exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 425 RSS Feed

Files Date: 2013-04-01 to 2013-04-30

HP Security Bulletin HPSBMU02830 SSRT100889 2
Posted Apr 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02830 SSRT100889 2 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be locally exploited to allow an increase of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5220
SHA-256 | d31c0fd64bd23aa84b53b48a34166955482010fec5b0872d0ef36e0201d02251
WebSockets Penetration Testing
Posted Apr 26, 2013
Authored by Robert Koch

This is a whitepaper called On WebSockets in Penetration Testing. It goes into detail discussing the vulnerability attack surface with WebSockets and the complications involved for penetration testing.

tags | paper
SHA-256 | a8b8492359ecd117e96f3ad36d86915bffba40beab8909428765442c3848ab6b
D-Link DIR-635 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2013
Authored by Michael Messner

D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 9f5aeb25f45b5c7859957c04d42fa54170e29e93b7f0b36b152822e378687b11
WAF-FLE ModSecurity Console 0.6.0
Posted Apr 26, 2013
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release close the release candidate cycle, fixing many bugs reports by users.
tags | tool
systems | unix
SHA-256 | f31029e3107c00a5828eaac9ee79751bd70f293a167bf45ae69647f29b31deb0
WPS Office Stack Buffer Overflow
Posted Apr 26, 2013
Authored by Zhangjiantao

In module wpsio.dll in WPS Office, a BSTR string stored in the file is copied to the stack buffer without strict length inspection leading to a stack buffer overflow. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2012-4886
SHA-256 | 38358e22e0283cc8f63c3c5da968863cd9aeb2e6d05f82b21fb4a56fc9a8dd4e
Low Level Exploits
Posted Apr 26, 2013
Authored by Hugh Pearse

This is a presentation that discusses low level exploitation such as stack buffer overflows, null pointer exceptions, etc. It offers decent examples and explanations.

tags | paper, overflow
SHA-256 | cf8f57a23f2830b47616375181328e0335105ea381d3428a3f1e91d4ded96b96
Internet Explorer 7/8/9 Password Dumper 1.0
Posted Apr 26, 2013
Authored by Kevin Devine

This tool demonstrates how to decode Internet Explorer 7, 8 and 9 passwords. Win32 binary and source code included.

tags | tool
systems | windows
SHA-256 | 154f902b038e28989bd7e2d0c9a2631f3b724a69beba0004b9362dd04a64951a
Borland Silk Central 12.1 TeeChart Pro Code Execution
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Silk Central version 12.1 TeeChart Pro active-x control suffers from an AddSeries remote code execution vulnerability.

tags | advisory, remote, code execution, activex
SHA-256 | 3487efa60e709db37782fa39c6eb16e87b57eb70ce5b1c0251f9a7ceec7a159a
Borland Caliber 11.0 Quiksoft EasyMail Buffer Overflow
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Caliber version 11.0 Quiksoft EasyMail SMTP object suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-4607, CVE-2009-4663
SHA-256 | aae8950056570990cc0938976eec20957c20f9394f5b40c527b4b831ee1b5e5f
CMS Cameron McKenna 2013 Cross Site Scripting
Posted Apr 26, 2013
Authored by Ivan Sanchez, Raul Diaz

CMS Cameron McKenna 2013 suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 9bb471ef068545d2955c05c1c10076f6f1d8c862aa331fcdf79fbb9334231220
Red Hat Security Advisory 2013-0772-01
Posted Apr 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0772-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.1.69.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
SHA-256 | 08472f25b4f2dc67bbb764e93477a4cda76c3b9d31c9b109bcd314044bb853f6
Ubuntu Security Notice USN-1808-1
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1808-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
SHA-256 | 552454cec345ffb0bddff287d7b438a2d118cde30da3628cf3b2484c337e4199
Ubuntu Security Notice USN-1807-2
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1807-2 - USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0553, CVE-2013-1492, CVE-2013-1502, CVE-2013-1506, CVE-2013-1511, CVE-2013-1512, CVE-2013-1521, CVE-2013-1523, CVE-2013-1526, CVE-2013-1532, CVE-2013-1544, CVE-2013-1552, CVE-2013-1555, CVE-2013-1623, CVE-2013-2375, CVE-2013-2376, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
SHA-256 | 7e3499a9a7b48101429ba01acfe8c537c8b5615f56dbe899bf947e05445e7ac8
Ubuntu Security Notice USN-1807-1
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1807-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-0553, CVE-2012-4414, CVE-2012-5613, CVE-2012-5615, CVE-2012-5627, CVE-2013-1492, CVE-2013-1502, CVE-2013-1506, CVE-2013-1511, CVE-2013-1512, CVE-2013-1521, CVE-2013-1523, CVE-2013-1526, CVE-2013-1532, CVE-2013-1544, CVE-2013-1552, CVE-2013-1555, CVE-2013-1623, CVE-2013-1861, CVE-2013-2375, CVE-2013-2376, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
SHA-256 | c2fe70d40fb689f4f82bb1823eeeada3e0f5a430d35e1aeb607c87d2d5c2fbaf
Windows Light HTTPD 0.1 Buffer Overflow
Posted Apr 25, 2013
Authored by Jacob Holcomb

Windows Light HTTPD version 0.1 HTTP GET buffer overflow exploit that spawns a bindshell.

tags | exploit, web, overflow
systems | windows
SHA-256 | c6353474ef20863a17e6e60c49ab6d2415f53b3329ca89fc8312aa196928cdcd
phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
Posted Apr 25, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
advisories | CVE-2013-3238, CVE-2013-3239, CVE-2013-3240, CVE-2013-3241
SHA-256 | 5f5b20d982ae97824512b1c23808b9c17b328dae83d316eee98cdebbab52a1c6
Apache CloudStack 4.0.1 Authentication Bypass / Cryptography
Posted Apr 25, 2013
Authored by Wolfram Schlich, Mathijs Schmittmann

The CloudStack PMC was notified of two issues found in Apache CloudStack versions prior to 4.0.2. An attacker with knowledge of CloudStack source code could gain unauthorized access to the console of another tenant's VM. Insecure hash values may lead to information disclosure. URLs generated by Apache CloudStack to provide console access to virtual machines contained a hash of a predictable sequence, the hash of which was generated with a weak algorithm. While not easy to leverage, this may allow a malicious user to gain unauthorized console access.

tags | advisory, bypass, info disclosure
advisories | CVE-2013-2756, CVE-2013-2758
SHA-256 | 474f68a5ee05a485465b64d23eff7bcb693b5ef180963131a4b12caf5a15bc42
Red Hat Security Advisory 2013-0772-01
Posted Apr 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0772-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.1.69.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
SHA-256 | 08472f25b4f2dc67bbb764e93477a4cda76c3b9d31c9b109bcd314044bb853f6
Hacking IPv6 Networks
Posted Apr 25, 2013
Authored by Fernando Gont

These are the slides for the "Hacking IPv6 Networks" security training course as given at BRUCON 2012.

tags | paper
SHA-256 | e3087a85f87af2ef63cb6ee55ffaad7558a549d506e6ff8988c95b01399882ad
Sanewall 1.0.0
Posted Apr 25, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 206ac56ec2a9a30060b4039e1430dfd8af44b5fa5a158b69dc7ed68a64b66f2e
GroundWork monarch_scan.cgi OS Command Injection
Posted Apr 24, 2013
Authored by Johannes Greil, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.

tags | exploit, remote, arbitrary, cgi, perl, code execution
systems | linux, ubuntu
advisories | OSVDB-91051
SHA-256 | 4f033af844cdd623331a0bd422e02eb8ac32fdbef2908dd0e003506fe068e0b1
Cisco Security Advisory 20130424-nxosmulti
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. These products are affected by vulnerabilities such as buffer overflow and denial of service issues.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
SHA-256 | 3b9bd9fefdaef3b94a763654446f7a87d023a8d89eea09bb2e691ec9aeeebd28
Cisco Security Advisory 20130424-ucsmulti
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Managed and standalone Cisco Unified Computing System (UCS) deployments contain various vulnerabilities such as authentication bypass, buffer overflow, and denial of service issues.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
SHA-256 | 53255273186363e00cf1aaffbcf4e4d430c1447c889e787df8d3a608768efdf0
SAP NetWeaver Remote ABAP Code Injection
Posted Apr 24, 2013
Authored by Ertunga Arsal | Site esnc.de

A SAP NetWeaver vulnerability allows injection of ABAP code. In SAP security, this is the equivalent of getting an ultra-reliable ring 0 exploit which works through the network and never crashes. By exploiting this vulnerability an attacker can e.g. inject code which saves the passwords of all connecting SAP GUI users in a remote file, steal or change sensitive data such as HR salary information, execute bank transactions and transfer money, or simply plant an SAP backdoor for accessing the system later. The attacker can also manipulate or corrupt ABAP programs shipped by SAP and make the system inoperable.

tags | advisory, remote
advisories | CVE-2013-3243
SHA-256 | bef5435dd9e71bc842aef59db42966ef03ac40124905e2ccd226ca1a86276d90
Red Hat Security Advisory 2013-0771-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0771-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2013-1944
SHA-256 | 73f2f91020506640014d072e24e8ccf64fc4ce8d2c457f7c3cdaef0e81920dbc
Page 2 of 17
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close