Twenty Year Anniversary
Showing 26 - 50 of 425 RSS Feed

Files Date: 2013-04-01 to 2013-04-30

HP Security Bulletin HPSBMU02830 SSRT100889 2
Posted Apr 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02830 SSRT100889 2 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be locally exploited to allow an increase of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5220
MD5 | 8d8fafbe347e514bac90d09aecf19290
WebSockets Penetration Testing
Posted Apr 26, 2013
Authored by Robert Koch

This is a whitepaper called On WebSockets in Penetration Testing. It goes into detail discussing the vulnerability attack surface with WebSockets and the complications involved for penetration testing.

tags | paper
MD5 | d6bf577b9550388a2fec3e9791fa50a0
D-Link DIR-635 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2013
Authored by Michael Messner

D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 4ace141f9c5d0fb676b6eaf618190a05
WAF-FLE ModSecurity Console 0.6.0
Posted Apr 26, 2013
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release close the release candidate cycle, fixing many bugs reports by users.
tags | tool
systems | unix
MD5 | f3dec07ec298f7ff017973fc9bccd70f
WPS Office Stack Buffer Overflow
Posted Apr 26, 2013
Authored by Zhangjiantao

In module wpsio.dll in WPS Office, a BSTR string stored in the file is copied to the stack buffer without strict length inspection leading to a stack buffer overflow. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2012-4886
MD5 | 2903a1aaee327cb030f2a2a6375ab875
Low Level Exploits
Posted Apr 26, 2013
Authored by Hugh Pearse

This is a presentation that discusses low level exploitation such as stack buffer overflows, null pointer exceptions, etc. It offers decent examples and explanations.

tags | paper, overflow
MD5 | 1527379c5df3a8bdc49ace3929da0b7f
Internet Explorer 7/8/9 Password Dumper 1.0
Posted Apr 26, 2013
Authored by Kevin Devine

This tool demonstrates how to decode Internet Explorer 7, 8 and 9 passwords. Win32 binary and source code included.

tags | tool
systems | windows
MD5 | 6ce35eb3677ab554c0c3c4c15c90ea19
Borland Silk Central 12.1 TeeChart Pro Code Execution
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Silk Central version 12.1 TeeChart Pro active-x control suffers from an AddSeries remote code execution vulnerability.

tags | advisory, remote, code execution, activex
MD5 | 45837754a8588c6683cf86b29fc35b22
Borland Caliber 11.0 Quiksoft EasyMail Buffer Overflow
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Caliber version 11.0 Quiksoft EasyMail SMTP object suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-4607, CVE-2009-4663
MD5 | 015e4efd83f5a8cb7dfacb483b67e996
CMS Cameron McKenna 2013 Cross Site Scripting
Posted Apr 26, 2013
Authored by Ivan Sanchez, Raul Diaz

CMS Cameron McKenna 2013 suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 4f4d22f0a4d305de40dbc0ac9cc8a628
Red Hat Security Advisory 2013-0772-01
Posted Apr 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0772-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.1.69.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
MD5 | 430a7a49346740fee9d6ddd9b02b6bc5
Ubuntu Security Notice USN-1808-1
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1808-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
MD5 | 68ea26cb76b7b153db4f5cee5ce01041
Ubuntu Security Notice USN-1807-2
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1807-2 - USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0553, CVE-2013-1492, CVE-2013-1502, CVE-2013-1506, CVE-2013-1511, CVE-2013-1512, CVE-2013-1521, CVE-2013-1523, CVE-2013-1526, CVE-2013-1532, CVE-2013-1544, CVE-2013-1552, CVE-2013-1555, CVE-2013-1623, CVE-2013-2375, CVE-2013-2376, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
MD5 | cf1a434c45a099d21158906b40e0411c
Ubuntu Security Notice USN-1807-1
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1807-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-0553, CVE-2012-4414, CVE-2012-5613, CVE-2012-5615, CVE-2012-5627, CVE-2013-1492, CVE-2013-1502, CVE-2013-1506, CVE-2013-1511, CVE-2013-1512, CVE-2013-1521, CVE-2013-1523, CVE-2013-1526, CVE-2013-1532, CVE-2013-1544, CVE-2013-1552, CVE-2013-1555, CVE-2013-1623, CVE-2013-1861, CVE-2013-2375, CVE-2013-2376, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
MD5 | 42de558be8a8a397ebe7fba1a76d2b99
Windows Light HTTPD 0.1 Buffer Overflow
Posted Apr 25, 2013
Authored by Jacob Holcomb

Windows Light HTTPD version 0.1 HTTP GET buffer overflow exploit that spawns a bindshell.

tags | exploit, web, overflow
systems | windows
MD5 | 55ad6958d8acdf6ae266aea27245a388
phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
Posted Apr 25, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
advisories | CVE-2013-3238, CVE-2013-3239, CVE-2013-3240, CVE-2013-3241
MD5 | a19f7b563bcfd27ec869d2b00fdd590b
Apache CloudStack 4.0.1 Authentication Bypass / Cryptography
Posted Apr 25, 2013
Authored by Wolfram Schlich, Mathijs Schmittmann

The CloudStack PMC was notified of two issues found in Apache CloudStack versions prior to 4.0.2. An attacker with knowledge of CloudStack source code could gain unauthorized access to the console of another tenant's VM. Insecure hash values may lead to information disclosure. URLs generated by Apache CloudStack to provide console access to virtual machines contained a hash of a predictable sequence, the hash of which was generated with a weak algorithm. While not easy to leverage, this may allow a malicious user to gain unauthorized console access.

tags | advisory, bypass, info disclosure
advisories | CVE-2013-2756, CVE-2013-2758
MD5 | 6376e1a1f4cb313f82226de957767b93
Red Hat Security Advisory 2013-0772-01
Posted Apr 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0772-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.1.69.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
MD5 | 0823f07c52be73b6cbd5d9892bad860c
Hacking IPv6 Networks
Posted Apr 25, 2013
Authored by Fernando Gont

These are the slides for the "Hacking IPv6 Networks" security training course as given at BRUCON 2012.

tags | paper
MD5 | cc61c9d06b08dae10665135b93de0a44
Sanewall 1.0.0
Posted Apr 25, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

tags | tool, spoof, firewall
systems | linux, unix
MD5 | 83bb57e896d8d4d5b95557d3f742bff0
GroundWork monarch_scan.cgi OS Command Injection
Posted Apr 24, 2013
Authored by Johannes Greil, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.

tags | exploit, remote, arbitrary, cgi, perl, code execution
systems | linux, ubuntu
advisories | OSVDB-91051
MD5 | e0748ad1d02bbc1b0c70db9e441df0dc
Cisco Security Advisory 20130424-nxosmulti
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. These products are affected by vulnerabilities such as buffer overflow and denial of service issues.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
MD5 | 1b54279f6b523d358c6bf1c77f87b29d
Cisco Security Advisory 20130424-ucsmulti
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Managed and standalone Cisco Unified Computing System (UCS) deployments contain various vulnerabilities such as authentication bypass, buffer overflow, and denial of service issues.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
MD5 | 6389c52dbc42ee8e987b709e9db2dce7
SAP NetWeaver Remote ABAP Code Injection
Posted Apr 24, 2013
Authored by Ertunga Arsal | Site esnc.de

A SAP NetWeaver vulnerability allows injection of ABAP code. In SAP security, this is the equivalent of getting an ultra-reliable ring 0 exploit which works through the network and never crashes. By exploiting this vulnerability an attacker can e.g. inject code which saves the passwords of all connecting SAP GUI users in a remote file, steal or change sensitive data such as HR salary information, execute bank transactions and transfer money, or simply plant an SAP backdoor for accessing the system later. The attacker can also manipulate or corrupt ABAP programs shipped by SAP and make the system inoperable.

tags | advisory, remote
advisories | CVE-2013-3243
MD5 | 6e1055bf21cf6b7e1a19fafb8017df15
Red Hat Security Advisory 2013-0771-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0771-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2013-1944
MD5 | ef4893d680b58efebd80d07d6c7e0bce
Page 2 of 17
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close