the original cloud security
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-12-07

openSIS 5.2 PHP Code Injection
Posted Dec 7, 2013
Authored by EgiX

openSIS versions 4.5 through 5.2 suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2013-1349
MD5 | d3caebab3ffea990f9754fa5fabdc247
Up.Time Monitoring Station post2file.php Arbitrary File Upload
Posted Dec 7, 2013
Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution.

tags | exploit, arbitrary, php, code execution, file upload
MD5 | 535b0d2266769bd6434a5a03a17a5cd8
BoxBilling 3.6.11 Cross Site Scripting
Posted Dec 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

BoxBilling suffers from a stored cross site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.6.11 is affected.

tags | exploit, arbitrary, xss
MD5 | 224cc5ee294ff40143c80b0553c12515
Ubuntu Security Notice USN-2049-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2049-1 - Miroslav Vadkerti discovered a flaw in how the permissions for network sysctls are handled in the Linux kernel. An unprivileged local user could exploit this flaw to have privileged access to files in /proc/sys/net/. A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
MD5 | 9fc5b89d896f3ac5ab064e519790ea9c
Ubuntu Security Notice USN-2050-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2050-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
MD5 | e43d4b995337ec0afbfcd0c6c7caf8f8
Gentoo Linux Security Advisory 201312-05
Posted Dec 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-5 - Multiple vulnerabilities have been found in SWI-Prolog which allow attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 6.2.5 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6089, CVE-2012-6090
MD5 | f416ffdace34178dc5801518704f3d0d
Ubuntu Security Notice USN-2048-2
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2048-2 - USN-2048-1 fixed a vulnerability in curl. The security fix uncovered a bug in the curl command line tool which resulted in the --insecure (-k) option not working as intended. This update fixes the problem. Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | da6d5e16de36b1277e3209cbc41133bf
Zimbra Local File Inclusion
Posted Dec 7, 2013
Authored by rubina119

Zimbra suffers from a local file inclusion vulnerability that allows for privilege escalation.

tags | exploit, local, file inclusion
systems | linux
MD5 | ed784553a4706bf3393b26fcd1d1f42b
Eaton Network Shutdown Module 3.21 PHP Code Injection
Posted Dec 7, 2013
Authored by Filip Waeytens

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding.

tags | exploit, remote, php, python
advisories | OSVDB-83199
MD5 | 3902c1ac4688f3511238d79a51488ab6
D-Link DSR Router Remote Root Shell Overview
Posted Dec 7, 2013
Authored by 0_o

This is a brief overview of the unauthenticated non-persistent remote root shell vulnerability in various D-Link DSR routers. Versions affected include D-Link DSR-150 (Firmware < v1.08B44), D-Link DSR-150N (Firmware < v1.05B64), D-Link DSR-250 and DSR-250N (Firmware < v1.08B44), D-Link DSR-500 and DSR-500N (Firmware < v1.08B77), D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77).

tags | advisory, remote, shell, root
advisories | CVE-2013-5945, CVE-2013-5946
MD5 | 06d88b1f171a83bbb10d75321ef81155
D-Link DSR Router Remote Root Shell
Posted Dec 7, 2013
Authored by 0_o

D-Link DSR router series remote root shell exploit. Versions affected include D-Link DSR-150 (Firmware < v1.08B44), D-Link DSR-150N (Firmware < v1.05B64), D-Link DSR-250 and DSR-250N (Firmware < v1.08B44), D-Link DSR-500 and DSR-500N (Firmware < v1.08B77), D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77).

tags | exploit, remote, shell, root
advisories | CVE-2013-5945, CVE-2013-5946
MD5 | 408c764bcdd3f5ca78899702fe5e1176
WordPress DZS Video Gallery 3.1.3 Remote File Disclosure
Posted Dec 7, 2013
Authored by aceeeeeeeer

WordPress DZS Video Gallery version 3.1.3 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 5a3c0310c469646447b57fb58c60e639
WordPress Page Flip Image Gallery Shell Upload
Posted Dec 7, 2013
Authored by Ashiyane Digital Security Team

WordPress Page Flip Image Gallery plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 63eff4861b0fc36ad10a75a2822af1cd
VMware Security Advisory 2013-0015
Posted Dec 7, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0015 - VMware has updated several third party libraries in ESX that address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-2372, CVE-2012-3552, CVE-2013-0791, CVE-2013-1620, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237
MD5 | fd9260b02dde1bdf6e738dc7777eb251
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close