all things security
Showing 1 - 25 of 343 RSS Feed

Files Date: 2013-11-01 to 2013-11-30

NewsAktuell PressePortal DE SQL Injection
Posted Nov 29, 2013
Authored by Marco Onorati | Site vulnerability-lab.com

NewsAktuell PressePortal DE suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 95905dee3a50f9a74f35d3bbdbaffdce
AndroidOS 4.3 Permission Bypass
Posted Nov 29, 2013
Authored by Curesec Research Team

AndroidOS version 4.3 suffers from a permission bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2013-6271
MD5 | 8d5de2873551aae621cd9345ad0c74ec
Ruckus Access Point Authentication Bypass
Posted Nov 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface. This vulnerability may allow a malicious user to gain unauthorized access to the administrative web interface.

tags | advisory, web, bypass
MD5 | fe8c19610f6b87b155854e6dca5fcb54
LiveZilla Password Disclosure
Posted Nov 29, 2013
Authored by Curesec Research Team

LiveZilla versions prior to 5.1.1.0 suffer from a local password disclosure vulnerability.

tags | advisory, local
advisories | CVE-2013-6223
MD5 | 333a14613778633cb10f4f4083e15be5
LiveZilla Cross Site Scripting
Posted Nov 29, 2013
Authored by Curesec Research Team

LiveZilla versions prior to 5.1.1.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-6224
MD5 | a735912892ad68c49aabfefcdd0fe064
Pastebin CAPTCHA Bypass
Posted Nov 28, 2013
Authored by Scott Arciszewski

Pastebin suffers from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
MD5 | 58e11193feb456c4df2528465f1e0630
Kimai 0.9.2 db_restore.php SQL Injection
Posted Nov 28, 2013
Authored by Brendan Coles, drone | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.

tags | exploit, arbitrary, php, sql injection
MD5 | aec9a8141849e97ce005dc4486ce99e3
Red Hat Security Advisory 2013-1771-01
Posted Nov 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1771-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.3.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4112
MD5 | 3f052eec92a2a487f986d1014eb1717a
Ubuntu Security Notice USN-2035-1
Posted Nov 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2035-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2013-4164, CVE-2013-2065, CVE-2013-2065, CVE-2013-4164
MD5 | a993e5bd40e2e44c864bb09b2e97bc80
Wapiti Web Application Vulnerability Scanner 2.3.0
Posted Nov 27, 2013
Authored by Nicolas Surribas | Site wapiti.sourceforge.net

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

Changes: Wapiti now use the python-requests module for HTTP instead of httplib2. More pythonic code. A HTTPResource class was created to simplify module writing. New template for the HTML report generator. Various other updates and improvements.
tags | tool, web, scanner, vulnerability
systems | unix
MD5 | dd8b0ab120518215abf9c7b22251fd8b
Uptime Agent 5.0.1 Stack Overflow
Posted Nov 27, 2013
Authored by Denis Andzakovic | Site security-assessment.com

Uptime Agent version 5.0.1 suffers from a stack overflow vulnerability. Proof of concept exploit included in this archive.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | 4b29eb1cf7e7aaec72e93dddc3bfd305
Microsoft Tagged Image File Format (TIFF) Integer Overflow
Posted Nov 27, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD value extracted from the TIFF file that is embedded as a drawing in Microsoft Office, and how it gets calculated with user-controlled inputs, and stored in the EAX register. The 32-bit register will run out of storage space to represent the large value, which ends up being 0, but it still gets pushed as a dwBytes argument (size) for a HeapAlloc call. The HeapAlloc function will allocate a chunk anyway with size 0, and the address of this chunk is used as the destination buffer of a memcpy function, where the source buffer is the EXIF data (an extended image format supported by TIFF), and is also user-controlled. A function pointer in the chunk returned by HeapAlloc will end up being overwritten by the memcpy function, and then later used in OGL!GdipCreatePath. By successfully controlling this function pointer, and the memory layout using ActiveX, it is possible to gain arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution, activex
systems | windows, xp
advisories | CVE-2013-3906
MD5 | 7840e627325a5c746a365b34d09b85a9
Chamilo LMS 1.9.6 SQL Injection
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Chamilo LMS version 1.9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6787
MD5 | 659b2bcd10416ef278a831bd79e49b59
Dokeos 2.2 RC2 SQL Injection
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Dokeos version 2.2 RC2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6341
MD5 | 80b299ab60a85543d5e6d76516ba28d6
Claroline 1.11.8 Cross Site Scripting
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Claroline version 1.11.8 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6267
MD5 | a26030a630bc86ca81e5b39f612e1f53
Hack In The Box Amsterdam 2014 Call For Papers
Posted Nov 27, 2013
Site conference.hitb.org

The call for papers for the upcoming Hack in The Box security conference in Amsterdam is now open. It will take place from May 27th through the 30th, 2014.

tags | paper, conference
MD5 | c521b477f7e0ac01a6846070722fc47e
HP Security Bulletin HPSBGN02942
Posted Nov 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02942 - A potential security vulnerability has been identified with HP Service Manager and ServiceCenter. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, remote, code execution
advisories | CVE-2013-4844
MD5 | 894d612501fdd9393aa0880fa3ee071c
Debian Security Advisory 2804-1
Posted Nov 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2804-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured pseudo random number generation, code execution, incorrect security token validation and cross-site scripting.

tags | advisory, vulnerability, code execution, xss
systems | linux, debian
advisories | CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389
MD5 | 0f89d5075b4f21108407d648d1b11702
Mandriva Linux Security Advisory 2013-287
Posted Nov 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-287 - Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Drupal's form API has built-in cross-site request forgery validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances. Various other issues have also been addressed. The updated packages has been upgraded to the 7.24 version which is unaffected by these security flaws.

tags | advisory, csrf
systems | linux, mandriva
advisories | CVE-2013-0316, CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389
MD5 | 6b765b3883a657882c48081af446ce92
Red Hat Security Advisory 2013-1767-01
Posted Nov 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1767-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | ebb935702ad996202cc29ef2059d9141
BZR Player 0.97 DLL Hijack
Posted Nov 27, 2013
Authored by Akin Tosunlar

BZR Player version 0.97 suffers from a dll hijacking vulnerability in codec_mpeg.dll.

tags | exploit
systems | windows
MD5 | 4bbb7e8a7aacf24c3606d8bd6eed6511
Boilsoft RM To MP3 Converter 1.72 Denial Of Service
Posted Nov 27, 2013
Authored by Akin Tosunlar

Boilsoft RM to MP3 Converter version 1.72 crash proof of concept denial of service exploit.

tags | exploit, denial of service, proof of concept
MD5 | bb42377c7b41871af384428727bc9760
ExploitPack Security Framework 2.2a
Posted Nov 27, 2013
Authored by Juan Sacco

Exploit Pack is an open source security framework that combines the benefits of a Java GUI, Python as an Engine, and well-known exploits in the wild. It has an IDE to make the task of developing new exploits easier, instant search, and XML-based modules.

Changes: Updated to version 2.2a.
tags | tool, java, python
systems | unix
MD5 | 1cf6a546914070e74bd67f9c3c7c5505
Wondershare Player 1.6.0 DLL Hijacking
Posted Nov 27, 2013
Authored by Akin Tosunlar

Wondershare Player version 1.6.0 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 5698d24bb5aaff86889743e9bc8561c0
Debian Security Advisory 2803-1
Posted Nov 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2236, CVE-2013-6051
MD5 | fc080bf1a21a3d4d1f98fa51712ccd94
Page 1 of 14
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close