the original cloud security
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-11-04

Practico 13.9 XSS / CSRF / SQL Injection
Posted Nov 4, 2013
Authored by LiquidWorm | Site zeroscience.mk

Practico version 13.9 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 7b07e6cbcfa100609e03f0b56df0bddb
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.

tags | exploit, overflow
MD5 | 3b8faf6963fc783e259dc9fc505280d9
Bluelog Bluetooth Scanner/Logger 1.1.2
Posted Nov 4, 2013
Authored by Tom Nardi | Site digifail.com

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.

Changes: This minor release primarily dealt with visual and functional improvements to Bluelog Live mode. Bluelog Live now has a new default theme, as well as a novelty theme for fun, and there is improved support for more complex themes. README.LIVE was updated with more information. There was also documentation improvement and pruning across the board, a new target for the Pwnie Express Pwn Pad, and a fix for a critical bug with the obfuscate (-x) function.
tags | tool, web, wireless
systems | unix
MD5 | 614d0fe65bae68acff1d33d9f86e4805
HP Security Bulletin HPSBMU02931 2
Posted Nov 4, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02931 2 - A potential security vulnerability has been identified with HP Service Manager. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Note: this Service Manager update includes updated Apache Tomcat, OpenSSL, Oracle JRE that addresses security issues in those components. Revision 2 of this advisory.

tags | advisory, remote, arbitrary, vulnerability, xss
advisories | CVE-2013-4830, CVE-2013-4831, CVE-2013-4832, CVE-2013-4833
MD5 | aa5d5fe6a7c2bb7909db22a83fb2e255
Apache Tomcat 5.5.25 Cross Site Request Forgery
Posted Nov 4, 2013
Authored by Ivano Binetti

Apache Tomcat version 5.5.25 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2013-6357
MD5 | 199d7e06032e547bb9de384b106023df
eCryptfs write_tag_3_packet Heap Buffer Overflow
Posted Nov 4, 2013
Authored by x90c

eCryptfs in Linux kernel version 2.6.18 suffer from a write_tag_3_packet heap buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux
MD5 | 36ef8088c331c08b1c5031de9a53fc15
Debian Security Advisory 2789-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2789-1 - A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6075
MD5 | 7b5367f1ace1615afe92e94c472bea6c
Red Hat Security Advisory 2013-1500-01
Posted Nov 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1500-01 - gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-2673
MD5 | def74d40d7f3ee96803eebfd1edc25e1
Debian Security Advisory 2792-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2792-1 - Multiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service.

tags | advisory, denial of service, tcp, vulnerability
systems | linux, debian
advisories | CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6340
MD5 | 4bfc3764a24aa7ec749496a87475570b
Ubuntu Security Notice USN-2011-1
Posted Nov 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2011-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
MD5 | 5d11a327210f55e36409796f7b1a09bf
Gentoo Linux Security Advisory 201311-02
Posted Nov 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-2 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Versions less than 4.0.5 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1937, CVE-2013-3238, CVE-2013-3239, CVE-2013-4995, CVE-2013-4996, CVE-2013-4997, CVE-2013-4998, CVE-2013-4999, CVE-2013-5000, CVE-2013-5001, CVE-2013-5002, CVE-2013-5003, CVE-2013-5029
MD5 | 330b515532391effcf2b00638c84f105
Gentoo Linux Security Advisory 201311-01
Posted Nov 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-1 - An unspecified vulnerability in Mednafen could result in the execution of arbitrary code. Versions less than 0.8.13 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2010-3085
MD5 | dd08aede0f5f5b629df382698919a08b
Debian Security Advisory 2791-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2791-1 - Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client has write access.

tags | advisory, local
systems | linux, debian
MD5 | 196f803138298602ee76f92ac26f1181
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Nov 4, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | edb863af2ed4999998e4f613da131af9
Debian Security Advisory 2790-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2790-1 - A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2013-1739
MD5 | 3218c90e23f58456f65158a95a80142f
KDE TOCTOU Vulnerability Case Study
Posted Nov 4, 2013
Authored by x90c

This write up is an in-depth analysis of the CVE-2010-0436 KDE TOCTTOU vulnerability.

tags | paper
advisories | CVE-2010-0436
MD5 | c89ed85b6fbef0c89d335ddf5983516d
pdirl PHP Directory Listing 1.0.4 Cross Site Scripting
Posted Nov 4, 2013
Authored by linc0ln.dll | Site vulnerability-lab.com

pdirl PHP Directory Listing version 1.0.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 090177ba0de83ee16f2797964d834afc
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
Posted Nov 4, 2013
Authored by Oz Elisyan

HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included.

tags | exploit, denial of service, vulnerability, proof of concept, file inclusion, csrf
advisories | CVE-2013-5037, CVE-2013-5038, CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, CVE-2013-5039
MD5 | 5aefda3d5232e4fb3fbf8da14a672ea5
Final Draft 8 File Format Stack Buffer Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however Word in IgnoredWords is the only field to accept mixed-case characters. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
MD5 | 9b7f42a8e2c69c0ac74cb89fdf648f2c
StoryBoard Quick 6 Memory Corruption
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in StoryBoard Quick 6. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
MD5 | 0835edee84e10b7f41972a5f80740f49
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
MD5 | 3b8faf6963fc783e259dc9fc505280d9
WordPress ThisWay Shell Upload
Posted Nov 4, 2013
Authored by Bet0

WordPress ThisWay theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | f779ba064436e771fe7c18cd9f275bb2
Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 4, 2013
Authored by Marcela Benetrix

Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2013-6365, CVE-2013-6364
MD5 | 61a62e5a593fbb47e32c7273968288a7
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close