what you don't know can hurt you
Showing 51 - 75 of 342 RSS Feed

Files Date: 2013-05-01 to 2013-05-31

PayPal Cross Site Scripting
Posted May 28, 2013
Authored by Un0wn_X

The sitewide search functionality in PayPal suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 011f110352aa76b4a4cb5e24a5af8cee
HP LaserJet Pro P1606dn Password Reset
Posted May 28, 2013
Authored by m3tamantra

HP LaserJet Pro version P1606dn suffers from a direct access administrative password reset vulnerability.

tags | exploit
MD5 | 2887bc47e46fb27a5d89450a5d75dc64
KDE Paste Applet Weak Password Generation
Posted May 28, 2013
Authored by Michael Samuel

Password generation in the KDE paste applet is not truly random.

tags | advisory, info disclosure
advisories | CVE-2013-2120
MD5 | 04cc8b0a765f40ea07ce20c5e8f21c9d
SIEMENS Solid Edge ST4 WebPartHelper Command Execution
Posted May 27, 2013
Authored by rgod | Site retrogod.altervista.org

SIEMENS Solid Edge ST4 WebPartHelper active-x control RFMSsvs!JShellExecuteEx suffers from a remote command execution vulnerability. Proof of concept included.

tags | exploit, remote, activex, proof of concept
systems | linux
MD5 | bdd9cbfc1d8fd0e77ab4e70228ce55c6
aCMS 1.0 XSS / Content Spoofing / Information Leak
Posted May 27, 2013
Authored by MustLive

aCMS versions 1.0 and below suffer from cross site scripting, content spoofing, and information leakage vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | ef60b36f9e4cb4eb001cd1234a172f2a
WordPress User Role Editor 3.12 Cross Site Request Forgery
Posted May 27, 2013
Authored by Henry Hoggard

WordPress User Role Editor plugin version 3.12 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 51e7ad9a4254bdb10ba13e9830ba62d7
ADIF Log Search Widget 1.0e Cross Site Scripting
Posted May 27, 2013
Authored by Keith Makan

ADIF Log Search Widget version 1.0e suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f8f39044ee3ee8a24cd4e913c949407d
Vanilla Forums 2.0.18.8 XSS / Insecure Permissions
Posted May 27, 2013
Authored by Henry Hoggard

Vanilla Forums version 2.0.18.8 suffers from cross site scripting and insecure permission vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2adddbf01651388cdee8d4cdf8bb0fa5
LG Optimus G Command Injection
Posted May 26, 2013
Authored by Justin Case

LG Optimus G E973 suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2013-3666
MD5 | 88dae3dc849c0a28c31d7472976a1106
PayPal.com Cross Site Scripting
Posted May 26, 2013
Authored by Robert Kugler

PayPal.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e0510a6ae665212350dde6d7b1af5ab8
HP Security Bulletin HPSBUX02881 SSRT101189
Posted May 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02881 SSRT101189 - A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.

tags | advisory, info disclosure
systems | hpux
advisories | CVE-2012-2678, CVE-2012-2746
MD5 | 156956d6bbcd1c0c08e1c1943ee04260
SAS Integration Technologies Client 9.31_M1 Buffer Overflow
Posted May 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

The SASspk module (SASspk.dll) version 9.310.0.11307, has a function called 'RetrieveBinaryFile()' which has one parameter called 'bstrFileName' which takes arguments as strings as defined in the function itself as ISPKBinaryFile from the SASPackageRetrieve library. Stack-based buffer overflow was discovered in one of the fuzzing processes that could allow arbitrary code execution by an attacker when exploiting the non-sanitized 'bstrFileName' parameter.

tags | exploit, overflow, arbitrary, code execution
systems | windows
MD5 | efd20de629163443af84ec7171880d13
360-FAAR Firewall Analysis Audit And Repair 0.4.5
Posted May 25, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release fixes rulebase output bugs when using the 'cl' option in 'rr' mode. Netscreen rulebase numbers now output usable rule numbers in 'cl' rulebases. The ctrl-c panic when reading logs is fixed. 'rr' mode 'log' defaults now switch off 'Any' rule to object and service object resolution. New 'rr' mode 'res' defaults now switch on most resolution and matching options.
tags | tool, perl
systems | unix
MD5 | 341934d7411aed095556ccc820714c5b
Modern Overflow Targets
Posted May 24, 2013
Authored by Eric Wimberley, Nathan Harrison

This is a whitepaper discussing flaws in current stack protection mechanisms and alternate methods of exploiting stack overflows. The paper wastes no time rehashing old methods such as ret2libc or bruteforcing methods against ASLR on forked processes.

tags | paper, overflow
MD5 | 7134661ac3b82a58490b9ff5d9d8e8be
Ubuntu Security Notice USN-1837-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1837-1 - An information leak was discovered in the Linux kernel's crypto API. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. An information leak was discovered in the Linux kernel's rcvmsg path for ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3226, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3230, CVE-2013-3231, CVE-2013-3233, CVE-2013-3234, CVE-2013-3235, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3226, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3230, CVE-2013-3231, CVE-2013-3233, CVE-2013-3234, CVE-2013-3235
MD5 | 4e1c985d29b403f799288923bc9137e9
Ubuntu Security Notice USN-1835-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1835-1 - A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-3301
MD5 | e8287223bb3a4cbda1ad601e35e561ba
Ubuntu Security Notice USN-1836-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1836-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-2094, CVE-2013-3301
MD5 | e7f2d3dd3f83816d80e4726469e910c2
Ubuntu Security Notice USN-1834-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1834-1 - A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-3301
MD5 | c6b9a46792bdfae96f295d4cc75d48f1
Ubuntu Security Notice USN-1833-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1833-1 - Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-1979, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-1979, CVE-2013-3301
MD5 | b0c02cd1572ce7c5ca5ccdf295c70333
Matterdaddy Market 1.4.2 Cross Site Request Forgery / Arbitrary File Upload
Posted May 24, 2013
Authored by KedAns-Dz | Site market.matterdaddy.com

Matterdaddy Market version 1.4.2 and below suffers from cross site request forgery and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, php, vulnerability, file upload, csrf
MD5 | c3bdac570c662a7b34fe12dec5dc0919
Show In Browser 0.0.3 Ruby Gem File Injection
Posted May 24, 2013
Authored by Larry W. Cashdollar | Site rubygems.org

Show In Browser 0.0.3 is a Ruby Gem that suffers from a file injection vulnerability, allowing arbitrary text to be opened in a browser.

tags | advisory, arbitrary, ruby
MD5 | 25467afdaa89839f350b106e096d5abc
AVE.CMS 2.09 Blind SQL Injection
Posted May 23, 2013
Authored by mr.pr0n | Site overdoze.ru

AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the "module" parameter. This is a proof of concept exploit. This issue is addressed in later versions.

tags | exploit, remote, sql injection, proof of concept
MD5 | 0315982b1ccf89c5cfeb0adfb6c968c3
vBulletin 5b SQL Injection
Posted May 23, 2013
Authored by stealth, UberLame | Site zempirians.com

This is an SQL Injection proof of concept that will display information about the vBulletin software and the admin details from the database. It can be adjusted to read any part of the database.

tags | exploit, sql injection, proof of concept
MD5 | cb04d038aff6ab2f0eb48a57ef230a2e
Apple Security Advisory 2013-05-22-1
Posted May 23, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-05-22-1 - QuickTime 7.7.4 is now available and addresses multiple issues including buffer overflows and arbitrary code execution vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022
MD5 | d9eacd7a571e71bf3bf3495c6cfee6f7
IBM WebSphere DataPower 3.8.2 / 4.0.x / 5.0 Cross Site Scripting
Posted May 23, 2013
Authored by A. Falkenberg | Site sec-consult.com

IBM WebSphere DataPower Integration Appliance XI50 versions 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-0499
MD5 | e6077b6c1a6e031fcb765dfc6d829df0
Page 3 of 14
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close