exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 376 RSS Feed

Files Date: 2013-07-01 to 2013-07-31

Drupal Scald 6.x / 7.x Cross Site Scripting
Posted Jul 24, 2013
Authored by Klaus Purer | Site drupal.org

Drupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 31efa592720a283b50038fb9abf65bab1ccd1c7bab69eb9033f029d565ae589e
Magnolia CMS 5.0.1 Community Edition Cross Site Scripting
Posted Jul 24, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Magnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4759
SHA-256 | e1a57d6ef2d1f9af10faf583024ebba7968cc1b930a63061237944f7b16d7b8c
JDWP Exploitation
Posted Jul 24, 2013
Authored by prdelka

This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).

tags | exploit, java, arbitrary, code execution, protocol
SHA-256 | 0adc9316e503d0fe3daa7da5e64d578c4f345eb5aeee58462a82afd7494b1a6d
Juniper JunOS 9.x Cross Site Scripting
Posted Jul 24, 2013
Authored by Andrea Menin

Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.

tags | exploit, xss
systems | juniper
advisories | CVE-2014-3821
SHA-256 | 29ccd87908529598304cd583f8ee5922f7df5671abd5b2cd835597f7343deffd
Basic Forum XSS / CSRF / SQL Injection
Posted Jul 24, 2013
Authored by Sp3ctrecore

Basic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | a1be6c25b484217301eba90ff838bc9a1af185b0119f02b1e6cacaea8446c25c
iPic Sharp 1.2.1 Wifi Script Insertion
Posted Jul 24, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.

tags | exploit, local
systems | cisco, ios
SHA-256 | a5433fa7faac6fc77af274a37017e674b24332ffbee28a83a05ba18a5f260d4c
Easy Blog XSS / SQL Injection / Shell Upload
Posted Jul 24, 2013
Authored by Sp3ctrecore

Easy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
SHA-256 | 92e6510e14c604e95a17cc5ed18c985111677ae10b2de17eea7ab41b69bcd495
FileChucker 4.56t-e07 Shell Upload
Posted Jul 24, 2013
Authored by Iranian_Dark_Coders_Team

FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | f85ccf5bba6e094130c5c3c7cfc595eb7fdac76706f72e68601c8fb4212bc86d
WhatsApp Abuse Issues
Posted Jul 24, 2013
Authored by Curesec Research Team

WhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.

tags | advisory
SHA-256 | 260e26aeec72763f25b273ccb4f424dd4aeffd1b74f89099d65012fdf72375d4
Orbit Downloader SYN Flood
Posted Jul 24, 2013
Authored by Bhadresh Patel

Cyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.

tags | advisory, denial of service
SHA-256 | 90e5f178d86720bbe16c5ed5b968847e9f32057836a9e8e77e7dd1b41134ee7d
vBulletin 4.0.x SQL Injection
Posted Jul 24, 2013
Authored by n3tw0rk

vBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.

tags | exploit, remote, sql injection
SHA-256 | 0a0648a15e33987faeadd862bc64fb7b7f3b30b7a5ca898b18da61ee8e8ce0d2
Mandriva Linux Security Advisory 2013-197
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-1861, CVE-2013-3802, CVE-2013-3804
SHA-256 | 229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2
Red Hat Security Advisory 2013-1103-01
Posted Jul 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2013-4073
SHA-256 | 3af6f62904e5e2f9c0544724370c57e046a437d3917b85caaca4e7f10e3a6731
Ubuntu Security Notice USN-1908-1
Posted Jul 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-2458, CVE-2013-1571, CVE-2013-2407, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451
SHA-256 | c6e86f1288af7e22a761f9d766592dbed8c45c4f2f70fe5359000d1b2b6fc3f9
FOSCAM IP-Cameras Improper Access Restrictions
Posted Jul 23, 2013
Authored by Core Security Technologies, Andres Blanco, Flavio de Cristofaro | Site coresecurity.com

Core Security Technologies Advisory - Due to improper access restrictions, the FOSCAM FI8620 device allows a remote attacker the ability to browse and access arbitrary files from the directories '/tmpfs/' and '/log/' without requiring authentication. This could allow disclosure of access credentials and more.

tags | exploit, remote, arbitrary
advisories | CVE-2013-2574
SHA-256 | adaec8a2f891fe9f46be77e8f4377c1af9e6f99fbc5b6ffa63687d17c42b396c
Nginx 1.3.9 / 1.4.0 Exploit Documentation
Posted Jul 23, 2013
Authored by Kingcope

This whitepaper document how the brute forcing exploit works for a buffer overflow vulnerability in nginx versions 1.3.9 and 1.4.0 on x86.

tags | paper, overflow, x86
advisories | CVE-2013-2028
SHA-256 | 83e7a76cda024bdc1720e8569cb20218c76aa3c5b8a8f5ddfad4818e03f8afe9
Surge FTP 23c8 Buffer Overflow
Posted Jul 23, 2013
Authored by Anil Pazvant

Surge FTP server versions 23c8 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2013-4742
SHA-256 | 8371e4e6a2219b80f0cdd60273de6526a797aaa7f16bbda2d393ad1b7b415834
Juniper Secure Access Cross Site Scripting
Posted Jul 23, 2013
Authored by Anil Pazvant

Juniper Secure Access software suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
systems | juniper
advisories | CVE-2012-5460
SHA-256 | 1e91a40814ce854dfbc08417fc774b84fa293848396a5db20ca9b655cc2fc7d0
AISec2013 Call For Papers
Posted Jul 23, 2013
Site sites.google.com

The AISec2013 Call For Papers has been announced. It will take place on November 4, 2013 in Berlin, Germany held in conjunction with ACM CCS 2013.

tags | paper, conference
SHA-256 | 53efede4578c200fd9c576434367a341ae6f2db5816ac342f3f7e01796a79fd2
D-Link Devices UPnP SOAP Command Execution
Posted Jul 23, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the CMD target. Additionally, two targets are included, to start a telnetd service and establish a session over it, or deploy a native mipsel payload. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit
advisories | OSVDB-94924
SHA-256 | 01d435ac6d062114f47621077e0eb7f0d7eaf8b4b14cc6838696243a3e34377f
Foreman (Red Hat OpenStack/Satellite) Code Injection
Posted Jul 23, 2013
Authored by Ramon de C Valle | Site metasploit.com

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).

tags | exploit
systems | linux, redhat
advisories | CVE-2013-2121, OSVDB-94671
SHA-256 | c5c9607b201bbed12138b9c01832cadc3f0585df9c929779954f3b1deff22316
VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload
Posted Jul 23, 2013
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in VMware vCenter Chargeback Manager, where the ImageUploadServlet servlet allows unauthenticated file upload. The files are uploaded to the /cbmui/images/ web path, where JSP code execution is allowed. The module has been tested successfully on VMware vCenter Chargeback Manager 2.0.1 on Windows 2003 SP2.

tags | exploit, web, code execution, file upload
systems | windows
advisories | CVE-2013-3520, OSVDB-94188
SHA-256 | b08962941512b5b8079fa8c0192f78e7fa07e4194e7eadc4c084e0b8ccd390a5
Fwknop Port Knocking Utility 2.5
Posted Jul 22, 2013
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release added support for HMAC SHA-256 authenticated encryption in the encrypt-then-authenticate model. Many bugs discovered by the Coverity static analyzer were fixed. OpenSSL compatibility tests were added to the test suite. Client stanza saving ability was added for the ~/.fwknoprc file, simplifying fwknop client usage. The ability to automatically generate both Rijndael and HMAC keys with --key-gen was added.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | ebf0f5a55992e516fa44063993cbcc51bb9555cef769ac9ab5d8be77a8df99dc
Artweaver 3.1.5 Buffer Overflow
Posted Jul 22, 2013
Authored by Core Security Technologies, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - Artweaver is prone to a security vulnerability when processing AWD files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Artweaver users to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2576
SHA-256 | 8873c3cc679a450c834c0d3effea661d00b6fc7035c223ebc4f127cdeecfa1c1
XnView 2.03 Buffer Overflow
Posted Jul 22, 2013
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - XnView is prone to a security vulnerability when processing PCT files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2577
SHA-256 | ca26300ca7108c01d37afc023226b062ec8f28da70b639d5efffa6f4508c47ce
Page 4 of 15
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close