what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-11-04

Practico 13.9 XSS / CSRF / SQL Injection
Posted Nov 4, 2013
Authored by LiquidWorm | Site zeroscience.mk

Practico version 13.9 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | ff9142aad0a2a97aa39c95d5224216c432ff5d621e823fbd324fbcf88aae580f
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.

tags | exploit, overflow
SHA-256 | 1300424762c6a67dc6fa5b84891cd5d5326609e31ed49f16b15f85a4eadefc6f
Bluelog Bluetooth Scanner/Logger 1.1.2
Posted Nov 4, 2013
Authored by Tom Nardi | Site digifail.com

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.

Changes: This minor release primarily dealt with visual and functional improvements to Bluelog Live mode. Bluelog Live now has a new default theme, as well as a novelty theme for fun, and there is improved support for more complex themes. README.LIVE was updated with more information. There was also documentation improvement and pruning across the board, a new target for the Pwnie Express Pwn Pad, and a fix for a critical bug with the obfuscate (-x) function.
tags | tool, web, wireless
systems | unix
SHA-256 | 9750b007daffaffecea3b8dd2332bf74cc24955c307861197a20d04d845bc412
HP Security Bulletin HPSBMU02931 2
Posted Nov 4, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02931 2 - A potential security vulnerability has been identified with HP Service Manager. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Note: this Service Manager update includes updated Apache Tomcat, OpenSSL, Oracle JRE that addresses security issues in those components. Revision 2 of this advisory.

tags | advisory, remote, arbitrary, vulnerability, xss
advisories | CVE-2013-4830, CVE-2013-4831, CVE-2013-4832, CVE-2013-4833
SHA-256 | 9a8fb879edbf5b36709d0ff1ef662419adf5550c3805fe3ba5ca0df8146ef1d4
Apache Tomcat 5.5.25 Cross Site Request Forgery
Posted Nov 4, 2013
Authored by Ivano Binetti

Apache Tomcat version 5.5.25 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2013-6357
SHA-256 | 3b4c8cfd49efc14d10b5b4f7153524eef6ad2a708d0e0998b67b8820bfb36e18
eCryptfs write_tag_3_packet Heap Buffer Overflow
Posted Nov 4, 2013
Authored by x90c

eCryptfs in Linux kernel version 2.6.18 suffer from a write_tag_3_packet heap buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux
SHA-256 | 015570f2ec233897e40a39fd6d6b1250c0412b0d3c5a7f74de150f8212dc2cf0
Debian Security Advisory 2789-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2789-1 - A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6075
SHA-256 | 586a0bce476ab0f9d1d501398d7c14fee3d4b555a7aaf91a10775d9a3ae369a9
Red Hat Security Advisory 2013-1500-01
Posted Nov 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1500-01 - gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-2673
SHA-256 | 98163433f0f4fa97f8a768c780a3779f28965a348ea070cf769d1d97cbff3ca1
Debian Security Advisory 2792-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2792-1 - Multiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service.

tags | advisory, denial of service, tcp, vulnerability
systems | linux, debian
advisories | CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6340
SHA-256 | 1cb18f981647ba2840d21deda75d552697a50a003485b8d0d5f762fe6851aa59
Ubuntu Security Notice USN-2011-1
Posted Nov 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2011-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
SHA-256 | ee33103ea32047aabd67286280ca92fbf6c53d39f17883d82e769c15f0cb30d5
Gentoo Linux Security Advisory 201311-02
Posted Nov 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-2 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Versions less than 4.0.5 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1937, CVE-2013-3238, CVE-2013-3239, CVE-2013-4995, CVE-2013-4996, CVE-2013-4997, CVE-2013-4998, CVE-2013-4999, CVE-2013-5000, CVE-2013-5001, CVE-2013-5002, CVE-2013-5003, CVE-2013-5029
SHA-256 | bdc5fc2fd976e67643d39f9d1d11505fb74cb58060d3a64f0597fbc5774c8c45
Gentoo Linux Security Advisory 201311-01
Posted Nov 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-1 - An unspecified vulnerability in Mednafen could result in the execution of arbitrary code. Versions less than 0.8.13 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2010-3085
SHA-256 | c87bf61942aeac0ca7002a2e507a96106c3fb84f253d1e9eae47399a70d83bc6
Debian Security Advisory 2791-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2791-1 - Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client has write access.

tags | advisory, local
systems | linux, debian
SHA-256 | 663ce20e4298f6b60c0aa736c72f904ed78e769610e2fd1985b52451b2d339bc
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Nov 4, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 15e5db74df2499a8f6408c6a71f23d428b6ab44c9edf65b67b223e4fd1c2b310
Debian Security Advisory 2790-1
Posted Nov 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2790-1 - A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2013-1739
SHA-256 | db345cda909e009ee371bb5edb764ae631ec33d4b18a27048a2278b04a991f80
KDE TOCTOU Vulnerability Case Study
Posted Nov 4, 2013
Authored by x90c

This write up is an in-depth analysis of the CVE-2010-0436 KDE TOCTTOU vulnerability.

tags | paper
advisories | CVE-2010-0436
SHA-256 | 38416e656eed90eb727e8283a9b7f15d42bbf88b4930302e3793941e698ff9c6
pdirl PHP Directory Listing 1.0.4 Cross Site Scripting
Posted Nov 4, 2013
Authored by linc0ln.dll, Vulnerability Laboratory | Site vulnerability-lab.com

pdirl PHP Directory Listing version 1.0.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
SHA-256 | d502495c1f4d1697a4162c75518ef6cb8992eb9acf45eec537d6037429800847
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
Posted Nov 4, 2013
Authored by Oz Elisyan

HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included.

tags | exploit, denial of service, vulnerability, proof of concept, file inclusion, csrf
advisories | CVE-2013-5037, CVE-2013-5038, CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, CVE-2013-5039
SHA-256 | 585492350dc0303ed89cfacabf2156926a2aaab57dd7657dc750ff289331075a
Final Draft 8 File Format Stack Buffer Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however Word in IgnoredWords is the only field to accept mixed-case characters. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
SHA-256 | 1b1e0b81bd8090ce9c13897364857d059b72e2077047d444b433511ccd5550d8
StoryBoard Quick 6 Memory Corruption
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in StoryBoard Quick 6. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
SHA-256 | be9f8f5b5e74ec032e061db1790ee6ae7ad5663dd6c25860b0832e0efd98f2d3
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
SHA-256 | 1300424762c6a67dc6fa5b84891cd5d5326609e31ed49f16b15f85a4eadefc6f
WordPress ThisWay Shell Upload
Posted Nov 4, 2013
Authored by Bet0

WordPress ThisWay theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 31b78f33e27ae904cd02bab021a4d0a640af569124695769127916982f012b39
Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 4, 2013
Authored by Marcela Benetrix

Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2013-6365, CVE-2013-6364
SHA-256 | dd24a88d788e980195e0a44141c64d9bf298fcce07e32cd2183b93efd0a7206d
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close