Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2013-10-23

Drupal Spaces 6.x Access Bypass
Posted Oct 23, 2013
Authored by Hunter Fox | Site drupal.org

Drupal Spaces third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 68f5bff39d1becb61238f029224cbe5a
Cisco Security Advisory 20131023-iosxr
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling fragmented packets that may result in a denial of service condition of the Cisco CRS Route Processor cards listed under "Affected Products". The vulnerability affects IOS XR Software versions 3.3.0 to 4.2.0. The vulnerability is a result of improper handing of fragmented packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the SMU for CSCtz62593 are not affected by this vulnerability. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco, osx, ios
MD5 | 8c2de6956410d2f9e934cf1ae84f911a
GuppY 4.6.26 Cross Site Scripting
Posted Oct 23, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

GuppY version 4.6.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5983
MD5 | c1aa343bb240b013a29657cb2678ebc8
Cisco Security Advisory 20131023-ise
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains the arbitrary command execution and authentication bypass vulnerabilities. Successful exploitation of Cisco ISE Authenticated arbitrary command execution vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information download authentication bypass vulnerability could allow an attacker to obtain sensitive information including administrative credentials.

tags | advisory, remote, arbitrary, vulnerability, bypass
systems | cisco
MD5 | 6115bc70188e21023ae05f43ef885464
Cisco Security Advisory 20131023-struts2
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 880e2357eba28878d981e8854dc4bfcd
Ubuntu Security Notice USN-2005-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2005-1 - Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. Grant Murphy discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4183, CVE-2013-4202, CVE-2013-4179, CVE-2013-4183, CVE-2013-4202
MD5 | 68fde2bba6191a9a94f71a6848367f28
Ubuntu Security Notice USN-2004-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2004-1 - Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2013-4111
MD5 | 2586f1fb3026378543d100245a550d01
Ubuntu Security Notice USN-2002-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2002-1 - Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4222, CVE-2013-4294, CVE-2013-4222, CVE-2013-4294
MD5 | 2787b2fc28baaa1906fc542913c6e1b1
Ubuntu Security Notice USN-2003-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2003-1 - Stuart McLaren discovered that Glance did not properly enforce the 'download_image' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4428
MD5 | cd6cb914a26d099ea51602a193188323
Ubuntu Security Notice USN-2001-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2001-1 - Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4155
MD5 | 1ce01798afa0d67598a1b92efcbc24fc
Ubuntu Security Notice USN-2000-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2000-1 - It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. Grant Murphy discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-2256, CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-4278
MD5 | 2a2415dfc9be838098eb97aa06171021
Red Hat Security Advisory 2013-1456-01
Posted Oct 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1456-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073
MD5 | 74ee3e4f4378bbcb332594e8adee782f
Red Hat Security Advisory 2013-1455-01
Posted Oct 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1455-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561
MD5 | 3050bc1a4211c37368239e0c1b273a9b
Mandriva Linux Security Advisory 2013-257
Posted Oct 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-257 - Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the flaw has been fixed in NSS. The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11. The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory.

tags | advisory, remote, denial of service, root
systems | linux, mandriva
advisories | CVE-2013-1739
MD5 | 8a648b9822fbcb24a3dc6632eec688da
PHPCMS Guestbook Cross Site Scripting
Posted Oct 23, 2013
Authored by Robert At Cnmoker

The PHPCMS Guestbook module from phpcms.cn suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5939
MD5 | c95bfda64d3c68e38a66c2a54eebe1ed
LiveCart 1.4 Shell Upload
Posted Oct 23, 2013
Authored by DevilScreaM

LiveCart version 1.4 suffers from a remote PHP shell upload vulnerability.

tags | exploit, remote, shell, php
MD5 | f2a299885d8153ab028e354c281d10d0
WordPress DailyDeal Theme Shell Upload
Posted Oct 23, 2013
Authored by DevilScreaM

The WordPress DailyDeal theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | cfa040ec90d2a40100f863c65f38d9d2
WordPress e-Commerce Payment Gateways Caller Local File Inclusion
Posted Oct 23, 2013
Authored by Keith Makan

WordPress e-Commerce Payment Gateways Caller plugin versions prior to 0.1.1 suffer from a local file inclusion vulnerability.

tags | advisory, local, file inclusion
MD5 | 8704b3ac28dd913e748da42c136c5343
The Audit DSOs Of The RTLD
Posted Oct 23, 2013
Authored by x90c

This article discusses audit DSOs and how to write one.

tags | paper
MD5 | c7005b62435f7d880a945a6b242e3862
Packet Storm Advisory 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

Microsoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.

tags | advisory, arbitrary, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
MD5 | ca5e7fa75049ea31231c4272bb1b69be
Packet Storm Exploit 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
MD5 | 8f2f08abc21eb47fcebc2fa155f76257
EMC Replication Manager Command Execution
Posted Oct 23, 2013
Authored by temp66, Davy Douhine | Site metasploit.com

This Metasploit module exploits a remote command-injection vulnerability in EMC Replication Manager client (irccd.exe). By sending a specially crafted message invoking RunProgram function an attacker may be able to execute arbitrary code commands with SYSTEM privileges. Affected products are EMC Replication Manager < 5.3. This Metasploit module has been successfully tested against EMC Replication Manager 5.2.1 on XP/W2003. EMC Networker Module for Microsoft Applications 2.1 and 2.2 may be vulnerable too although this module have not been tested against these products.

tags | exploit, remote, arbitrary
advisories | CVE-2011-0647, OSVDB-70853
MD5 | 26587d19c683dea1c995ebd1dda3d223
Windows Management Instrumentation (WMI) Remote Command Execution
Posted Oct 23, 2013
Authored by Ben Campbell | Site metasploit.com

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that session. The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash. We do not get feedback from the WMIC command so there are no indicators of success or failure. The remote host must be configured to allow remote Windows Management Instrumentation.

tags | exploit, remote, tcp
systems | windows
advisories | CVE-1999-0504, OSVDB-3106
MD5 | fe5237b8e9c2a480e368f41b8248f79e
scanlogd 2.2.7
Posted Oct 23, 2013
Authored by Solar Designer | Site openwall.com

scanlogd is a system daemon which attempts to log all portscans of a host to the syslog, in a secure fashion.

Changes: An off-by-one bug in a safety check has been corrected. The bug did not affect scanlogd itself, but it may be a security issue in other projects reusing code from scanlogd. The license has been changed to heavily cut-down BSD.
tags | tool
systems | unix
MD5 | d89a028c8ae29b96458d0763f5a2d625
MODx 2.2.10 Cross Site Scripting
Posted Oct 23, 2013
Authored by Sojobo Dev Team

MODx version 2.2.10 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7472947512959326d2240d1874632ae2
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close