what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-07-24 to 2013-07-25

WordPress Duplicator 0.4.4 Cross Site Scripting
Posted Jul 24, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4625
SHA-256 | c11bcdd0311e215255171e238d9b2a4a5c5cbb4a495aa33f118f1d414bc6792b
Windu CMS 2.2 Cross Site Scripting
Posted Jul 24, 2013
Authored by LiquidWorm | Site zeroscience.mk

Windu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 983c1316e05ee3e68fccee8c5baa23d337d5c12ebe07bd048da47708da19351a
AutoCAD DWG-AC1021 Heap Corruption
Posted Jul 24, 2013
Authored by Joshep J. Cortez Sanchez

AutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.

tags | advisory, arbitrary
advisories | CVE-2013-3665
SHA-256 | 219a7db1a561eff423e65169d002771554f84e51f9e61f3996c00b73c866de51
Mandriva Linux Security Advisory 2013-198
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0339, CVE-2013-2877
SHA-256 | 0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791d
Drupal Scald 6.x / 7.x Cross Site Scripting
Posted Jul 24, 2013
Authored by Klaus Purer | Site drupal.org

Drupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 31efa592720a283b50038fb9abf65bab1ccd1c7bab69eb9033f029d565ae589e
Magnolia CMS 5.0.1 Community Edition Cross Site Scripting
Posted Jul 24, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Magnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4759
SHA-256 | e1a57d6ef2d1f9af10faf583024ebba7968cc1b930a63061237944f7b16d7b8c
JDWP Exploitation
Posted Jul 24, 2013
Authored by prdelka

This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).

tags | exploit, java, arbitrary, code execution, protocol
SHA-256 | 0adc9316e503d0fe3daa7da5e64d578c4f345eb5aeee58462a82afd7494b1a6d
Juniper JunOS 9.x Cross Site Scripting
Posted Jul 24, 2013
Authored by Andrea Menin

Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.

tags | exploit, xss
systems | juniper
advisories | CVE-2014-3821
SHA-256 | 29ccd87908529598304cd583f8ee5922f7df5671abd5b2cd835597f7343deffd
Basic Forum XSS / CSRF / SQL Injection
Posted Jul 24, 2013
Authored by Sp3ctrecore

Basic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | a1be6c25b484217301eba90ff838bc9a1af185b0119f02b1e6cacaea8446c25c
iPic Sharp 1.2.1 Wifi Script Insertion
Posted Jul 24, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.

tags | exploit, local
systems | cisco, ios
SHA-256 | a5433fa7faac6fc77af274a37017e674b24332ffbee28a83a05ba18a5f260d4c
Easy Blog XSS / SQL Injection / Shell Upload
Posted Jul 24, 2013
Authored by Sp3ctrecore

Easy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
SHA-256 | 92e6510e14c604e95a17cc5ed18c985111677ae10b2de17eea7ab41b69bcd495
FileChucker 4.56t-e07 Shell Upload
Posted Jul 24, 2013
Authored by Iranian_Dark_Coders_Team

FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | f85ccf5bba6e094130c5c3c7cfc595eb7fdac76706f72e68601c8fb4212bc86d
WhatsApp Abuse Issues
Posted Jul 24, 2013
Authored by Curesec Research Team

WhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.

tags | advisory
SHA-256 | 260e26aeec72763f25b273ccb4f424dd4aeffd1b74f89099d65012fdf72375d4
Orbit Downloader SYN Flood
Posted Jul 24, 2013
Authored by Bhadresh Patel

Cyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.

tags | advisory, denial of service
SHA-256 | 90e5f178d86720bbe16c5ed5b968847e9f32057836a9e8e77e7dd1b41134ee7d
vBulletin 4.0.x SQL Injection
Posted Jul 24, 2013
Authored by n3tw0rk

vBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.

tags | exploit, remote, sql injection
SHA-256 | 0a0648a15e33987faeadd862bc64fb7b7f3b30b7a5ca898b18da61ee8e8ce0d2
Mandriva Linux Security Advisory 2013-197
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-1861, CVE-2013-3802, CVE-2013-3804
SHA-256 | 229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2
Red Hat Security Advisory 2013-1103-01
Posted Jul 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2013-4073
SHA-256 | 3af6f62904e5e2f9c0544724370c57e046a437d3917b85caaca4e7f10e3a6731
Ubuntu Security Notice USN-1908-1
Posted Jul 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-2458, CVE-2013-1571, CVE-2013-2407, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451
SHA-256 | c6e86f1288af7e22a761f9d766592dbed8c45c4f2f70fe5359000d1b2b6fc3f9
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close