seeing is believing
Showing 26 - 50 of 610 RSS Feed

Files Date: 2013-02-01 to 2013-02-28

Archlinux/x86-64 3.3.x-3.7.x x86-64 sock_diag_handlers[] Local Root
Posted Feb 26, 2013
Authored by sd

Local root exploit for Archlinux that allows an unprivileged user to take over control in kernel mode due to an out-of-bounds access of the sock_diag_handlers[] array. Works reliably against x86-64 3.3-3.7.

tags | exploit, x86, kernel, local, root
advisories | CVE-2013-1763
MD5 | f38c7c832635834f88b0ae806b01f1b0
War FTP Daemon 1.82 Denial Of Service
Posted Feb 26, 2013
Authored by Jarle Aase | Site warftp.org

War FTP Daemon version 1.82 suffers from a denial of service vulnerability in the way log messages are relayed from the internal log handler to the Windows Event log when the server is running as a Windows service.

tags | advisory, denial of service
systems | windows
MD5 | 6bc4bbfc45acff96a5361f41142b2311
Glossword 1.8.12 Arbitrary File Upload
Posted Feb 26, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.

tags | exploit, arbitrary, file upload
advisories | OSVDB-89960
MD5 | 4f1934a968cdbb5fa314b491cfd0ec99
Ubuntu Security Notice USN-1748-1
Posted Feb 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1748-1 - Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Thunderbird. Frederik Braun discovered that Thunderbird made the location of the active browser profile available to JavaScript workers. Scripting for Thunderbird is disabled by default in Ubuntu. Various other issues were also addressed.

tags | advisory, remote, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0781, CVE-2013-0782, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
MD5 | 222a2787ebfd9fbde327d534cebe49b8
Debian Security Advisory 2629-1
Posted Feb 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2629-1 - Multiple OpenJPEG issues have been addressed. Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images.

tags | advisory, overflow
systems | linux, redhat, debian
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
MD5 | 4f5d06776a38ea17a780617c267065b1
Microsoft Windows OLE Automation Remote Code Execution
Posted Feb 26, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the "SysAllocStringLen()" function within the "Oleaut32.dll" (Object Linking and Embedding Automation) library, which could allow remote attackers to execute arbitrary code via a specially crafted web page or Office document.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
MD5 | 283b0bcfcdbdbdb90253fe5d10c11043
Apache Maven 3.0.4 Insecure SSL Mode
Posted Feb 25, 2013
Authored by Graham Leggett

Apache Maven version 3.0.4 (with Apache Maven Wagon version 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.

tags | advisory
advisories | CVE-2013-0253
MD5 | 3aa3975e68b5aa96cf0fc344f93e6d1b
Kordil EDMS 2.2.60rc3 Arbitrary File Upload
Posted Feb 25, 2013
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in Kordil EDMS version 2.2.60rc3. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the '/kordil_edms/userpictures/' directory.

tags | exploit, arbitrary
MD5 | 33ad49a9cc2ea906a39ccf8cd2cbeb28
PolarPearCms PHP File Upload
Posted Feb 25, 2013
Authored by Fady Mohamed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in PolarPear CMS. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution, file upload
advisories | CVE-2013-0803
MD5 | 9c1bc86a33b371e22501e3da5154018e
CONFidence 2013 Call For Papers
Posted Feb 25, 2013
Site 2013.confidence.org.pl

CONFidence 2013 Call For Papers - This conference will take place from May 28th through the 29th, 2013 in Krakow, Poland.

tags | paper, conference
MD5 | 420dc86e0490b9215d82b17ec4eb1c1a
MTP Poll 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Poll version 1.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 68eefe17b17528488410f7a6ecfa8444
MTP Guestbook 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Guestbook version 1.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 105818be5c7cf73cae884d21ed6236c6
MTP Image Gallery 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Image Gallery version 1.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 132d1afc88bdb70f0d87841956cae140
Debian Security Advisory 2631-1
Posted Feb 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2631-1 - Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi.

tags | advisory, web, denial of service, cgi, memory leak
systems | linux, debian
advisories | CVE-2012-5643, CVE-2013-0189
MD5 | df10306a30bcb3a990ed2d91b55b6afe
Java Applet JMX Remote Code Execution
Posted Feb 25, 2013
Authored by Adam Gowdiak, juan vazquez, SecurityObscurity | Site metasploit.com

This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

tags | exploit, java, arbitrary
advisories | CVE-2013-0431, OSVDB-89613
MD5 | 8f755d5ec685451214b1ccb81d296451
phpMyRecipes 1.2.2 Cross Site Scripting
Posted Feb 25, 2013
Authored by PDS

phpMyRecipes version 1.2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d5d4d7e3435fcf1b288bcd272eebcaf5
WiFilet 1.2 CSRF / LFI / Shell Upload
Posted Feb 25, 2013
Authored by Chokri Ben Achor | Site vulnerability-lab.com

WiFilet version 1.2 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, csrf
MD5 | ddb4bfa9542c68caedc540b0908a9890
Mandriva Linux Security Advisory 2013-014
Posted Feb 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-014 - Multiple security issues were identified and fixed in OpenJDK. MBeanServer access restrictions were added, improved TLS handling of invalid messages, and more.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-0169, CVE-2013-1486, CVE-2013-1487
MD5 | a488906d1dae60be64e527d9e1645ccf
Ubuntu Security Notice USN-1746-1
Posted Feb 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1746-1 - Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274, CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
MD5 | ea1b77ada63f3cf0cc7aa41f728e1238
Ubuntu Security Notice USN-1747-1
Posted Feb 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1747-1 - It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2012-6129
MD5 | 6582929e409added164f92bba43461b1
Java SE 7 Update 15 Sandbox Bypass
Posted Feb 25, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered two new security issues in Java SE 7 Update 15.

tags | advisory, java
MD5 | 0860cf18f52defec23cdb389ebac870f
Binary 2 Shellcode
Posted Feb 24, 2013
Authored by Hamza Megahed | Site hamza-mega.blogspot.com

This is a small tool that will convert a binary to shellcode. Additional usage information can be found via the homepage link.

tags | tool, shellcode
systems | unix
MD5 | bd76bb9ae846e23bbc92700e0fce641c
Porch Light Media SQL Injection
Posted Feb 24, 2013
Authored by Kalashinkov3

Porch Light Media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1388e9c034272df3de3c2b9ca597f034
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
Posted Feb 23, 2013
Authored by sgb | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed.

tags | exploit
advisories | CVE-2013-0025
MD5 | e22f640406a701a53f6a2600e5cb2480
Rix4Web Portal Remote Blind SQL Injection
Posted Feb 23, 2013
Authored by L0n3ly-H34rT

Rix4Web Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 94e216ef20fb2168325da5bb0a714ce6
Page 2 of 25
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close