seeing is believing
Showing 1 - 9 of 9 RSS Feed

Files Date: 2013-08-19 to 2013-08-20

Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | d3b7d95ba0be7fa25a186fccfcc35995
Packet Storm Exploit 2013-0819-1 - Oracle Java BytePackedRaster.verify() Signed Integer Overflow
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | e8c53973c75ea825b56675a356e6958a
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
Posted Aug 19, 2013
Authored by Scott Buckel | Site packetstormsecurity.com

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.

tags | exploit, remote, bug bounty, packet storm
advisories | CVE-2013-0632
MD5 | 448afcee7a93835f1d3e30d4fa429c9f
Tinc Virtual Private Network Daemon 1.0.22
Posted Aug 19, 2013
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release fixes the combination of Mode = router and DeviceType = tap, sets the $NAME variable in subnet-up/down scripts, gives an error when unknown options are given on the commandline, and correctly handles a space between a short commandline option and an optional argument.
tags | encryption
systems | unix
MD5 | cc1346150715bd56070695af85ab39f4
Microsoft Security Bulletin Re-Release For August, 2013
Posted Aug 19, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for August, 2013.

tags | advisory
MD5 | 599ed7e5dc6278f550a883e30cfd076f
Sitecom N300 / N600 Access Bypass
Posted Aug 19, 2013
Authored by Roberto Paleari, Alessandro Di Pinto

Sitecom N300 and N600 devices suffer from multiple issues that allow for access bypass. These include an undocumented telnet service, weak WPA2 password generation, and hard-coded credentials.

tags | exploit, bypass
MD5 | e5c1ad2ae8ab2031a7607eca1478c472
Red Hat Security Advisory 2013-1157-01
Posted Aug 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1157-01 - Red Hat CloudForms Management Engine provides the insight, control, and automation needed to address the challenges of managing virtual environments. An input sanitization flaw was found in Red Hat CloudForms Management Engine. A user with administrative access to Red Hat CloudForms Management Engine could use this flaw to execute arbitrary Ruby code with root privileges. This issue was discovered by James Laska of Red Hat.

tags | advisory, arbitrary, root, ruby
systems | linux, redhat
advisories | CVE-2013-4172
MD5 | b2d5a86f0b41e4221e7a8b6e9816306a
Debian Security Advisory 2738-1
Posted Aug 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2738-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.

tags | advisory, denial of service, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073
MD5 | e7041816e809e16607c33535519cca84
TrojanDropper.Win32-Rovnix.l Malware Report
Posted Aug 19, 2013
Authored by Rick Flores

This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as TrojanDropper.Win32-Rovnix.l.

tags | paper
systems | windows
MD5 | 96aa65eb70f902e0fcafa371aef14249
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close