seeing is believing
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-10-29

Apache Magicka Code Execution
Posted Oct 29, 2013
Authored by Kingcope

Apache and PHP remote command execution exploit that leverages php5-cgi.

tags | exploit, remote, cgi, php
advisories | CVE-2012-1823
MD5 | bdb5dbeddbd99bb47e41085bb02a8b97
Ubuntu Security Notice USN-2009-1
Posted Oct 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2013-5592, CVE-2013-5593, CVE-2013-5604, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5602, CVE-2013-5603, CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
MD5 | d99b26a3ad903065242c1173bde38da3
Red Hat Security Advisory 2013-1474-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | 9e13b2ee231bfa2a58a2ef96aa6b416b
Red Hat Security Advisory 2013-1473-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | b37cf5da1da6c875d4c240a0b265a21c
Red Hat Security Advisory 2013-1460-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1460-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | 7123c56c91833d1a35e693ed914d2ef0
Apache / PHP Remote Command Execution
Posted Oct 29, 2013
Authored by noptrix | Site nullsecurity.net

Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.

tags | exploit, remote, cgi, php, python
advisories | CVE-2012-1823
MD5 | 1b8cde875eff98bf11b70ba0d00606d8
Red Hat Security Advisory 2013-1476-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1476-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | 0670605d5acaaae6a3c2623c7347d636
Red Hat Security Advisory 2013-1475-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1475-01 - PostgreSQL is an advanced object-relational database management system. An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service or disclosure of certain portions of server memory. A flaw was found in the way the pgcrypto contrib module of PostgreSQL initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2013-0255, CVE-2013-1900
MD5 | dffdfbce766d683054eb367ab26deb30
EMC NetWorker Information Disclosure
Posted Oct 29, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could allow exposure of sensitive information under specific circumstances. EMC NetWorker version 8.0.x is affected.

tags | advisory
advisories | CVE-2013-3285
MD5 | f614cc7f3cbbb2cec2e4545dd6df1954
Olat CMS 7.8.0.1 Cross Site Scripting
Posted Oct 29, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Olat CMS version 7.8.0.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 0eab3c8f0ce95a8e9b225360ef8d5992
BlazeDVD 6.2 Buffer Overflow
Posted Oct 29, 2013
Authored by Mike Czumak

BlazeDVD version 6.2 SEH buffer overflow exploit that creates a malicious .plf file.

tags | exploit, overflow
MD5 | 42c9698e838fb4bf91ad88b5c4debb38
JBrute 0.97
Posted Oct 29, 2013
Authored by Gonzalo Camino

JBrute is a password cracking tool written in Java that uses both brute force and dictionary attack methodologies with a built-in rule pre-processor similar to John the Ripper. It supports several standard algorithms and several algorithms from proprietary applications (like Microsoft SQL Server, Oracle, SYBASE, and so on).

Changes: Various updates, bug fixes, and parameters added.
tags | tool, java, cracker
MD5 | 96116c4b6532526a5ee3d81be56f289d
ASUS RT-N13U Backdoor Account
Posted Oct 29, 2013
Authored by Shellster

The ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.

tags | exploit, web, shell, root
MD5 | a2364ad976a4429d601811b875726a35
Ops View Pre 4.4.1 Blind SQL Injection
Posted Oct 29, 2013
Authored by Jesus Oquendo

Ops View version pre 4.4.41 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5694
MD5 | cf326a65b9d6c1390e5e954c0543a072
sup Remote Command Execution
Posted Oct 29, 2013
Authored by joernchen

sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.

tags | exploit, arbitrary
MD5 | b418d622f18701cab2f2e2cdd40cedfd
WordPress Curvo Shell Upload
Posted Oct 29, 2013
Authored by Byakuya

WordPress Curvo theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 19463833b4bed17ab109121ce159095e
GTX CMS 2013 Optima XSS / SQL Injection
Posted Oct 29, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

GTX CMS 2013 Optima suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | cbddeb56326d78b52deed8c4dc5d7c37
Google Play Billing Bypass
Posted Oct 29, 2013
Authored by Dominik Schurmann

All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.

tags | advisory, vulnerability, bypass
MD5 | cb12fd4d1e90a23b8c164629f9856f8d
WordPress MoneyTheme Cross Site Scripting / Shell Upload
Posted Oct 29, 2013
Authored by DevilScreaM

WordPress MoneyTheme suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
MD5 | d4fe1ddcbd868953da90c60e862cc573
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close