exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 425 RSS Feed

Files Date: 2013-04-01 to 2013-04-30

SAP ConfigServlet OS Command Execution
Posted Apr 19, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.

tags | exploit
SHA-256 | bd22164e93c481f2adee97758ca447db0d47658f7a4544609432a32799d8b8d3
Cisco IKE Implementation Group Name Enumeration
Posted Apr 19, 2013
Authored by Jonathan Claudius | Site trustwave.com

Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.

tags | exploit
systems | cisco
advisories | CVE-2013-1194
SHA-256 | 7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caad
Ubuntu Security Notice USN-1804-1
Posted Apr 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1804-1 - Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2013-1926, CVE-2013-1927, CVE-2013-1926, CVE-2013-1927
SHA-256 | 94c8dfb69cab90f5b36b1712850ba1638f4dec59b36eedbe93064a48b933ad10
Red Hat Security Advisory 2013-0758-01
Posted Apr 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0758-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2439, CVE-2013-2440
SHA-256 | d2698820e52d08b651a6e30af5fc62e23be5567381406f5cc97b4365e26f9490
Red Hat Security Advisory 2013-0757-01
Posted Apr 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0757-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425
SHA-256 | 47290146682a8b45735896f0b78050379327bfe0efde7613362febef95f674bc
Debian Security Advisory 2662-1
Posted Apr 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2662-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1917, CVE-2013-1919
SHA-256 | c154b1d7b7e208460374fd11a98c3333c72d0fcea6d6be680aefae238a806dfd
Fork CMS Local File Inclusion
Posted Apr 18, 2013
Authored by Rafay Baloch

Fork CMS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | dc9c3676bed4b6dd47b65dcd79362c247ada9470a4af9cb6c2e29524e8645942
Fork CMS Cross Site Request Forgery
Posted Apr 18, 2013
Authored by Rafay Baloch

Fork CMS suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b1f5869ab5f633d45b74847ab258441ea7cf30e564f771344d4b1c00f8ba8c27
Fork CMS Cross Site Scripting
Posted Apr 18, 2013
Authored by Rafay Baloch

Fork CMS suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8c5fae34f52db9b2663429d8f941353d9efee87ca897544f51278843d7e9d2b8
SWFUpload CSRF / XSS / Object Injection
Posted Apr 18, 2013
Authored by KedAns-Dz

SWFUpload suffers from cross site scripting, cross site request forgery, and object injection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 88f9aac6098d0e3258845fe60905a4307536ba1d86078b4b59c2122b60d3ea28
Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow
Posted Apr 18, 2013
Authored by Florent Hochwelker | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a heap overflow error within the JavaFX component when decoding certain video frames, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, java, remote, web, overflow
SHA-256 | a2eb4b5d305a7ac6991835ccb5811297e7d48909f1c506568314ba2a5970316c
Matrix42 Service Store 5.3 SP3 Cross Site Scripting
Posted Apr 18, 2013
Authored by 43zsec

Matrix42 Service Store version 5.3 SP3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d431e07e2090b3ecb928537ec9c68ab0d5ece0d754b16cb65ebe58d7828b3216
Technical Cyber Security Alert 2013-107A
Posted Apr 18, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-107A - Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle strongly recommends that customers apply CPU fixes as soon as possible.

tags | advisory, java
SHA-256 | 2bc33c1159b0fcbf4383d5702e542342e6335e5d00c4f2e7df5b6d43cc1a63a6
Intercepter Sniffer 0.9.7
Posted Apr 18, 2013
Authored by Ares | Site sniff.su

Intercepter is a sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

Changes: New versions provides the ability to sniff the login and password of the target user that connects to SSH server and intercepts the session data such as commands.
tags | tool, web, sniffer, imap, protocol
SHA-256 | a7eeb7f0852c3f890b1cf069da1c6007331be8b19ddd6ca7025e8cfe208f0861
Free Float FTP Server USER Command Buffer Overflow
Posted Apr 18, 2013
Authored by D35m0nd142 | Site metasploit.com

Freefloat FTP Server is prone to an overflow condition. It fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted 'USER' command, a remote attacker can potentially have an unspecified impact.

tags | exploit, remote, overflow
advisories | OSVDB-69621
SHA-256 | 9b812ca885b40a06ed5af29596e9d126320a1646dbcbe6be64b5c81887642462
Cisco Security Advisory 20130417-nac
Posted Apr 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify any information in the NAC Manager database. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote, arbitrary
systems | cisco
SHA-256 | 0b2fd9431ac6f3023d470247efac603d079d9cd4168dd50bc6a519460459b72f
SI6 Networks' IPv6 Toolkit 1.3.4
Posted Apr 18, 2013
Authored by Fernando Gont

This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.

Changes: IPv6-host tracking support in the scan6 tool. A new tool, address6, to analyze IPv6 addresses. Minor bug fixes.
tags | tool
systems | linux, netbsd, unix, freebsd, openbsd, debian, ubuntu
SHA-256 | 75ff27cd30407cd57f35a7646b82e6fede9cfc7e1fac089b3da43e547424af48
Ubuntu Security Notice USN-1803-1
Posted Apr 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1803-1 - It was discovered that the X.Org X server did not properly clear input events in certain circumstances. A local attacker with physical access could use this flaw to capture keystrokes.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1940
SHA-256 | 0a8fc43b37e93e1260e0124d3f96f99613c73e4adbc0f22dda8909721d36cfa6
Debian Security Advisory 2661-1
Posted Apr 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2661-1 - David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the Xorg X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug.

tags | advisory, info disclosure
systems | linux, redhat, debian
advisories | CVE-2013-1940
SHA-256 | ddec4e210a037caeffbc9a414e249bc38399f5e30f17b1044f4ffdad14f56b69
Red Hat Security Advisory 2013-0753-01
Posted Apr 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0753-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-1926, CVE-2013-1927
SHA-256 | c1ce692c1521d0837522bfb3b37e40034340611dd97379e2d399b43394575abe
Red Hat Security Advisory 2013-0752-01
Posted Apr 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0752-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436
SHA-256 | 41d947531ed3d252e75fac4e4c2beb0c11832cfe342063df05ef1bf45c210ec0
Red Hat Security Advisory 2013-0751-01
Posted Apr 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0751-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436
SHA-256 | 3dd79f78440b623f915a9d88a18803f2cbd13f584293a3ef010118bc0dbab5b8
Samhain File Integrity Checker 3.0.11
Posted Apr 17, 2013
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Log rotation can be handled more gracefully now. An option to ignore modifications of transient files during their lifetime has been added, and it is possible now to build a Debian client package with a preset password. A problem with large groups has been fixed, as well as reconnecting to a temporarily unavailable Oracle database.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 35a8d392b930b7db1ec9ff0c55bc89d2cfb08d13b8cb7937012dab776c36c89d
Cisco Security Advisory 20130417-tpi
Posted Apr 17, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence multipoint control unit (MCU) and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote
systems | cisco
SHA-256 | 119f45014590ba7857394b2b18f4cc8f0f389955b9862b725e9ebc23bf070330
Oracle WebCenter / Fatwire Header Injection
Posted Apr 17, 2013
Authored by Kestutis Gudinavicius | Site sec-consult.com

Oracle WebCenter Sites Satellite Server versions 7.6.0 Patch1, 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 suffer from HTTP header injection and cache poisoning vulnerabilities.

tags | exploit, web, vulnerability
advisories | CVE-2013-1509
SHA-256 | b211d5ba79c2e4506fc8c437bbb356031d7bc5df5b5dceb6705801d00369973b
Page 5 of 17
Back34567Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close