exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-12-20

EMC Data Protection Advisor JBOSS Remote Code Execution
Posted Dec 20, 2013
Site emc.com

The EMC DPA Illuminator service (DPA_Illuminator.exe) listening on port 8090 (tcp/http) and 8453 (tcp/https) embeds JBOSS servlets (JMXInvokerServlet and EJBInvokerServlet). These JBOSS servlets are vulnerable to a remote code execution vulnerability that allows for execution with NT AUTHORITY\SYSTEM privileges.

tags | advisory, remote, web, tcp, code execution
advisories | CVE-2012-0874
SHA-256 | 9eb60d2f0166c8c5ad74885e575d95784550f7cfa020c432d1df57b5cc8a29c8
Revive Adserver 3.0.1 SQL Injection
Posted Dec 20, 2013
Authored by Matteo Beccati

Revive Adserver versions 3.0.1 and below suffer from a remote SQL injection vulnerability. The XML-RPC delivery invocation script was failing to escape its input parameters in the same way the other delivery methods do, allowing attackers to inject arbitrary SQL code via the "what" parameter of the delivery XML-RPC methods. Also, the escaping technique used to handle such parameter in the delivery scripts was based on the addslashes PHP function and has now been upgraded to use the dedicated escaping functions for the database in use.

tags | advisory, remote, arbitrary, php, sql injection
advisories | CVE-2013-7149
SHA-256 | aae6d650022d7cd159dfd9c7aa3425dd04b9ca82313106207d0a48c48043025f
HP Operations Orchestration Central 9.06 Cross Site Scripting
Posted Dec 20, 2013
Authored by Bart Leppens

HP Operations Orchestration Central version 9.06 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6191, CVE-2013-6192
SHA-256 | 1cce985e37ff678546bdbfc58d9240c9e77f144952a275bef85b1bd85a23cb13
Apple Security Advisory 2013-12-19-1
Posted Dec 20, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-12-19-1 - An integer overflow existed in the handling of .motn files which led to an out of bounds memory access. This issue was addressed through improved bounds checking.

tags | advisory, overflow
systems | apple
advisories | CVE-2013-6114
SHA-256 | 83fb4a6f570da86bd1acecf2795a558c8f827f1a3a1eadb210d497faad840f22
RSA Archer GRC Cross Site Scripting
Posted Dec 20, 2013
Site emc.com

RSA Archer GRC versions 5.4 P2 and 5.4 SP1 contain fixes for multiple cross site scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory, vulnerability, xss
advisories | CVE-2013-6178
SHA-256 | 2ce8ca4e1e93acdd8a8433a7feff22bda50be99dc851f0979581da0574f407d2
Huawei Technologies du Mobile Broadband 16.0 Local Privilege Escalation
Posted Dec 20, 2013
Authored by LiquidWorm | Site zeroscience.mk

du Mobile Broadband version 16.002.03.16.124 suffers from a local privilege escalation vulnerability due to improper permissions.

tags | exploit, local
SHA-256 | 2c70f2ccec1017caae9ab7e58c850bf30dd22596312e63d647efc6b69e032bcc
Java XML Signature Denial Of Service Attack
Posted Dec 20, 2013
Authored by Colm O hEigeartaigh

The Apache Santuario XML Security for Java project is vulnerable to a Denial of Service (DoS) type attack leading to an OutOfMemoryError, which is caused by allowing Document Type Definitions (DTDs) when applying Transforms. From the 1.5.6 release onwards, DTDs will not be processed at all when the "secure validation" mode is enabled.

tags | advisory, java, denial of service
advisories | CVE-2013-4517
SHA-256 | 8718e8b28ba92f0c8d1021a89a00f91b0c89c346b43d6b5dba5031eb339cb16c
MBB CMS 004 Local File Inclusion / SQL Injection
Posted Dec 20, 2013
Authored by cr4wl3r

MBB CMS versions 004 and below suffer from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 398c2a077d4abbc969a441b3fd784add2425de7c3d23257f5dcdd5847b8a0415
Codiad 2.0.7 Cross Site Scripting
Posted Dec 20, 2013
Authored by Project Zero Labs

Codiad version 2.0.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6fd396ea8dd173caabd6c81d45224dd5d0b1746c6bb28918a6904caa9714cd8c
RealPlayer Heap-Based Buffer Overflow
Posted Dec 20, 2013
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack). Versions 16.0.2.32 and 16.0.3.51 are affected.

tags | exploit, remote, arbitrary
advisories | CVE-2013-6877
SHA-256 | 138c669ee28a20c01fad95f2ddae01490a953b8043d0631d15f8c2f418a3d9c1
HP Security Bulletin HPSBGN02950
Posted Dec 20, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02950 - A potential security vulnerability has been identified in HP Autonomy Ultraseek. The vulnerability could be exploited as cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2013-6196
SHA-256 | e4fb0ebcfafaf42700c0a3aacf329b2205389329661f3cecad27218e4cb439bf
Drupal Ubercart 6.x / 7.x Session Fixation
Posted Dec 20, 2013
Authored by mettasoul | Site drupal.org

Drupal Ubercart third party module versions 6.x and 7.x suffer from a session fixation vulnerability.

tags | advisory
SHA-256 | 9ec60eea550b5d680533fd41cd5b758f5099d04826925243e66b12879d6ec282
InfoSec Southwest 2014 Call For Papers
Posted Dec 20, 2013
Authored by Tod Beardsley | Site 2014.infosecsouthwest.com

The InfoSec Southwest 2014 Call For Papers has been announced. The conference will be held April 4th through April 6th, 2014 in Austin, Texas.

tags | paper, conference
SHA-256 | 339a930fc5b597160bf708c5dda8c237525d45a61ee405ab1c0dbb30e4ec22a5
Song Exporter 2.1.1 RS Local File Inclusion
Posted Dec 20, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Song Exporter version 2.1.1 RS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ea65da253d616e40f5ffe502874617705b1161d1a0b2f8c0e9df02a8b9936669
WordPress Persuasion Theme File Download / Deletion
Posted Dec 20, 2013
Authored by Interference Security

WordPress Persuasion Theme suffers from an arbitrary file download and deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | 2a70725a6c45899c35c6c0202c7202b59dda01342cecd7705353378bc1f85037
phpMyRecipes 1.x.x XSS / CSRF / SQL Injection
Posted Dec 20, 2013
Authored by Rafay Baloch, Sikandar Ali

phpMyRecipes version 1.x.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 717dd33446428aed6b6a79a2fadd94fc507d0138e82b80c3ab389ab431f81f92
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close