what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-08-06 to 2013-08-07

Slackware Security Advisory - bind Updates
Posted Aug 6, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4854.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4854
SHA-256 | fc96f82d7269e1b2e9f49331cf9d134e3b7ff653a3fbebacd5125612df832900
Facebook Friends Disclosure
Posted Aug 6, 2013
Authored by Bhavesh Naik

If you know a valid email address of a given Facebook user, you can find out who their friends are.

tags | exploit, info disclosure
SHA-256 | 614c97918d735e258d69a47faa3eff888d0714d22b018062030f92ec7bae52f0
WordPress Usernoise 3.7.8 Cross Site Scripting
Posted Aug 6, 2013
Authored by RogueCoder

WordPress Usernoise plugin version 3.7.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | db7c5a2b116ba3950246ce1b8a012febe9cad0c08449aaec1a8a3716fe91cdf7
Adventures In Automotive Networks And Control Units
Posted Aug 6, 2013
Authored by Chris Valasek, Charlie Miller

Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, the authors demonstrate how on two different vehicles that in some circumstances they are able to control the steering, braking, acceleration and display. They also propose a mechanism to detect these kinds of attacks. All technical information and code needed to reproduce these attacks is included in this archive. This was released to the community as promised by the researchers who presented their findings at Defcon 21.

tags | exploit, remote, code execution
SHA-256 | 794a8286ed148e6a725895876ffebe1b0e584fd41753499c11022ae5b23ac94c
Tor Firefox Malicious Javascript
Posted Aug 6, 2013

This is the unsanitized version of the Firefox malicious javascript exploit that was targeting Tor users. It is suspected that this code was used by the FBI to gain identifying information on Tor users.

tags | exploit, javascript
systems | linux
SHA-256 | 2de8af4e04de4f02b6f0621b345ec52277d9af10f102c06f58593f7f996c32c2
Vodafone EasyBox Default WPS PIN Algorithm Weakness
Posted Aug 6, 2013
Authored by S. Viehbock | Site sec-consult.com

Vodafone EasyBox versions 802 and 803 suffer from a default WPS PIN algorithm weakness. The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address.

tags | exploit
SHA-256 | 289f3c58cfede8c1346e1a846dc8ad72e079b2ff4985c9f67e119e67dffb4df5
Joomseller Events Booking Pro / JSE Event Cross Site Scripting
Posted Aug 6, 2013
Authored by Gaston Traberg

Joomseller Events Booking Pro version 5 and JSE Event versions prior to 1.0.1 suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d7e6b907afc1ec41cdce14807e9e5304c5ae58bfd6f48ea3a7a8eea0b35d1183
Huawei B153 3G/UMTS Router WPS Weakness
Posted Aug 6, 2013
Authored by Roberto Paleari, Alessandro Di Pinto

The Huawei B153 3G/UMTS router suffers from a WPS weakness that allows for authentication bypass.

tags | advisory
SHA-256 | e1b8d9adad2ae18e4390edb89b02911dcc7c522de998b02c605cb12990494dc5
Joomla 3.1.5 Cross Site Scripting
Posted Aug 6, 2013
Authored by Emilio Pinna

Joomla versions 3.1.5 and 3.1.4 suffer from a reflective cross site scripting vulnerability in example.php.

tags | exploit, php, xss
SHA-256 | 505f805cbabe1c1344542d455a87ded89cd66960ecb7055c0c0e53332da1021d
HP LaserJet Credential Disclosure / Missing Authentication
Posted Aug 6, 2013
Authored by Michal Sajdak

Multiple HP LaserJet printers have hidden URLs hardcoded in the firmware that fail to authenticate access and disclose sensitive data including the administrative password.

tags | exploit, info disclosure
SHA-256 | eab87d2d11e284bc6bc8876cb5065c89364d012be92697502305eb5701ada6c2
PuTTY 0.62 Heap Overflow
Posted Aug 6, 2013
Authored by Gergely Eberhardt

PuTTY versions 0.62 and below suffer from an SSH handshake heap overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2013-4852
SHA-256 | e29077b43031296e74b1211a81e961e5d6dfe9cf8695d7e7b120536e82fc21a0
TOR Firefox 0-day
Posted Aug 6, 2013

This is the malicious javascript for the Firefox 0-day created to target Tor users leveraging the .onion sneaker net. The shellcode is supposedly neutered but test at your own risk.

tags | exploit, javascript, shellcode
SHA-256 | cd7185f9fab4c31772e0a6ba5866007d3c7403dddb2a876e9d5cfde0641934ad
Booking Calendar 4.1.4 Cross Site Request Forgery
Posted Aug 6, 2013
Authored by Dylan Irzi

Book Calendar WordPress plugin version 4.1.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 6d30a8638065d1685f1f8a6d384817e27bd1bc069b4525025f8cf060ba14c636
VoIP Wars: Return Of The SIP
Posted Aug 6, 2013
Authored by Fatih Ozavci

These are the presentation slides from "VoIP Wars: Return of the SIP" as presented at Defcon 21 in Las Vegas.

tags | paper
SHA-256 | b8a1c2dd94a7b8b91a355e18362e46e83c30a286f91570bba6af13abe725558f
FTP OnConnect 1.4.11 File Inclusion / Shell Upload / XSS
Posted Aug 6, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

FTP OnConnect version 1.4.11 for iOS suffers from cross site scripting, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, xss, file inclusion
systems | cisco, ios
SHA-256 | bb55ba47f6a209dbe1f097db9b534ff474623b79856c410adde1ba4910ba1d61
withU Music Share 1.3.7 Command Injection
Posted Aug 6, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

withU Music Share version 1.3.7 for iOS suffers from a command injection vulnerability.

tags | exploit
systems | cisco, ios
SHA-256 | 65c6ae752918c5271605b01b555331833389c6e6428012bac903c745772cb943
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close