The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.
9fd26d41fd22e4129c77a4d73ea91dc162b341382d20abaf8a4da3c11006e787The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
b839d5970482f3cd66e3ee8e41489d0f6ff55dcbb61c65d376fe88669b834be3oclHashcat+ is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more.
545bbaa4ea4fb45a4c4af365e880c56dce8d8bd9c8d73ad2f9cdc16b5df47f14This bulletin summary lists four re-released Microsoft security bulletins for August, 2013.
8785bf1419d277108c889ac3baa9bbd0bc93dd5beb125a2286b87baacd8a5181The Call For Papers for POC2013 has been released. The 8th POC "POC2013" will be held in Seoul, Korea November 7th through the 8th.
89f88102d7da0900b29a04c909c390c3de61797ee6373ef5f850b691fb9fc994IBM Lotus iNotes suffered from four cross site scripting vulnerabilities.
618ce3eda1131f575c8580bda8bf0d3b521173ae62782e832850453ccb773385Atlassian Confluence versions 3.x and 4.x allow for anonymous users to list all registered users of the system. The vendor does not believe this is a security concern.
4a4c16d6b5e27d2551991426235eaa47ad13ed9c1e9766bd8e50813c068e0802Debian Linux Security Advisory 2743-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak.
569d8b0cda13d3a73e841bf15e6cefd040a645974771d3bc8fc7fc5adeea0929Red Hat Security Advisory 2013-1173-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash.
9700f82bdc10eeda814ac97795a008dafe46c72aa62da3f3cb548d663ffbe8f8Red Hat Security Advisory 2013-1181-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.
c9ef6b0e618b611300179156206106cdff91ea723fef48c2288632319326506aMandriva Linux Security Advisory 2013-222 - It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker.
b9b2e0d9a30061a4929ce87461ea0acf12f98e9413ea4e6c9ff8fcd444c02674Debian Linux Security Advisory 2744-1 - Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.
28493f2a76208a5335d6abcb7ed91978040d7a674fc1aa40821edf071e19f880Mandriva Linux Security Advisory 2013-221 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Additionally a patch has been applied to fix an UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248. The updated packages have been patched to correct these issues.
645f59943e5f467ddce2176dbf8da00053c3a0235f9de73ed2f48beec92773ebMandriva Linux Security Advisory 2013-220 - Three buffer overflows in Little CMS version 1.19 that could possibly be exploited through user input.
e42dc83e33c2698de8d2f76eb73c5a30901010106bb9f9cd591c46164807717bThe Opera Speed Dial extensions suffer from cross site request forgery and cross site scripting vulnerabilities.
6f6cb4062f0f63fde672c830d1a7d39c6f57f0a6ea74a83d42cc11a3f35f9611WinAmp version 5.63 buffer overflow exploit that leverages how skins are handled incorrectly.
b7b8323d0f2912432388831222006fc44f18caa39d9dfcb7d498e1994fe67ee5Debian Linux Security Advisory 2742-1 - It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be abused for impersonating other users.
94d9e680a062358787e25ec659acc74944e9b260376d2f8e2978f25085b91e0eThis Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.
861501e9890ef0e4cff6780f3ce32dadf2038337f7e60f127a1275773d181e73Belkin G Wireless Router remote code execution proof of concept exploit.
43beacbd1d2f3672fb7be34a7a3f2b6f9fabf3623fbe5cb404ae146733cc6365Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.
40a0643dbab499a3f46d60fad23c407a10df8680b8e1f4e8115ef3aed8b93719CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.
f65adb8d5d4537a8f1aff22cba3e550a87e391426812fdba7c08849a765bdb48libtiff versions 3.9.5 and below suffer from an integer overflow vulnerability.
e047e24940fc1946d2bd9e6123520ff4837f2a59b4ec6f49e5d2d1e28babd003WordPress Simple Login Registration version 1.0.1 suffers from a cross site scripting vulnerability.
8eaaf8d9c59f71217d63637d3dbbbe789fbc7b92081e36db7effd8b1901a4a06Musicbox version 2.3.8 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
20cfed76192734cf617e94e030e36c6d5394c6401ca591e0ff39e54db386abe2Wi-fEye is designed to help with network penetration testing. It allows the user to perform a number of powerful attack automatically including WEP/WPA cracking, session hijacking and more.
9611698676e916490e7e33d98b18839292c0c6cd89d52c1228a8bc0865e2cd69
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed