accept no compromises
Showing 1 - 25 of 400 RSS Feed

Files Date: 2013-10-01 to 2013-10-31

vTiger CRM 5.3.0 / 5.4.0 Authenticated Remote Code Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

vTiger CRM allows an authenticated user to upload files to embed within documents. Due to insufficient privileges on the 'files' upload folder, an attacker can upload a PHP script and execute arbitrary PHP code remotely. This Metasploit module was tested against vTiger CRM v5.4.0 and v5.3.0.

tags | exploit, arbitrary, php
advisories | CVE-2013-3591
MD5 | f9527bf1c4d5e68b3bb1234d05074da3
NAS4Free Arbitrary Remote Code Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This Metasploit module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well.

tags | exploit, web, php
advisories | CVE-2013-3631
MD5 | c020ad36feff3b44ae4323ae234db53d
Zabbix Authenticated Remote Command Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This Metasploit module was tested against Zabbix version 2.0.9.

tags | exploit, arbitrary
advisories | CVE-2013-3628
MD5 | 174edff153674935af6e4b4c43da1dcd
ISPConfig Authenticated Arbitrary PHP Code Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. This Metasploit module was tested against version 3.0.5.2.

tags | exploit, arbitrary, php
advisories | CVE-2013-3629
MD5 | dff48963b3cf6b151cf07fef50095052
OpenMediaVault Cron Remote Command Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system (including root).

tags | exploit, arbitrary, root
advisories | CVE-2013-3632
MD5 | 2cdc9640a702841616097d34f30fac60
Moodle Remote Command Execution
Posted Oct 30, 2013
Authored by Brandon Perry | Site metasploit.com

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This Metasploit module was tested against Moodle version 2.5.2 and 2.2.3.

tags | exploit, web, arbitrary, shell
advisories | CVE-2013-3630
MD5 | 7964a087595c8dfa446e972b74ec6d64
Drupal Monster Menus 7.x Access Bypass
Posted Oct 30, 2013
Authored by Dan Wilga | Site drupal.org

Drupal Monster Menus third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 48c402d729d1d8fb245381edb89fb743
Drupal Feed Element Mapper 6.x Cross Site Scripting
Posted Oct 30, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Feed Element Mapper third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 90cad66f3376cb895ea6b526f4d2892c
TP-Link Cross Site Request Forgery Analysis
Posted Oct 30, 2013
Authored by Jakob Lell | Site jakoblell.com

This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers.

tags | paper, csrf
MD5 | c0a3524a490f09fa505fa967307a389e
Cisco Security Advisory 20131030-asr1000
Posted Oct 30, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains multiple denial of service vulnerabilities. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
MD5 | 4f7333e0afe6e43335d3ba0b5ede94fd
D-Link Backdoor Czechr
Posted Oct 30, 2013
Authored by dustyfresh

This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor.

tags | exploit, php
MD5 | 48621cb91d15bf5a22d97af97d22a8ac
Drupal Quiz 6.x Access Bypass
Posted Oct 30, 2013
Authored by nirvanajyothi, Cat Hirst | Site drupal.org

Drupal Quiz third party module version 6.x suffers from multiple access bypass vulnerabilities.

tags | advisory, vulnerability
MD5 | a88dcca090def5cb305f966bc8a1ee47
EMC Unisphere For VMAX Information Disclosure
Posted Oct 30, 2013
Site emc.com

EMC Unisphere for VMAX versions 1.0, 1.1, 1.5, and 1.6 suffer from an LDAP related information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2013-3287
MD5 | a0c5c86f48497b126155ea8fa5971a9c
CloudFlare Versus Incapsula: Round 2
Posted Oct 30, 2013
Authored by Gjoko Krstic, Humberto Cabrera, Stefan Petrushevski | Site zeroscience.mk

This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.

tags | paper, web
MD5 | e34c141844b6ea5bac3471427cb3e902
Drupal FileField Sources 6.x / 7.x Access Bypass
Posted Oct 30, 2013
Authored by Joseph Lee | Site drupal.org

Drupal FileField Sources third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 78d140fb66dd225af3a9166550cfd79c
Web 2.0 Security And Privacy 2014 Call For Papers
Posted Oct 30, 2013
Site w2spconf.com

W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. The workshop will take place May 18th, 2014.

tags | paper, web, conference
MD5 | 802b642d7a1eeac40ef00a76e41cba50
Red Hat Security Advisory 2013-1482-01
Posted Oct 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1482-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.

tags | advisory
systems | linux, redhat
MD5 | 420b7de6493391a703ff9ff8c0d7841e
Red Hat Security Advisory 2013-1480-01
Posted Oct 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thunderbird JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | c85780837dfcd3b0c46e2a61dc9a0f49
Beetel Connection Manager NetConfig.ini Buffer Overflow
Posted Oct 30, 2013
Authored by metacom, wvu | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow on Beetel Connection Manager. The vulnerability exists in the parsing of the UserName parameter in the NetConfig.ini file. The module has been tested successfully on PCW_BTLINDV1.0.0B04 over Windows XP SP3 and Windows 7 SP1.b.

tags | exploit, overflow
systems | windows, xp, 7
MD5 | 5eee60d18123b1614e05de36dca9f2aa
ProcessMaker Open Source Authenticated PHP Code Execution
Posted Oct 30, 2013
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in the 'neoclassic' skin for ProcessMaker Open Source which allows any authenticated user to execute PHP code. The vulnerable skin is installed by default in version 2.x and cannot be removed via the web interface.

tags | exploit, web, php, code execution
advisories | OSVDB-99199
MD5 | ecb230017a0837b04f48532b97f21dd3
Mandriva Linux Security Advisory 2013-263
Posted Oct 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-263 - It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. The updated packages have been patched to correct this issue.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2013-6172
MD5 | 965e821dd48f82ea5726742aaab4d57b
Apache Magicka Code Execution
Posted Oct 29, 2013
Authored by Kingcope

Apache and PHP remote command execution exploit that leverages php5-cgi.

tags | exploit, remote, cgi, php
advisories | CVE-2012-1823
MD5 | bdb5dbeddbd99bb47e41085bb02a8b97
Ubuntu Security Notice USN-2009-1
Posted Oct 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2013-5592, CVE-2013-5593, CVE-2013-5604, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5602, CVE-2013-5603, CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
MD5 | d99b26a3ad903065242c1173bde38da3
Red Hat Security Advisory 2013-1474-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | 9e13b2ee231bfa2a58a2ef96aa6b416b
Red Hat Security Advisory 2013-1473-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | b37cf5da1da6c875d4c240a0b265a21c
Page 1 of 16
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close