exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-12-05

Whowatch 1.8.5
Posted Dec 5, 2013
Authored by Michal Suszycki | Site wizard.ae.krakow.pl

Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.

Changes: Various updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | 4554002d32644cd94228e9a5d7c1b0dbe998b92b445afaaffb4b8e89df0a1e51
Lynis Auditing Tool 1.3.6
Posted Dec 5, 2013
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release added many new features, including an extension of support for *BSD systems like DragonFly BSD, FreeBSD, NetBSD, and OpenBSD. New support was provided for elementary OS (Luna) along with several new Apache tests, OSSEC, and the dntpd time daemon. New functions have been added to compact the code and simplify development. Smaller bugs have been fixed. Logging and reporting was extended, the man page updated, and screen display improved. Under the hood minor adjustments have been made to support systems which are slightly different, such as those missing the dig binary.
tags | tool, scanner
systems | unix
SHA-256 | 317112d0375dbc9e23be2e255ee187af8d0fa5fb29299abfe8b8d130b8d1d88d
Drupal OG Features 6.x Access Bypass
Posted Dec 5, 2013
Authored by Andrey Tretyakov | Site drupal.org

Drupal OG Features third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 0e46e3aa1239d74e1e346db1ed3c16a5436a8b0d549a254953a7cbcd791f0346
Debian Security Advisory 2810-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2810-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, arbitrary, ruby
systems | linux, debian
advisories | CVE-2013-4164
SHA-256 | 28b019f524a64743ec460f68ab70ab7ac979705a857dececbe230f6b35ef3745
Debian Security Advisory 2809-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073, CVE-2013-4164
SHA-256 | 8cf75779505f2c2d90a0e3c0b819ef71e8ce28e7a5c7874d20b80f024dd05ae3
Red Hat Security Advisory 2013-1786-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1786-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
SHA-256 | b4239fdd2a4e71d1e6e62e00895c7cfbae6457fb0cc3b5342e9886c01cac6a50
Red Hat Security Advisory 2013-1785-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1785-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
SHA-256 | ea3902bc07a3ee86db91f430c81eab792bb3089be615154451b8e02cc89d0b4e
Red Hat Security Advisory 2013-1784-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1784-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
SHA-256 | 3d79d871d2630b48e2fc1c3b93e55f5a17daeb2857f7bdc2bfb3a25dcecc22dc
Amazon Application Store / AWS/ECS2 Vulnerabilities
Posted Dec 5, 2013
Authored by Larry W. Cashdollar

The Try Before You Buy feature in Amazon's Application Store allows an external party to test software prior to download. Poor sandboxing and failed security controls allowed a malicious attacker the ability to perform portscanning of AWS backend services, spawn rogue services in the AWS cloud, and much more.

tags | advisory
SHA-256 | d565b306507e35d03c17757cc4c999aeb15676ec12278c2bf3d330d3c0b7bde0
Steinberg MyMp3PRO 5.0 SEH Buffer Overflow
Posted Dec 5, 2013
Authored by metacom

Steinberg MyMp3PRO version 5.0 SEH buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
SHA-256 | 39cc361df2f7063c2a12126f69d1fce7c8ec59f9b90439dd624ddd4fc9dc2b37
Steinberg MyMp3PRO 5.0 DEP Bypass With ROP
Posted Dec 5, 2013
Authored by metacom

Steinberg MyMp3PRO version 5.0 buffer overflow exploit that has DEP bypass with ROP that creates a malicious .m3u file.

tags | exploit, overflow
SHA-256 | 6ed484da87761424edd593c4eda2edde913572148dc573edc72c6208909dd7d8
Steinberg MyMp3PRO 5.0 Buffer Overflow
Posted Dec 5, 2013
Authored by metacom

Steinberg MyMp3PRO version 5.0 buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
SHA-256 | 5e542aa5f8d2e6093b778202d1177da67ab540039859bcd4a9b9ca808e97ccc2
Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection
Posted Dec 5, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Imagam iFiles version 1.16.0 suffers from file inclusion, command injection, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, file inclusion
SHA-256 | ed2c4d8a6ab28dcf41160d1347652e9faaa885ec6c322da030d20dda9486f46c
HTMLPurifier 4.5.0 Hash Length Extension
Posted Dec 5, 2013
Authored by Arseny Reutov | Site ptsecurity.com

HTMLPurifier version 4.5.0 suffers from a hash length extension attack that allows for signature forgery.

tags | advisory
SHA-256 | 4bd1df9be9ff5c6ca4be402f6cdef80c798e6ed1767e39b883afeccdc7ce7777
Joomla Hotornot2 Shell Upload
Posted Dec 5, 2013
Authored by DevilScreaM

Joomla Hotornot2 component suffers from a remote code execution vulnerability via a shell upload.

tags | exploit, remote, shell, code execution
SHA-256 | 57c6ef0042333393f7da14f257ea50e899e05e9b18c943bee6131f7ad579b185
VMware Security Advisory 2013-0014
Posted Dec 5, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0014 - VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.

tags | advisory
systems | windows
advisories | CVE-2013-3519
SHA-256 | 8f9cff72a0ccf5698417351f83db26499274ced107b280c2dbb84eec5ebddcb1
McAfee Email Gateway 7.6 Command Execution / SQL Injection
Posted Dec 5, 2013
Authored by Brandon Perry

McAfee Email Gateway version 7.6 suffers from remote command execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 7172a81dff8369131711642e7e104a07c0f78271d32b91deced3c5b456750eb2
Hex Workshop 6.7 DLL Hijack
Posted Dec 5, 2013
Authored by Akin Tosunlar, Ozgur Yurdusev

Hex Workshop version 6.7 suffers from a DLL hijacking vulnerability in mfc100trk.dll.

tags | exploit
systems | windows
SHA-256 | a7a06b23d049b283e43ac0d132546939d1d79909e8a873ee076c44624473b01d
OpenCart 1.5.6 File Upload / XSS / Path Disclosure
Posted Dec 5, 2013
Authored by trueend5

OpenCart version 1.5.6 suffers from cross site scripting, path disclosure, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, info disclosure, file upload
SHA-256 | 371e1add9d841cd724ecebaaf12aa30d8f618c80bf66d43adecbdfa1460b8157
Pytacle Alpha2
Posted Dec 5, 2013
Authored by Daniel Mende

pytacle is a tool inspired by tentacle. It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. All You need is a USRP (or similar) to capture the GSM band and a kraken instance with the berlin tables (only about 2TB).

Changes: Support of RTLSDR sticks, possibility to scan for cells around you, and more.
tags | tool, wireless
systems | unix
SHA-256 | cead6750ebf4e048bedf3785c081a076646d9ac0c3cbb69969ede77feb3833c6
MySQL 5.0.x Denial Of Service
Posted Dec 5, 2013
Authored by Neil Kettle

MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability.

tags | exploit, remote, denial of service
advisories | CVE-2007-2583, OSVDB-34734
SHA-256 | fbd9482c8025c99f1db3846350ceee2b43d7498a1499d6e009ebd5dfd16c551d
Digital Whisper Electronic Magazine #47
Posted Dec 5, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 47. Written in Hebrew.

tags | magazine
SHA-256 | 6c05dbfa043193bf308c38da837ded56ea5b98da8239be75495c8763472823ca
Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
Posted Dec 5, 2013
Authored by ryujin

Microsoft Windows NDPROXY local SYSTEM privilege escalation exploit.

tags | exploit, local
systems | windows
advisories | CVE-2013-5065
SHA-256 | dd6bdb68bcaccda8d1acd0e40e21c622c59fee9f99c088434f4131899b2cdfed
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close