Twenty Year Anniversary
Showing 76 - 100 of 425 RSS Feed

Files Date: 2013-04-01 to 2013-04-30

Red Hat Security Advisory 2013-0762-01
Posted Apr 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0762-01 - In accordance with the Red Hat Enterprise MRG Life Cycle policy, the Red Hat Enterprise MRG products, which include the MRG-Messaging, MRG-Realtime, and MRG-Grid, Version 1 and Version 2 offerings for Red Hat Enterprise Linux 5, will be retired on March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid on Red Hat Enterprise Linux 5 after that date. In addition, after March 31, 2014, technical support through Red Hat's Global Support Services will no longer be provided for these products on Red Hat Enterprise Linux 5.

tags | advisory
systems | linux, redhat
MD5 | a5e5106d83a0a1e37183307d1ccffe1b
Windows PHP Reverse Shell
Posted Apr 22, 2013
Authored by blkhtc0rp

php_rshell is a ruby script which converts a binary backdoor to hex and creates a windows php reverse backdoor that will be executed on the server.

tags | php, ruby
systems | windows
MD5 | 8b3b1b6be1b5224897a8f0d269d44d81
Janissaries Joomla Civicrm Shell Upload
Posted Apr 22, 2013
Authored by miyachung

Janissaries Joomla Civicrm component exploitation tool that uploads a shell.

tags | exploit, shell
MD5 | b8236f495a037eb3efd5b064859f840e
FreeSWITCH vBilling SQL Injection
Posted Apr 22, 2013
Authored by Michal Blaszczak

vBilling for FreeSWITCH suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 4ac7a3c9534b7086c9b17e22ca3ee99d
Tiny Windows Reverse Shell
Posted Apr 22, 2013
Authored by blkhtc0rp

This archive includes the source and a binary for a small Windows reverse shell.

tags | shell
systems | windows
MD5 | 41ee2f54e096324f36fef76e0e314112
Java 1.7.0_21-b11 Code Execution
Posted Apr 22, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Java versions 1.7.0_21-b11 and below suffers from an arbitrary code execution vulnerability.

tags | advisory, java, arbitrary, code execution
MD5 | e4cd9e5c7f8d9e28f0422e22ea755816
Voipnow Local File Inclusion
Posted Apr 21, 2013
Authored by i-Hmx

Voipnow versions prior to 2.4 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 67a462470d74167fca8b61189b1614d5
jPlayer 2.2.22 XSS / Content Spoofing
Posted Apr 21, 2013
Authored by MustLive

jPlayer versions prior to 2.2.23 suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | 3ca50d93ad6f77cdf61f33ff81b19484
WordPress Colormix XSS / Content Spoofing / Path Disclosure
Posted Apr 21, 2013
Authored by MustLive

WordPress Colormix theme suffers from cross site scripting, path disclosure, and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss, file inclusion, info disclosure
MD5 | e73fde71182f911806ed3f5743d560fb
Debian Security Advisory 2660-1
Posted Apr 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2660-1 - Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain 'ample.com' could accidentally also be sent by libcurl when communicating with 'example.com'.

tags | advisory
systems | linux, debian
advisories | CVE-2013-1944
MD5 | 60cdd4c39c7b7c0f6d5d73fa37f5d619
Reversing Offline Games
Posted Apr 20, 2013
Authored by Dark-Puzzle

This is a brief tutorial that demonstrates how to reverse engineer an offline game (3D Pinball).

tags | paper
MD5 | 4354b4c3d5702117c63f23f608e917fc
Netgear DGN2200B pppoe.cgi Remote Command Execution
Posted Apr 20, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.

tags | exploit, web
advisories | OSVDB-90320
MD5 | a53f15fbf827377eadd408187673f704
Mandriva Linux Security Advisory 2013-147
Posted Apr 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-147 - Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof is equal to 8. In the archive_write_zip_data() function in libarchive/ archive_write_set_format_zip.c, the s parameter is of type size_t and is cast to a 64 bit signed integer. If s is larger than MAX_INT, it will not be set to zip->remaining_data_bytes even though it is larger than zip->remaining_data_bytes, which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives. The updated packages have been patched to correct this issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-0211
MD5 | 284356571418390a23af798068bacedf
Ubuntu Security Notice USN-1805-1
Posted Apr 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1805-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
MD5 | 9dde7480b2593ff7a4057b7bbaa64c81
Mandriva Linux Security Advisory 2013-145
Posted Apr 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-145 - Multiple security issues were identified and fixed in OpenJDK Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code.Note: The fix for changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Various other issues have been addressed.

tags | advisory, java, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431
MD5 | 321e8e03af5545c18cb282d9793befa1
Adobe Flash Player Code Execution
Posted Apr 19, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. Adobe Flash Player versions prior to 11.7.700.169 are affected.

tags | advisory, remote, web, protocol
advisories | CVE-2013-2555
MD5 | 528f63f34436a85bc7304af9f6091a07
MinaliC Webserver 2.0.0 Buffer Overflow
Posted Apr 19, 2013
Authored by Antonius | Site cr0security.com

MinaliC Webserver version 2.0.0 buffer overflow exploit that binds a shell to port 4444. Works on Windows Server 2003 SP3 only.

tags | exploit, overflow, shell
systems | windows
MD5 | 439f16a74d2ea6b7bec629ef6be34eb2
Mandriva Linux Security Advisory 2013-146
Posted Apr 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-146 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack. The updated packages have been upgraded to the 1.3.2 version which is not affected by these issues.

tags | advisory, java, web, vulnerability
systems | linux, mandriva
advisories | CVE-2013-1926, CVE-2013-1927
MD5 | f02ad168d33d7ee0af6683b387ad9d9c
Wireless Decoder 1.0
Posted Apr 19, 2013
Authored by Kevin Devine

Wireless Decoder is an application that demonstrates how to recover wireless passwords on Vista/Win7/Win8. Comes with source and the binary.

tags | tool, wireless
MD5 | d8d2386e1320ff3298bd2aa3d5f844ab
Tienda Online CMS Cross Site Scripting
Posted Apr 19, 2013
Authored by Ivan Sanchez, Raul Diaz

Tienda Online CMS suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 2aebd098f51bb0c40075060d52ec9407
Foxit Reader 5.4.x Denial Of Service
Posted Apr 19, 2013
Authored by FuzzMyApp

Foxit Reader versions 5.4.3.x through 5.4.5.0124 suffer from a PDF XREF parsing denial of service vulnerability.

tags | exploit, denial of service
systems | linux
MD5 | 2feaa75cdb5e8304debeca363d3285e6
KIK Messenger Password Disclosure
Posted Apr 19, 2013
Authored by Wouter van Rooij

KIK Messenger stores its password in cleartext in a plist file.

tags | exploit, info disclosure
MD5 | 647f1a698c2fa2e7faaa1cfadeb47feb
Crafty Syntax Live Help RFI / Path Disclosure
Posted Apr 19, 2013
Authored by ITTIHACK

Crafty Syntax Live Help versions 2.x and 3.x suffer from path disclosure and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion, info disclosure
MD5 | 890082ed42552aa39e6250ec940d710f
TP-LINK TL-WR741N / TL-WR741ND Denial Of Service
Posted Apr 19, 2013
Authored by W1ckerMan

TP-LINK TL-WR741N / TL-WR741ND suffers from multiple remote denial of service device freezing conditions.

tags | exploit, remote, denial of service
MD5 | 2f076c652668949f32ded79c3486c790
nginx 0.6.x Code Execution
Posted Apr 19, 2013
Authored by Neal Poole

nginx version 0.6.x suffers from an arbitrary code execution vulnerability due to a nullbyte injection issue.

tags | exploit, arbitrary, code execution
MD5 | 6bb8e74df4a5f0826c76b18161f83f87
Page 4 of 17
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    4 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close