seeing is believing
Showing 151 - 175 of 377 RSS Feed

Files Date: 2013-07-01 to 2013-07-31

Drupal MRBS 6.x / 7.x CSRF / SQL Injection
Posted Jul 18, 2013
Authored by Michael Hess | Site drupal.org

Drupal MRBS third party module versions 6.x and 7.x suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection, csrf
MD5 | 83751558678080d7b308f4520f8f9b21
NanoSSH Denial Of Service
Posted Jul 18, 2013
Authored by Marcus Meissner

NanoSSH on Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
MD5 | 13b0b3d42c5c2f2a3323ca586fa619e9
Using A Password With A Netcat Shell
Posted Jul 18, 2013
Authored by Vittorio Milazzo

This is a brief write up that provides a shell script for passwording a shell bound with netcat.

tags | paper, shell
MD5 | 51e9b10d4fe378456c10d15d7eae41e1
HP Security Bulletin HPSBHF02888 2
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02888 2 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2340, CVE-2013-2341
MD5 | 70a22fd066212ca3be2314cc37910381
Flux Player 3.1.0 LFI / Shell Upload
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Flux Player version 3.1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
MD5 | c8a1a6eeadc94b5ac41f3d90b768ad6f
OpenCMS 8.5.1 Cross Site Scripting
Posted Jul 18, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4600
MD5 | e4db0b72d8295705b0b1e7ccb3940c1f
WiFly 1.0 Pro Local File Inclusion / Shell Upload
Posted Jul 18, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WiFly version 1.0 Pro for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
MD5 | e1adb7dcb305c1fedf0e0491571423dd
EMC Avamar 7.0 XSF / Improper Authorization
Posted Jul 18, 2013
Site emc.com

EMC Avamar version 7.0 suffers from improper authorization checks and cross frame scripting vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2013-3274, CVE-2013-3275
MD5 | 1d254f46ca39e8972770cd4f9cf40be4
Cisco Security Advisory 20130717-cucm
Posted Jul 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM. Cisco has released a Cisco Options Package (COP) file that addresses three of the vulnerabilities documented in this advisory. Cisco is currently investigating the remaining vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, vulnerability
systems | cisco
MD5 | 2f40b44b2c9f207decb8324056950c86
Ubuntu Security Notice USN-1904-2
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0339, CVE-2013-2877
MD5 | 299e2e1ef39b895ca37b71f7b3fddc31
Debian Security Advisory 2723-1
Posted Jul 17, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2723-1 - It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2013-4113
MD5 | f1a3cbc47939b9fe8b5c22cf6225d053
Red Hat Security Advisory 2013-1090-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1090-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.

tags | advisory, spoof, ruby
systems | linux, redhat
advisories | CVE-2013-4073
MD5 | c4f94b7db80e7d1277b17dd99343c945
Slackware Security Advisory - php Updates
Posted Jul 17, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4113.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-4113
MD5 | 3623943ea2d014bc4d6c9f7cb329339a
MiniDLNA SQL Injection / Buffer Overflow
Posted Jul 17, 2013
Authored by Craig Young

MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
advisories | CVE-2013-2738, CVE-2013-2739, CVE-2013-2745
MD5 | a57c4f7b7f8774d800886893643fc573
Voice Logger SQL Injection / File Download
Posted Jul 17, 2013
Authored by Michal Blaszczak

Voice Logger suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as an arbitrary file download vulnerability.

tags | exploit, remote, arbitrary, sql injection
MD5 | 7a734355a08a5515b681f2f4bdfc425b
HP Security Bulletin HPSBGN02882
Posted Jul 17, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02882 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA) using SSL (Secure Sockets Layer). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-2365
MD5 | 9289e8bab250ec2037bc0b20e45f8b5a
HP Security Bulletin HPSBMU02870 SSRT101012 2
Posted Jul 17, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02870 SSRT101012 2 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized access. Revision 2 of this advisory.

tags | advisory
systems | linux, windows, solaris, hpux
advisories | CVE-2013-2351
MD5 | 9cb9aca90ffc61830e9b1de84e16b9e4
Samsung Galaxy S3/S4 SMS Spoofing
Posted Jul 17, 2013
Authored by Z.X.

The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content.

tags | advisory, arbitrary, spoof
advisories | CVE-2013-4764, CVE-2013-4763
MD5 | 4d798f1b865ddfda3b09cc7cdfb713b0
Apache Struts 2 Open Redirection / Command Execution
Posted Jul 17, 2013
Authored by Rene Gielen | Site struts.apache.org

Apache Struts versions prior to 2.3.15.1 suffer from code execution and open redirection vulnerabilities.

tags | advisory, vulnerability, code execution
MD5 | 07d3d4f34e77cbbf334696c847e2963d
Red Hat Security Advisory 2013-1081-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1081-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743
MD5 | 622a49e7ea88d6f7bb114148c8b2eaef
Red Hat Security Advisory 2013-1080-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1080-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634, CVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3301
MD5 | fdaa81061edcdc406529a37295782daa
Kate's Video Toolkit 7.0 Crash
Posted Jul 17, 2013
Authored by ariarat

Kate's Video Toolkit version 7.0 crash proof of concept denial of service exploit that creates a malicious WAV file.

tags | exploit, denial of service, proof of concept
MD5 | 69ea1e39b78809f65eefc2ff0a8effff
Ubuntu Security Notice USN-1907-2
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1907-2 - USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-2458) Various other issues were also addressed.

tags | advisory, web, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-2458, CVE-2013-1571, CVE-2013-2407, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473
MD5 | cc9fbe74762b0dae450c2084291ba48c
Light Audio Mixer 1.0.12 Crash
Posted Jul 17, 2013
Authored by ariarat

Light Audio Mixer version 1.0.12 crash proof of concept denial of service exploit that creates a malicious WAV file.

tags | exploit, denial of service, proof of concept
MD5 | dba2db3d443ddc2cf9785e267be24b51
Ubuntu Security Notice USN-1907-1
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1907-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-2458, CVE-2013-1571, CVE-2013-2407, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451
MD5 | ca598962bcc5dece50b6bd03d2cf68c5
Page 7 of 16
Back56789Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close