exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 151 - 175 of 611 RSS Feed

Files Date: 2013-02-01 to 2013-02-28

Debian Security Advisory 2630-1
Posted Feb 21, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2630-1 - Sumit Soni discovered that PostgreSQL,an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-0255
SHA-256 | 68e6406bf02a36ed88b2b1ddae4498139d15e7cbd52cc26578fcb88b80a2a64b
phpMyRecipes 1.2.2 SQL Injection
Posted Feb 21, 2013
Authored by cr4wl3r

phpMyRecipes version 1.2.2 remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 48cf9d477ec7a80c51ed5ab37dd272196f3a99397e30828b2d1164825dd48df9
RTTucson Quotations Database Authentication Bypass
Posted Feb 21, 2013
Authored by cr4wl3r

RTTucson Quotations Database Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | cdcaa384c92df2bf334a9b66417054e96b8f61a54b8d21f9c18d3692cc3dc645
Slackware Security Advisory - Mozilla Thunderbird Updates
Posted Feb 20, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 127d731b190529febf4d94a4eccd731e32f00c3b40a933383605e108c26a6cd0
Slackware Security Advisory - Mozilla Firefox Updates
Posted Feb 20, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 64b713875520b4a4aee7b65683717825e66dcb9a8934834cf71db7b4e5a0100a
Apple Security Advisory 2013-02-19-1
Posted Feb 20, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-02-19-1 - Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41.

tags | advisory, java, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478
SHA-256 | efaa78c6307bff18b0f0f70b5b7bddb17aeaa75941096769958b8ee66696c872
Mandriva Linux Security Advisory 2013-013
Posted Feb 20, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-013 - Multiple vulnerabilities has been found and corrected in Squid. Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via long POST requests, or crafted authentication credentials. cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service via a crafted request. NOTE: this issue is due to an incorrect fix for possibly involving an incorrect order of arguments or incorrect comparison. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi, vulnerability, memory leak
systems | linux, mandriva
advisories | CVE-2012-5643, CVE-2013-0189
SHA-256 | 5d5f69e81a32849b1999089a698c6a5586a8a41760ae2ffa2fdbb0728609733f
Red Hat Security Advisory 2013-0275-01
Posted Feb 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0275-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486
SHA-256 | 158967611fc416ac990e91ac6875a316e09285ecee34a665570603958dc51cd6
Red Hat Security Advisory 2013-0274-01
Posted Feb 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0274-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.

tags | advisory, java, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-1486
SHA-256 | 1c3483b62f9201a000a9a33304c470c2728d668d5254f683b0d4d35038b7b433
Red Hat Security Advisory 2013-0273-01
Posted Feb 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0273-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.

tags | advisory, java, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-1486
SHA-256 | d539e4d6911cdc8f6a178ebfda088502cb56aa31e26189bdf1c710612c289877
Ubuntu Security Notice USN-1729-1
Posted Feb 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1729-1 - Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0772, CVE-2013-0765, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0781, CVE-2013-0782, CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
SHA-256 | efab7f07cece6f3050c4c7798596f5cb5d725280a3bdc0d5e2a56be32baddab9
CloudFlare Versus Incapsula Versus ModSecurity
Posted Feb 20, 2013
Authored by LiquidWorm, Humberto Cabrera, Stefan Petrushevski | Site zeroscience.mk

This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. The goal of the authors was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.

tags | paper, web
SHA-256 | b7ec360c41751b864d585550e59e6ce9daffa5990a1e4421486df42ffc283b61
How To Hack A Website With Metasploit
Posted Feb 20, 2013
Authored by Sumedt Jitpukdebodin | Site r00tsec.blogspot.com

This article discusses how to use Metasploit for scanning, crawling, and attacking web applications.

tags | paper, web
SHA-256 | f1cc7c7ac8d8fc3a74105e7d8d02584bf9e083b1aa1fc066326798f75e73ec12
Zenphoto 1.4.4.1 Blind SQL Injection
Posted Feb 20, 2013
Authored by Hossein Nsn

Zenphoto version 1.4.4.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d966ea31e8b17b2b96cb9927385cb3b427eac99bb64c3cc081daaa582daaf212
BigAnt Server 2 SCH And DUPF Buffer Overflow
Posted Feb 20, 2013
Authored by juan vazquez, Hamburgers Maccoy | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7. The vulnerability is due to the dangerous usage of strcpy while handling errors. This module uses a combination of SCH and DUPF request to trigger the vulnerability, and has been tested successfully against version 2.97 SP7 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-6275, OSVDB-89344
SHA-256 | fd7a317c230213f8edc299a76b9d39aee9e244cbb2a205aa46a90b61823d7fee
BigAnt Server DUPF Command Arbitrary File Upload
Posted Feb 20, 2013
Authored by juan vazquez, Hamburgers Maccoy | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory traversal attack and achieve arbitrary file upload. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of BigAnt on Windows XP and 2003. It has been successfully tested on BigAnt Server 2.97 SP7 over Windows XP SP3 and 2003 SP2.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2012-6274, OSVDB-89342
SHA-256 | dc87880460e34e43169ec0e0613b958641d3dd6f47c0902d800d64b756f31d6e
OpenEMR PHP File Upload
Posted Feb 20, 2013
Authored by LiquidWorm, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-90222
SHA-256 | 09f5efca41c484db706376ef3dfea164467c56c4d486e5b9040b98c0af8c332a
Squirrelcart 3.5.4 Cross Site Scripting
Posted Feb 20, 2013
Authored by LiquidWorm | Site zeroscience.mk

Squirrelcart version 3.5.4 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a46543a8bb0ab278d3990bfe150c544ddc8dd309411ee1a9c232ac64cf315571
Red Hat Security Advisory 2013-0272-01
Posted Feb 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0272-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-0775, CVE-2013-0776, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783
SHA-256 | 95f86f0f7e3c40001f7fb45c2f16138bd03a952132b7295a51a5801f7e41c828
Ubuntu Security Notice USN-1728-1
Posted Feb 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1728-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190
SHA-256 | 84c0f2370824ab1d88e369f8c3ee98fa2971880d4270ed52f8d1fc73ee6a4a63
Various Applications Include ZeroClipboard XSS
Posted Feb 20, 2013
Authored by MustLive

YAML, MultiProject extension for Trac, UserCollections extension for Piwigo, TAO and TableTools plugin for DataTables plugin for jQuery are all affected by the cross site scripting issues discovered in ZeroClipboard as they include the swf.

tags | exploit, xss
SHA-256 | d81a83c614cfc84ec66ca68b939dab7074dc98d401693f0c5c6943182dcd0229
Hiding Data In Hard-Drive's Service Areas
Posted Feb 19, 2013
Authored by Ariel Berkman | Site recover.co.il

In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.

tags | paper
SHA-256 | 56c7d0d4187efd4b11c8476ff27ccc113b0205c32f936a78c17c88cafa947b3d
FreeBSD Security Advisory - BIND Denial Of Service
Posted Feb 19, 2013
Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS64 is an IPv6 transition mechanism that will return a synthesized AAAA response even if there is only an A record available. Due to a software defect a crafted query can cause named(8) to crash with an assertion failure.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2012-5688
SHA-256 | 7a8b0adfcf6016b307c0e17b5c45fdec29ac76e9591aba0e5450056bd38ad916
FreeBSD Security Advisory - glob(3) Resource Exhaustion
Posted Feb 19, 2013
Site security.freebsd.org

FreeBSD Security Advisory - The glob(3) function is a pathname generator that implements the rules for file name pattern matching used by the shell. GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient. An attacker that is able to exploit this vulnerability could cause excessive memory or CPU usage, resulting in a denial of service.

tags | advisory, denial of service, shell
systems | freebsd
advisories | CVE-2010-2632
SHA-256 | f2e502ca64a6aa303c90908a48c574ac08e6abef1995c2a730359cea8c7e9fec
OWASP Bricks Betwa Release
Posted Feb 19, 2013
Site owasp.org

Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.

tags | tool, web, php
systems | unix
SHA-256 | f3e19532950821b7e4e8be8f975a13a51aa346f3186c6e45ca89fc5b7386dc28
Page 7 of 25
Back56789Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close