exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2013-11-12

Red Hat Security Advisory 2013-1514-01
Posted Nov 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1514-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-4480
MD5 | 17f4f59dacb3793b457dac4eb9a9d348
Ubuntu Security Notice USN-2028-1
Posted Nov 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2028-1 - James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures.

tags | advisory, java, spoof
systems | linux, ubuntu
advisories | CVE-2013-2172
MD5 | 4ea28a1e782afebee727a01315b3abf0
Troopers 14 Call For Papers
Posted Nov 12, 2013
Site troopers.de

Call For Papers for Troopers 2014 - The conference will be held in Heidelberg, Germany from March 19th through the 20th, 2014.

tags | paper, conference
MD5 | d5bf5a1215e73780bbc5a95a62c7777c
Microsoft CryptoAPI / Outlook 2007-2013 Design Bug
Posted Nov 12, 2013
Authored by Alexander Klink

A design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.

tags | advisory, web
advisories | CVE-2013-3870
MD5 | 0a1fe0e02125c165a77673a232791a2b
Microsoft Security Bulletin Release For November, 2013
Posted Nov 12, 2013
Site microsoft.com

This bulletin summary lists 8 released Microsoft security bulletins for November, 2013.

tags | advisory
MD5 | 16a84d350b20a3cb78c08e0f144a2458
Red Hat Security Advisory 2013-1513-01
Posted Nov 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1513-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The rhn-java-sat packages contain the code for the Java version of the Red Hat Network Satellite Web site. It was found that the web interface provided by Red Hat Network Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-4480
MD5 | 27d8266ffa5243ac9017bb05373b295f
Ubuntu Security Notice USN-2027-1
Posted Nov 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2027-1 - Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4282
MD5 | d8220aae4b163a72691a775d58abaa14
IJG jpeg6b / libjpeg-turbo Uninitialized Memory
Posted Nov 12, 2013
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).

tags | advisory
advisories | CVE-2013-6629, CVE-2013-6630
MD5 | c74e7593702f247838a41cf95581a50f
ZoneDirector Code Injection
Posted Nov 12, 2013
Authored by Ruckus Product Security Team

A vulnerability has been discovered in ZoneDirector controllers (ZD) which may allow an attacker to inject malicious code via controller's admin web interface. The attacker needs access to an authenticated admin session with ZD's web interface for carrying out this attack. Affected software includes versions 9.3.x, 9.4.x, 9.5.x, and 9.6.x.

tags | advisory, web
MD5 | 2ee133aff19c9cedcb230a6fd9739d6d
VideoSpirit Lite 1.77 SEH Buffer Overflow
Posted Nov 12, 2013
Authored by metacom

VideoSpirit Lite version 1.77 SEH buffer overflow exploit that creates a malicious visprj file.

tags | exploit, overflow
MD5 | 41e5dd65ff9d7089c7e76112efe42351
VideoSpirit Pro 1.90 SEH Buffer Overflow
Posted Nov 12, 2013
Authored by metacom

VideoSpirit Pro version 1.90 SEH buffer overflow exploit that creates a malicious visprj file.

tags | exploit, overflow
MD5 | 6529dda7572e0903e5f75c3e7e58bd9c
Fortianalyzer VM / Appliance 5.0.4 Cross Site Request Forgery
Posted Nov 12, 2013
Authored by William Costa

Fortianalyzer VM / appliance version 5.0.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | dfdaee9c447cd4a45d8091b73185e758
ALLPlayer 5.6.2 SEH Buffer Overflow
Posted Nov 12, 2013
Authored by metacom, Mike Czumak

ALLPlayer version 5.6.2 SEH buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
MD5 | 0c37a6ee1c4481c2fe076365b1bb5125
JunOS 11.4 Cross Site Scripting
Posted Nov 12, 2013
Authored by Andrea Bodei | Site A2secure.com

JunOS versions up to 11.4 (and possibly 12.1 and 12.3) suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0b205624bcfe2d4ce3783275cf9ce6b6
Plogue Sforzando 1.665 Buffer Overflow
Posted Nov 12, 2013
Authored by Mike Czumak

Plogue Sforzando version 1.665 SEH buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | c7f7905ecbdedf60b19ebab871be7047
Beleth SSH Password Auditing Tool
Posted Nov 12, 2013
Authored by stderr | Site chokepoint.net

Beleth is a fast multi-threaded SSH password auditing tool. It out performs Ncrack and THC-Hydra in speed.

tags | tool, cracker
MD5 | 333cf76a62edf0189bb3738c191d161d
WordPress Theme Kernel Shell Upload
Posted Nov 12, 2013
Authored by Black Devils | Site metasploit.com

This Metasploit module exploits a vulnerability found in WP Theme Kernel. By abusing the upload-handler.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, kernel, php, code execution
MD5 | 33f07f00fb7e5cfe47d68a1d54cbe8bd
WordPress Curvo Theme Shell Upload
Posted Nov 12, 2013
Authored by Black Devils | Site metasploit.com

This Metasploit module exploits a vulnerability found in WP Curvo Theme. By abusing the upload-handler.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
MD5 | 54026e7cfe62aad25a32bb63852f9ca1
Provj 5.1.5.8 Buffer Overflow
Posted Nov 12, 2013
Authored by Necmettin COSKUN

Provj version 5.1.5.8 buffer overflow proof of concept denial of service exploit that generates a malicious .m3u file.

tags | exploit, denial of service, overflow, proof of concept
MD5 | d491d18093fadf965898f30de580e937
Bypassing AddressSanitizer
Posted Nov 12, 2013
Authored by Eric Wimberley | Site glidersecurity.com

This paper evaluates AddressSanitizer as a next generation memory corruption prevention framework. It provides demonstrable tests of problems that are fixed, as well as problems that still exist.

tags | paper
MD5 | d46984f2a38d7ecc4a990a6d172f1cf6
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close