Security Advisory 2013-1442-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1442-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, file upload
systems | linux, redhat
advisories | CVE-2013-2186
MD5 | f74ddbed219a0e7a2052f1c11bf0e20a
Red Hat Security Advisory 2013-1440-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1440-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818
MD5 | 0e67dab91513a3b4b0b916c1d34f62d9
Red Hat Security Advisory 2013-1441-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1441-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287
MD5 | d5237acfdbe6115690e438c89c5b3f95
Ubuntu Security Notice USN-1990-1
Posted Oct 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1990-1 - Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2013-4396, CVE-2013-1056, CVE-2013-1056, CVE-2013-4396
MD5 | 9bfdc9071e74f18252466fa996e40e52
Mandriva Linux Security Advisory 2013-250
Posted Oct 17, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-250 - Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of but as of 20120816, Oracle has not commented on this possibility. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. The updated packages have been upgraded to the 5.1.72 version which is not vulnerable to these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-2750, CVE-2013-3839
MD5 | 5f50f1325f16e495872098bdbdb105a5
Gentoo Linux Security Advisory 201310-11
Posted Oct 17, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-11 - An insecure temporary file usage has been reported in the Perl Parallel-ForkManager module, possibly allowing symlink attacks. Versions less than 1.20.0 are affected.

tags | advisory, perl
systems | linux, gentoo
advisories | CVE-2011-4115
MD5 | 3f450e93b3c3e4f6905b069eac8a7621
Gentoo Linux Security Advisory 201310-10
Posted Oct 17, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-10 - Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition. Versions less than 1.3.0 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1923, CVE-2012-2130, CVE-2013-0169, CVE-2013-1621, CVE-2013-4623, CVE-2013-5915
MD5 | 7c56797a7a48a3ecc25b0f437e0b1985
Oracle Java SE 7 Issue 69
Posted Oct 17, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.

tags | advisory, java
MD5 | 5eeb32459ed3fb2358ee8ce3835f94af
PayPal Mail Encoding Script Insertion
Posted Oct 17, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal suffered from a mail encoding flaw that allowed for script insertion.

tags | exploit
MD5 | 46d023cb7b2112ff2876deca84b8ab98
WordPress Image Resizer Cross Site Scripting
Posted Oct 17, 2013
Authored by Ashiyane Digital Security Team

WordPress wp-image-resizer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 029b9ad0d5fd69bfbfc6fd69510aa91b
Level One Enterprise Access Points Password Disclosure
Posted Oct 17, 2013
Authored by Richard Weinberger

Level1 EAP Devices offer a function do download the device config file. This download mechanism is not properly protected such that an attacker can download the config file without authentication. Passwords can be retrieved at this point.

tags | exploit
MD5 | 404de105dc5321053945e97dcecbf6e4
Red Hat Security Advisory 2013-1437-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1437-01 - This Red Hat JBoss Portal 6.1.0 release serves as a replacement for 6.0.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-4529, CVE-2012-4572, CVE-2012-5575, CVE-2013-1921, CVE-2013-2067, CVE-2013-2102, CVE-2013-2160, CVE-2013-2172, CVE-2013-4112, CVE-2013-4128, CVE-2013-4213
MD5 | c3d6165d5ee0adc08d405a45ff63527f
Red Hat Security Advisory 2013-1436-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1436-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-4162, CVE-2013-4299
MD5 | a5ce9a9aab5dc05ce655e71ccd4a651e
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close