what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-08-02 to 2013-08-03

Rite CMS 1.0.0 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 2, 2013
Authored by Yashar shahinzadeh

Rite CMS version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 1274a580577223e4a8e33ef173e481387afb85ac8e06196222bd514a174e4014
HP Security Bulletin HPSBUX02909
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02909 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
SHA-256 | bd3989e7ffbbe4edf07702f6c532013ec639b2e618c84b0b6cbbc46c178961ac
Telmanik CMS Press 1.01b SQL Injection
Posted Aug 2, 2013
Authored by Anarchy Angel

Telmanik CMS Press version 1.01b suffers from a remote SQL injection vulnerability in pages.php.

tags | exploit, remote, php, sql injection
SHA-256 | 85f94ea9cab330c2a49df8176d99d6957108fa4f82dfd45fb569414eb62cc04a
D-Link DIR-645 Buffer Overflow / Cross Site Scripting
Posted Aug 2, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from buffer overflow and cross site scripting vulnerabilities.

tags | exploit, overflow, vulnerability, xss
SHA-256 | 6c293bd3da2a28b48d005775dfec0ff6ae18ffecedfc9f5d9fee044e1dacaee2
INSTEON Hub 2242-222 Lack Of Authentication
Posted Aug 2, 2013
Authored by David Bryan | Site trustwave.com

INSTEON Hub version 2242-222, a home automation controller for INSTEON and X10 compatible devices, fails to authenticate access to various APIs.

tags | exploit
advisories | CVE-2013-4859
SHA-256 | 344b9d157fcf088c208cd232978729ba893b86e4c1f8d79ddb434b8c739b31b1
Radio Thermostat Of America, Inc Lack Of Authentication
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API.

tags | exploit
advisories | CVE-2013-4860
SHA-256 | ddb62d7e2cdd7b877be375ce3503ead041eecf8f4c500d94945c215ccd64bcb5
Karotz Smart Rabbit 12.07.19.00 Hijacking / Cleartext Token
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities.

tags | exploit, vulnerability, python
advisories | CVE-2013-4868, CVE-2013-4867
SHA-256 | 89ac63705c52fad81984e28370079412330c777051779d769ad506e815011359
LIXIL Satis Toilet Hard-Coded Bluetooth PIN
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory.

tags | exploit
advisories | CVE-2013-4866
SHA-256 | 59e34c3c147f00689fcded58d1f6ab5a5fb010be87beb1a7464a18915563cc9f
MiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

MiCasaVerde VeraLite version 1.5.408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2013-4861, CVE-2013-4862, CVE-2013-4863, CVE-2013-4865
SHA-256 | f9a3f43c8dc78da3ef4d700ca406a351a37737ce36a34b9e1883287aa0b5874d
HP Security Bulletin HPSBUX02908
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02908 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2433, CVE-2013-2437, CVE-2013-2442, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469
SHA-256 | 2c32668d8e5c9a198b03b4ff33351ea8b85b647f21ba4a96c3e2a860907e8a6b
HP Security Bulletin HPSBUX02907
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02907 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465
SHA-256 | 66e62742080b7c1654084fad9d12f4e8f66d7fcc5539ac51d77c54a620614e6e
SilverStripe CMS 3.0.3 Information Disclosure
Posted Aug 2, 2013
Authored by Fara Denise Rustein

SilverStripe CMS version 3.0.3 suffers from an information exposure issue through query strings in GET requests.

tags | exploit
advisories | CVE-2013-2653
SHA-256 | b253aeaf567f0b65c0cda5262c42aa41f9cbc6b6ddccc45eaf619117096d1e74
Netsniff-NG High Performance Sniffer 0.5.8 RC2
Posted Aug 2, 2013
Authored by Tobias Klauser, Daniel Borkmann | Site code.google.com

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: Build system fixes and clean ups. Mausezahn man pages improvements. Compiler warnings fixed. Support for replaying/reading pcap capture files from/to tunnel devices.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
SHA-256 | 72e802f84e9a2666d71a07b9b2fee2f975659fa1a31baeb810c3bb775f538738
Fully Arbitrary 802.3 Packet Injection: Maximizing The Ethernet Attack Surface
Posted Aug 2, 2013
Authored by Andrea Barisani, Daniele Bianco | Site inversepath.com

It is generally assumed that sending and sniffing arbitrary, Fast Ethernet packets can be performed with standard Network Interface Cards (NIC) and generally available packet injection software. However, full control of frame values such as the Frame Check Sequence (FCS) or Start-of-Frame delimiter (SFD) has historically required the use of dedicated and costly hardware. This presentation, given at Blackhat 2013, dissects Fast Ethernet layer 1 and 2 presenting novel attack techniques supported by an affordable hardware setup that, using customized firmware, allows fully arbitrary frame injection. Proof of concept code also included.

tags | paper, arbitrary, proof of concept
systems | linux
SHA-256 | bb338be7787778fc49af36b5ed03c58f82629edba14f5a75966b83f8bf58fd3c
Fluidgalleries Photo Upload Shell Upload
Posted Aug 2, 2013
Authored by Iranian_Dark_Coders_Team

Fluidgalleries Photo Upload suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 68e2812789c47bd7158f44b95c822d5fff3b9a8a96664f0a9eb87a4c52376ee7
Digital Whisper Electronic Magazine #44
Posted Aug 2, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 44. Written in Hebrew.

tags | magazine
SHA-256 | 193ac75bcf6c6de0734d8c9ce20cbfb39ee9104c1ac3912b757602d59d66a393
vtiger CRM 5.4.0 Authentication Bypass
Posted Aug 2, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.

tags | advisory, bypass
advisories | CVE-2013-3215
SHA-256 | 4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da
Siemens WinCC (TIA Portal) CSRF / URL Redirection
Posted Aug 2, 2013
Authored by Siemens ProductCERT | Site siemens.com

Siemens has updated WinCC SCADA and TIA Portal to address cross site request forgery and URL redirection vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2013-4911, CVE-2013-4912
SHA-256 | 0dcdf53dc204698a0f794d13e134ead3a850e0ff3d539c62279dbbbf78e5afef
Mandriva Linux Security Advisory 2013-205
Posted Aug 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-205 - A vulnerability has been discovered and corrected in gnupg and in libgcrypt. Yarom and Falkner discovered that RSA secret keys in applications using GnuPG 1.x, and using the libgcrypt library, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-4242
SHA-256 | 288a8d5643e7fb7a1b87ff7609e628b2915d2cebf598e44fcb359f5b1096180f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close