Exploit the possiblities
Showing 1 - 6 of 6 RSS Feed

Files Date: 2013-11-08

Ubuntu Security Notice USN-2014-1
Posted Nov 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2014-1 - Markus Friedl discovered that OpenSSH incorrectly handled memory when the AES-GCM cipher was used. A remote authenticated attacker could use this issue to execute arbitrary code as their user, possibly bypassing shell or command restrictions.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2013-4548
MD5 | 78284ea9011213acd13b44ab8b042d96
MorXBrute Password Cracker 1.01
Posted Nov 8, 2013
Authored by Simo Ben Youssef

MorXBrute is a customizable HTTP dictionary-based password cracking tool written in Perl. MorXBrute comes with a few payloads for some of the more popular software used and additionally lets you add your own payloads. MorXBrute supports both GET and POST brute forcing.

tags | tool, web, cracker, perl
systems | linux
MD5 | b4ea3c6895b9996b72309cc91a5910f8
OpenSSH 6.3 Memory Corruption
Posted Nov 8, 2013
Authored by Markus Friedl | Site openssh.com

A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations. OpenSSH versions 6.2 and 6.3 are affected when built against an OpenSSL that supports AES-GCM.

tags | advisory, shell, code execution
MD5 | ce64c0daaf503fa105cdbf9b99aa0ad6
Apple Mac OS X 10.9 Memory Corruption
Posted Nov 8, 2013
Authored by cxib@securityreason.com

Apple Mac OS X 10.9 suffers from a hard link memory corruption issue.

tags | advisory
systems | apple, osx
MD5 | 4dc968b3754924a22b157cfe1742feec
WordPress Theme Kernel Shell Upload
Posted Nov 8, 2013
Authored by iskorpitx

WordPress Theme Kernel suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, kernel
MD5 | 91023691c781ac4949ad21cf2e9243a9
VICIdial Manager Send OS Command Injection
Posted Nov 8, 2013
Authored by sinn3r, juan vazquez, Adam Caudill, AverageSecurityGuy | Site metasploit.com

The file agc/manager_send.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru() function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with default passwords and the manager_send.php file has a SQL injection vulnerability that can be used to bypass the session check as long as at least one session has been created at some point in time. In case there isn't any valid session, the user can provide astGUIcient credentials in order to create one. The results of the injected command are returned as part of the response from the web server. Affected versions include 2.7RC1, 2.7, and 2.8-403a. Other versions are likely affected as well. The default credentials used by Vicidial are VDCL/donotedit and VDAD/donotedit.

tags | exploit, web, php, sql injection
advisories | CVE-2013-4467, CVE-2013-4468, OSVDB-98903, OSVDB-98902
MD5 | 90ac7ae6f5ffed1ea1973f1e5da6bb15
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close