the original cloud security
Showing 101 - 125 of 342 RSS Feed

Files Date: 2013-05-01 to 2013-05-31

AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
Posted May 23, 2013
Authored by Felipe Andres Manzano, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Integrity Level privileges from a Low Integrity AcroRd32.exe process. This Metasploit module has been tested successfully on Adobe Reader X 10.1.4 over Windows 7 SP1.

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2013-2730, OSVDB-93355
MD5 | 57bf591f804bc6819ba2e4dbd94f1fb1
Weyal CMS SQL Injection
Posted May 23, 2013
Authored by XroGuE | Site Att4ck3r.ir

Weyal CMS suffers from a remote SQL injection vulnerability. Note that this finding has site-specific information.

tags | exploit, remote, sql injection
MD5 | 4c23f311caec49781fb159d29296d8fc
Dissecting Blackberry 10 - An Initial Analysis
Posted May 23, 2013
Authored by A. Antukh | Site sec-consult.com

This is a whitepaper titled "Dissecting Blackberry 10 - An Initial Analysis" and discusses the specifics of the Blackberry 10 operating system, fuzzers, dumping the boot sector and other topics.

tags | paper, fuzzer
MD5 | c1d4f6873f14c3cf6a8984889a26313d
Fuzzing: An Introduction To Sully Framework
Posted May 23, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

This paper is an introduction to the world of fuzzing by exploring the Sulley Fuzzing Framework.

tags | paper, fuzzer
MD5 | a2da69544935d46674e792fbedfe927f
Debian Security Advisory 2672-1
Posted May 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2672-1 - Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution.

tags | advisory, arbitrary, kernel, code execution
systems | linux, freebsd, debian
advisories | CVE-2013-3266
MD5 | 1ca34f72f9f884a739a80d4b3aa86d8e
Debian Security Advisory 2671-1
Posted May 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2671-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-4733, CVE-2013-3368, CVE-2013-3369, CVE-2013-3370, CVE-2013-3371, CVE-2013-3372, CVE-2013-3373, CVE-2013-3374
MD5 | 23cdb825be02348e88f115a8f44eedc7
Red Hat Security Advisory 2013-0856-01
Posted May 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0856-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. The Token Processing System is a PKI subsystem that acts as a Registration Authority for authenticating and processing enrollment requests, PIN reset requests, and formatting requests from the Enterprise Security Client. A format string flaw was found in the TPS subsystem. An authenticated Certificate System user could use this flaw to crash the Apache HTTP Server child process, possibly interrupting the processing of other users' requests, or possibly execute arbitrary code with pkiuser privileges.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-1885, CVE-2013-1886
MD5 | f04d54100b04414df3e7cbd9b714db57
Red Hat Security Advisory 2013-0855-01
Posted May 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0855-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432
MD5 | 8c095aa32a8010740e915497eb433dad
Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection
Posted May 22, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 1eaa7cb9bcc95f42fb737185ee768e3d
Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection
Posted May 22, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | ef43d2cf678bd3af7340cf9881abded6
Obeseus Distributed Denial Of Service Detector 7.1a
Posted May 22, 2013
Authored by Mark Osborne, Simon Ratcliffe | Site loud-fat-bloke.co.uk

Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) and BOGON misuse. It also detects application misuse in HTTP and UDP.

tags | tool, denial of service
systems | linux, unix
MD5 | e0f952f1168c8ffb7518029bf1bff758
Wordpress Flagallery-Skins SQL Injection
Posted May 22, 2013
Authored by Ashiyane Digital Security Team

Wordpress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, sql injection
MD5 | dbcc3fde5060a4f13f6a73b13f68dd54
Infotecs ViPNet Products Privilege Escalation
Posted May 21, 2013
Authored by Maksim Chudakov, Andrey Kurtasanov

A common local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), and ViPNet Personal Firewall version 3.1. Prior versions of these products are also affected.

tags | advisory, local
systems | windows
advisories | CVE-2013-3496
MD5 | 6074521c4d2334964c1d65fba194980c
Slackware Security Advisory - kernel Updates
Posted May 21, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix a security issue.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2013-2094
MD5 | e50f438e4b40cbc8413dc87b5c6904bb
Red Hat Security Advisory 2013-0847-01
Posted May 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0847-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain, leading to a denial of service.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2013-0153
MD5 | 63ee7ee528f9f42d7c3ff3734baca265
Red Hat Security Advisory 2013-0848-01
Posted May 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0848-01 - Red Hat Network Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was discovered that Red Hat Network Satellite did not fully check the authenticity of a client beyond the initial authentication check during an Inter-Satellite Sync operation. If a remote attacker were to modify the satellite-sync client to skip the initial authentication call, they could obtain all channel content from any Red Hat Network Satellite server that could be reached, even if Inter-Satellite Sync support was disabled.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2056
MD5 | d6a5f302947c1aa2cbd86f92d8f95af1
Ubuntu Security Notice USN-1832-1
Posted May 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1832-1 - Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1960, CVE-2013-1961
MD5 | 917b5abea1b30ca3baa8d16089a87949
Mandriva Linux Security Advisory 2013-166
Posted May 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-166 - The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue.

tags | advisory, udp
systems | linux, mandriva
advisories | CVE-2002-2443
MD5 | fb8357773777991ef6503f2b723f896e
Kimai 0.9.2.1306-3 SQL Injection
Posted May 21, 2013
Authored by drone | Site kimai.org

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
systems | linux, windows
MD5 | ab547448d5e955197b1fe4c76b7432ea
Ophcrack 3.50 Buffer Overflow / Code Execution
Posted May 21, 2013
Authored by xis_one | Site ophcrack.sourceforge.net

Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution.

tags | exploit, overflow, local, code execution
systems | windows
MD5 | a93ad9e8727db7e02b96e7be492f4360
Linksys WRT160n apply.cgi Remote Command Injection
Posted May 21, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 - firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.

tags | exploit, web
advisories | OSVDB-90093
MD5 | c6c565057b83cf3f31573084b028cdd3
Sony PS3 Firmware 4.31 Code Execution
Posted May 21, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable PlayStation 3 menu main web context.

tags | exploit, web, local, code execution
MD5 | 1c6c7a1403bf81dd46d269b7c8fde7e1
Trend Micro DirectPass 1.5.0.1060 Command Injection / Denial Of Service
Posted May 21, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, and a denial of service vulnerability.

tags | exploit, denial of service, local, code execution
MD5 | 509761d8b43ba89f7449452a39927283
Reverse Engineering Camera Firmware
Posted May 21, 2013
Authored by Prayas Kulshrestha

This paper provides a walk-through on using binwalk and gzip to get to the disk image contained within a Sercomm IP Camera .bin firmware update.

tags | paper
MD5 | 4e01a8c333dce3b11e0d3fab052044e2
Red Hat Security Advisory 2013-0834-02
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0834-02 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-4529, CVE-2012-4572, CVE-2012-5575
MD5 | b73b7f57127b5a833795e65c00d1d852
Page 5 of 14
Back34567Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close