exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-12-07

openSIS 5.2 PHP Code Injection
Posted Dec 7, 2013
Authored by EgiX

openSIS versions 4.5 through 5.2 suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2013-1349
SHA-256 | 42dccb85d42a4ca8903f8b7a25053348c82f5e5ee560bdeb03a693bb4e662dc7
Up.Time Monitoring Station post2file.php Arbitrary File Upload
Posted Dec 7, 2013
Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution.

tags | exploit, arbitrary, php, code execution, file upload
SHA-256 | d0b74701fcce7e5090f2395e4b4a21fcfa54889e063c8a4e83ccc622ec119735
BoxBilling 3.6.11 Cross Site Scripting
Posted Dec 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

BoxBilling suffers from a stored cross site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.6.11 is affected.

tags | exploit, arbitrary, xss
SHA-256 | 79655606b0994b8eb520f94b90ad44a33cf34d99fec9a3b40c90c49f32d15daf
Ubuntu Security Notice USN-2049-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2049-1 - Miroslav Vadkerti discovered a flaw in how the permissions for network sysctls are handled in the Linux kernel. An unprivileged local user could exploit this flaw to have privileged access to files in /proc/sys/net/. A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 5f701e0e3991e00d556fe8c036cde5af0ea754679c09eefb7bdf25b931207b4c
Ubuntu Security Notice USN-2050-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2050-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 8821a1515b5d3a83f986d1b491a7a02d59ae5030a01c256ab95e438a8e7d158a
Gentoo Linux Security Advisory 201312-05
Posted Dec 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-5 - Multiple vulnerabilities have been found in SWI-Prolog which allow attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 6.2.5 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6089, CVE-2012-6090
SHA-256 | b966245694827009ec4e3cd7795b691c5bf39e9dd54ef8c71d9a5da1bf9405a3
Ubuntu Security Notice USN-2048-2
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2048-2 - USN-2048-1 fixed a vulnerability in curl. The security fix uncovered a bug in the curl command line tool which resulted in the --insecure (-k) option not working as intended. This update fixes the problem. Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
SHA-256 | 4474e8d60c223858b9729fdccef9ea6ae4c37bbe6d2c78b8eb1b1a1724900127
Zimbra Local File Inclusion
Posted Dec 7, 2013
Authored by rubina119

Zimbra suffers from a local file inclusion vulnerability that allows for privilege escalation.

tags | exploit, local, file inclusion
systems | linux
SHA-256 | 2659a0a1825bb2dd6a41d50e5742d79152cff966d71b0b2cf147ea01d1e3ecdb
Eaton Network Shutdown Module 3.21 PHP Code Injection
Posted Dec 7, 2013
Authored by Filip Waeytens

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding.

tags | exploit, remote, php, python
advisories | OSVDB-83199
SHA-256 | b6f02d2307906d45fffd57eaf354dfdd170be53826413e1efdb4d4d58e269c8d
D-Link DSR Router Remote Root Shell Overview
Posted Dec 7, 2013
Authored by 0_o

This is a brief overview of the unauthenticated non-persistent remote root shell vulnerability in various D-Link DSR routers. Versions affected include D-Link DSR-150 (Firmware < v1.08B44), D-Link DSR-150N (Firmware < v1.05B64), D-Link DSR-250 and DSR-250N (Firmware < v1.08B44), D-Link DSR-500 and DSR-500N (Firmware < v1.08B77), D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77).

tags | advisory, remote, shell, root
advisories | CVE-2013-5945, CVE-2013-5946
SHA-256 | de55e4448a4bec277f8621aefbf5e5ac01929a5f13a3f4b74cc2b5712046d40e
D-Link DSR Router Remote Root Shell
Posted Dec 7, 2013
Authored by 0_o

D-Link DSR router series remote root shell exploit. Versions affected include D-Link DSR-150 (Firmware < v1.08B44), D-Link DSR-150N (Firmware < v1.05B64), D-Link DSR-250 and DSR-250N (Firmware < v1.08B44), D-Link DSR-500 and DSR-500N (Firmware < v1.08B77), D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77).

tags | exploit, remote, shell, root
advisories | CVE-2013-5945, CVE-2013-5946
SHA-256 | 0ddcd599410d5c9d4349753fb1f66fbb2cd3e9606f56a18a28615b7d3f5dd814
WordPress DZS Video Gallery 3.1.3 Remote File Disclosure
Posted Dec 7, 2013
Authored by aceeeeeeeer

WordPress DZS Video Gallery version 3.1.3 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 7ac0fabd0765512ea8bd5c5c0a08c5da95bc31ec13aec2497b809e6306320323
WordPress Page Flip Image Gallery Shell Upload
Posted Dec 7, 2013
Authored by Ashiyane Digital Security Team

WordPress Page Flip Image Gallery plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5cea65720b786bc3c060b33d2c65dfd3cd4d87af8bff8fabef4ba7edde5ae817
VMware Security Advisory 2013-0015
Posted Dec 7, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0015 - VMware has updated several third party libraries in ESX that address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-2372, CVE-2012-3552, CVE-2013-0791, CVE-2013-1620, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237
SHA-256 | 9cbb7e964e769cddfce1c1997789d4b756c22716732fb468d12565b5df47420d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close