what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-02-03

D-Link DIR-100 CSRF / XSS / Disclosure / Authentication
Posted Feb 3, 2014
Authored by Felix Richter

D-Link DIR-100 routers suffer from multiple authentication, credential management, cross site request forgery, cross site scripting, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2013-7051, CVE-2013-7052, CVE-2013-7053, CVE-2013-7054, CVE-2013-7055
SHA-256 | 5fa80f1f29dd7ee9b093fe114dbad9791bd517a36b281032cef564fcfaa79130
Gentoo Linux Security Advisory 201402-02
Posted Feb 3, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-2 - A NVIDIA drivers bug allows unprivileged user-mode software to access the GPU inappropriately, allowing for privilege escalation. Versions less than 331.20 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2013-5986, CVE-2013-5987
SHA-256 | 1e3c861a499a68f06d0140261c9e32db0712c3b211350a7d0382be20fab714e0
Gentoo Linux Security Advisory 201402-03
Posted Feb 3, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-3 - An integer underflow vulnerability in Pixman may allow a context-dependent attacker to cause Denial of Service. Versions less than 0.32.4 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-6425
SHA-256 | f461bacbca80208cfbe40a0793c77b58cae5262018231b8831473e40ed9403a4
Gentoo Linux Security Advisory 201402-01
Posted Feb 3, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-1 - Multiple vulnerabilities have been found in GNU libmicrohttpd, the worst of which may allow execution of arbitrary code. Versions less than 0.9.32 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7038, CVE-2013-7039
SHA-256 | 2dad2ec6046b88c2b3cb81b2f25d75ce3bcd4d5a233d9fe1dfc6e6a6929fa6d7
Ubuntu Security Notice USN-2097-1
Posted Feb 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2097-1 - Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0015
SHA-256 | f11c67854a3104decb402ccf2a1ed533affcd9a766f64d10fe1bad7a0ee4f464
Red Hat Security Advisory 2014-0127-01
Posted Feb 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0127-01 - The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.

tags | advisory, remote, local, xxe
systems | linux, redhat
advisories | CVE-2013-1881
SHA-256 | fcbc112c2011bbfaa630a03173d317b36980caa81e028f8712270b3e2516fabe
Red Hat Security Advisory 2014-0126-01
Posted Feb 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0126-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon performed reference counting when using the rwm overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4449
SHA-256 | 4c6c34a110e573e8c64ef30e2391a60e3e7c5c71a67b50e86f57e1694004e57a
Debian Security Advisory 2851-1
Posted Feb 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2851-1 - Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1475
SHA-256 | 7ff5149651769ab685a8d22ecf1f421379747a2cb78fb7db2b2e6b44399f57ff
MediaWiki 1.22.1 PdfHandler Remote Code Execution
Posted Feb 3, 2014
Authored by Xelenonz, Pichaya Morimoto

MediaWiki versions 1.22.1 and below PdfHandler remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-1610
SHA-256 | b8f79be011bdbd02e08ab7955ce6c1818acfb3f8c4507dda03c263a152a80c2f
WordPress Stop User Enumeration 1.2.4 Bypass
Posted Feb 3, 2014
Authored by Andrew Horton | Site morningstarsecurity.com

The WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.

tags | exploit, bypass
SHA-256 | 2dd78ee648a3793edd606581b3bffa990f070dbc5f3063fd92e079140ca7f33a
Linux 3.4+ CONFIG_X86_X32=y Local Root
Posted Feb 3, 2014
Authored by rebel

Linux 3.4+ local root exploit that spawns a root shell leveraging CONFIG_X86_X32=y.

tags | exploit, shell, local, root
systems | linux
advisories | CVE-2014-0038
SHA-256 | ede5fc0e0b7e794118d72948df2017010eaec9fd53af8390f4d8bde0ec184fa6
MyBB 1.6.12 POST Cross Site Scripting
Posted Feb 3, 2014
Authored by Osanda Malith | Site osandamalith.wordpress.com

MyBB version 1.6.12 POST cross site scripting proof of concept code.

tags | exploit, xss, proof of concept
advisories | CVE-2014-1840
SHA-256 | 22ac595f753a3b43615359eea5fb2740c2bd4df7d83df7fcc165ba5b4fd2435d
LedgerSMB Improper Logout
Posted Feb 3, 2014
Authored by Chris Travers

LedgerSMB versions prior to 1.3.36 suffer from an improper logout vulnerability that can allow for replay attacks.

tags | exploit
SHA-256 | aebd76ca1473ca0c35d7b7dbc17da3b164760cd470cacb9812093262becbfd72
Jetro Cockpit Secure Browsing Code Execution
Posted Feb 3, 2014
Authored by Ronen Zilberman | Site quaji.com

Jetro Cockpit Secure Browsing suffers from a remote code execution vulnerability that affects all workstations using the product.

tags | advisory, remote, code execution
advisories | CVE-2014-1861
SHA-256 | 02e7719dff1c189b4c1a63c2ece790d338fceba4614d30c5eb9f1cc4f0b02e7c
X86_X32 recvmmsg Arbitrary Write Local Root
Posted Feb 3, 2014
Authored by saelo

Linux 3.4+ arbitrary write exploit for CONFIG_X86_X32 that spawns a root shell.

tags | exploit, arbitrary, shell, root
systems | linux
advisories | CVE-2014-0038
SHA-256 | 4fc904f1502158ecb8a6b7cfef323a01f7b9fb01f6ee00d06660c72f407ddd61
Shadowbox Local File Inclusion
Posted Feb 3, 2014
Authored by TUNISIAN CYBER

Shadowbox media view suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.

tags | exploit, local, file inclusion
SHA-256 | b24bcffde0a5b44fc97c46924c491ae72262254441bb6c729b932f7182fd24e9
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close