accept no compromises
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-12-20

EMC Data Protection Advisor JBOSS Remote Code Execution
Posted Dec 20, 2013
Site emc.com

The EMC DPA Illuminator service (DPA_Illuminator.exe) listening on port 8090 (tcp/http) and 8453 (tcp/https) embeds JBOSS servlets (JMXInvokerServlet and EJBInvokerServlet). These JBOSS servlets are vulnerable to a remote code execution vulnerability that allows for execution with NT AUTHORITY\SYSTEM privileges.

tags | advisory, remote, web, tcp, code execution
advisories | CVE-2012-0874
MD5 | ec2e558613dd8dd72e775bc2ab9742b9
Revive Adserver 3.0.1 SQL Injection
Posted Dec 20, 2013
Authored by Matteo Beccati

Revive Adserver versions 3.0.1 and below suffer from a remote SQL injection vulnerability. The XML-RPC delivery invocation script was failing to escape its input parameters in the same way the other delivery methods do, allowing attackers to inject arbitrary SQL code via the "what" parameter of the delivery XML-RPC methods. Also, the escaping technique used to handle such parameter in the delivery scripts was based on the addslashes PHP function and has now been upgraded to use the dedicated escaping functions for the database in use.

tags | advisory, remote, arbitrary, php, sql injection
advisories | CVE-2013-7149
MD5 | d48e78efcb0beaabb18b60baa130c7b2
HP Operations Orchestration Central 9.06 Cross Site Scripting
Posted Dec 20, 2013
Authored by Bart Leppens

HP Operations Orchestration Central version 9.06 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6191, CVE-2013-6192
MD5 | 5b16128cd669e13cc8452ebcb4c651e4
Apple Security Advisory 2013-12-19-1
Posted Dec 20, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-12-19-1 - An integer overflow existed in the handling of .motn files which led to an out of bounds memory access. This issue was addressed through improved bounds checking.

tags | advisory, overflow
systems | apple
advisories | CVE-2013-6114
MD5 | 9b47ccd555ac8745c8a05527290f3906
RSA Archer GRC Cross Site Scripting
Posted Dec 20, 2013
Site emc.com

RSA Archer GRC versions 5.4 P2 and 5.4 SP1 contain fixes for multiple cross site scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory, vulnerability, xss
advisories | CVE-2013-6178
MD5 | fb3aaa00ca00b2184c2b5d8e999236ad
Huawei Technologies du Mobile Broadband 16.0 Local Privilege Escalation
Posted Dec 20, 2013
Authored by LiquidWorm | Site zeroscience.mk

du Mobile Broadband version 16.002.03.16.124 suffers from a local privilege escalation vulnerability due to improper permissions.

tags | exploit, local
MD5 | 9e1f8d74af97a0015ccd2c9d28f417c9
Java XML Signature Denial Of Service Attack
Posted Dec 20, 2013
Authored by Colm O hEigeartaigh

The Apache Santuario XML Security for Java project is vulnerable to a Denial of Service (DoS) type attack leading to an OutOfMemoryError, which is caused by allowing Document Type Definitions (DTDs) when applying Transforms. From the 1.5.6 release onwards, DTDs will not be processed at all when the "secure validation" mode is enabled.

tags | advisory, java, denial of service
advisories | CVE-2013-4517
MD5 | b5177b38c19828293b490a9405b88cd7
MBB CMS 004 Local File Inclusion / SQL Injection
Posted Dec 20, 2013
Authored by cr4wl3r

MBB CMS versions 004 and below suffer from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 6da8609b0bced035b444a326279e6847
Codiad 2.0.7 Cross Site Scripting
Posted Dec 20, 2013
Authored by Project Zero Labs

Codiad version 2.0.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5b94f29704d77d275245e1abac40eab2
RealPlayer Heap-Based Buffer Overflow
Posted Dec 20, 2013
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack). Versions 16.0.2.32 and 16.0.3.51 are affected.

tags | exploit, remote, arbitrary
advisories | CVE-2013-6877
MD5 | 510305fc8d10071f60966c26c86134af
HP Security Bulletin HPSBGN02950
Posted Dec 20, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02950 - A potential security vulnerability has been identified in HP Autonomy Ultraseek. The vulnerability could be exploited as cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2013-6196
MD5 | bf54a761bb7f4e88cb967285b845d5c6
Drupal Ubercart 6.x / 7.x Session Fixation
Posted Dec 20, 2013
Authored by mettasoul | Site drupal.org

Drupal Ubercart third party module versions 6.x and 7.x suffer from a session fixation vulnerability.

tags | advisory
MD5 | 7087a055200166e3887647fecfbceee7
InfoSec Southwest 2014 Call For Papers
Posted Dec 20, 2013
Authored by Tod Beardsley | Site 2014.infosecsouthwest.com

The InfoSec Southwest 2014 Call For Papers has been announced. The conference will be held April 4th through April 6th, 2014 in Austin, Texas.

tags | paper, conference
MD5 | e913ee47bc467cd8f674e127a1abb794
Song Exporter 2.1.1 RS Local File Inclusion
Posted Dec 20, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Song Exporter version 2.1.1 RS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 7e39fa8b3746a65c5e4b3f7fb29b6a66
WordPress Persuasion Theme File Download / Deletion
Posted Dec 20, 2013
Authored by Interference Security

WordPress Persuasion Theme suffers from an arbitrary file download and deletion vulnerability.

tags | exploit, arbitrary
MD5 | 25f3c687935b96e4b118b3614209b239
phpMyRecipes 1.x.x XSS / CSRF / SQL Injection
Posted Dec 20, 2013
Authored by Rafay Baloch, Sikandar Ali

phpMyRecipes version 1.x.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | bccdc737419ad1f7f6b275394eb77113
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close