exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2013-10-30

vTiger CRM 5.3.0 / 5.4.0 Authenticated Remote Code Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

vTiger CRM allows an authenticated user to upload files to embed within documents. Due to insufficient privileges on the 'files' upload folder, an attacker can upload a PHP script and execute arbitrary PHP code remotely. This Metasploit module was tested against vTiger CRM v5.4.0 and v5.3.0.

tags | exploit, arbitrary, php
advisories | CVE-2013-3591
SHA-256 | bbcd3689cbd9914d5739cb0af4a9dcca7c841307f2ee05af37a9fcc839aed4a2
NAS4Free Arbitrary Remote Code Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This Metasploit module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well.

tags | exploit, web, php
advisories | CVE-2013-3631
SHA-256 | fbb827ba13b127c83e13d52ae23cb93628f4e71810cd8f99c67c4c5a187bb5f0
Zabbix Authenticated Remote Command Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This Metasploit module was tested against Zabbix version 2.0.9.

tags | exploit, arbitrary
advisories | CVE-2013-3628
SHA-256 | 337aba7aa6c0548a701c9d962e9e56e4ac6edce3bbb5c5f7b68fef1361fd8f09
ISPConfig Authenticated Arbitrary PHP Code Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. This Metasploit module was tested against version 3.0.5.2.

tags | exploit, arbitrary, php
advisories | CVE-2013-3629
SHA-256 | 500ad81c08959d6a17fb323607222ca4f12a1b9a2e830df3bd4af01d85b6423e
OpenMediaVault Cron Remote Command Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system (including root).

tags | exploit, arbitrary, root
advisories | CVE-2013-3632
SHA-256 | 94cc0202bafd6d8e09dab8de5983f2f26db28f5d5e4ab61e3830ec9bd40f3b41
Moodle Remote Command Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This Metasploit module was tested against Moodle version 2.5.2 and 2.2.3.

tags | exploit, web, arbitrary, shell
advisories | CVE-2013-3630
SHA-256 | c4365fd3140a745d4484ea06c3aca345da8ba6b0e3a266802b6ce0150e84b884
Drupal Monster Menus 7.x Access Bypass
Posted Oct 30, 2013
Authored by Dan Wilga | Site drupal.org

Drupal Monster Menus third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 5f32cfab027ca0d07ba7fab6164b0dc9fd923321eb5c5953e98eda5d404733cc
Drupal Feed Element Mapper 6.x Cross Site Scripting
Posted Oct 30, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Feed Element Mapper third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 01cf946f719793e7ae7380155b2b0b7156b6a797638bf67b2979cd46095751d9
TP-Link Cross Site Request Forgery Analysis
Posted Oct 30, 2013
Authored by Jakob Lell | Site jakoblell.com

This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers.

tags | paper, csrf
SHA-256 | 97ebb3cb84a6a9a66f84afff891ff378fa74b1e2ed747d6a5cd984a436456d72
Cisco Security Advisory 20131030-asr1000
Posted Oct 30, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains multiple denial of service vulnerabilities. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
SHA-256 | 361ac4c153e8e11f536ad24f61820d6d7753f7b1fcd84608dab5bf0e4c189047
D-Link Backdoor Czechr
Posted Oct 30, 2013
Authored by dustyfresh

This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor.

tags | exploit, php
SHA-256 | b0f9b07e55de0f72f7056f20fafc5118ca5dbd0af300d0146663b52ab3d742d7
Drupal Quiz 6.x Access Bypass
Posted Oct 30, 2013
Authored by nirvanajyothi, Cat Hirst | Site drupal.org

Drupal Quiz third party module version 6.x suffers from multiple access bypass vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 8b66e8062097fa6122f4a71d4ddb7e4911f0921fc0d6a5896c58cac8d8678c07
EMC Unisphere For VMAX Information Disclosure
Posted Oct 30, 2013
Site emc.com

EMC Unisphere for VMAX versions 1.0, 1.1, 1.5, and 1.6 suffer from an LDAP related information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2013-3287
SHA-256 | 284ce5088a33d17b96440bdf977da0257ddd9dcfb8aff5275fc57088bf34402b
CloudFlare Versus Incapsula: Round 2
Posted Oct 30, 2013
Authored by LiquidWorm, Humberto Cabrera, Stefan Petrushevski | Site zeroscience.mk

This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.

tags | paper, web
SHA-256 | 049e90fe97f45591ee478a6bbbd1000e75975f5dbc47b2e1e89cfc59d6426fdc
Drupal FileField Sources 6.x / 7.x Access Bypass
Posted Oct 30, 2013
Authored by Joseph Lee | Site drupal.org

Drupal FileField Sources third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | c2a6873038096514898f156b6894638a36a0ea0f9ec50e33e715d4526442147e
Web 2.0 Security And Privacy 2014 Call For Papers
Posted Oct 30, 2013
Site w2spconf.com

W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. The workshop will take place May 18th, 2014.

tags | paper, web, conference
SHA-256 | 70acc7274bf12747f9c47988852750b4fc23e87d7650e7750274540b904b94e4
Red Hat Security Advisory 2013-1482-01
Posted Oct 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1482-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.

tags | advisory
systems | linux, redhat
SHA-256 | b5a45ef51060858c390feddca19477f6f58524646a058045ef2e601887f94069
Red Hat Security Advisory 2013-1480-01
Posted Oct 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thunderbird JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
SHA-256 | 40d9e3609e2ba6d5725de6c60f3b0d183f1965ed065fe0107fe94369a0aefb3f
Beetel Connection Manager NetConfig.ini Buffer Overflow
Posted Oct 30, 2013
Authored by metacom, wvu | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow on Beetel Connection Manager. The vulnerability exists in the parsing of the UserName parameter in the NetConfig.ini file. The module has been tested successfully on PCW_BTLINDV1.0.0B04 over Windows XP SP3 and Windows 7 SP1.b.

tags | exploit, overflow
systems | windows
SHA-256 | 5725c9ac2f84dcb5cc5ed565457c90d22f10b51d892638c34a3586733b434570
ProcessMaker Open Source Authenticated PHP Code Execution
Posted Oct 30, 2013
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in the 'neoclassic' skin for ProcessMaker Open Source which allows any authenticated user to execute PHP code. The vulnerable skin is installed by default in version 2.x and cannot be removed via the web interface.

tags | exploit, web, php, code execution
advisories | OSVDB-99199
SHA-256 | eb45ad4835f0136226472801ecf8d83ecfdfe22caa02b7f28a680a48e9232df6
Mandriva Linux Security Advisory 2013-263
Posted Oct 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-263 - It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. The updated packages have been patched to correct this issue.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2013-6172
SHA-256 | 8d50b6112b0546125f273c950799e408ec087e55a01ae26499b797a02f8ab996
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close