exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2013-09-09 to 2013-09-10

ZRTP Protocol Library 2.3.4
Posted Sep 9, 2013
Site gnutelephony.org

ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.

Changes: Essential fixes for CVE-2013-2222 / CVE-2013-2223. Better support for both OpenSSL and GnuTLS. Paranoid mode support. Improved support for mingw builds. Many additional improvements since the 2.0.0 release.
tags | protocol, library
systems | unix
advisories | CVE-2013-2222, CVE-2013-2223
SHA-256 | 03e5d4de487fd154177cf2b7a45600b1c8df783136e4f01a9ebc6104b3771008
glFusion 1.3.0 SQL Injection
Posted Sep 9, 2013
Authored by Omar Kurt | Site netsparker.com

glFusion version 1.3.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 436ea226bb9dfb98db5db5fda741ecdc73e6900ba62889d9e67d56e87915048e
GNU SIP Witch Telephony Server 1.8.0
Posted Sep 9, 2013
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Support for systemd init. Multi-protocol context aware when built with exosip2 4.x for concurrent TCP/UDP/TLS sip sessions in a single server instance. An SRV plugin to better support automatic resolution of remote users through DNS (requires libruli to use). Improved mingw build support.
tags | telephony
systems | unix
SHA-256 | f82fb7fe0185bf5c2278fac46dcd75c361dd9b65b53a9aadacf52bdcaf58d951
MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free
Posted Sep 9, 2013
Authored by Peter Vreugdenhil, sinn3r, Orange Tsai | Site metasploit.com

In IE8 standards mode, it's possible to cause a use-after-free condition by first creating an illogical table tree, where a CPhraseElement comes after CTableRow, with the final node being a sub table element. When the CPhraseElement's outer content is reset by using either outerText or outerHTML through an event handler, this triggers a free of its child element (in this case, a CAnchorElement, but some other objects apply too), but a reference is still kept in function SRunPointer::SpanQualifier. This function will then pass on the invalid reference to the next functions, eventually used in mshtml!CElement::Doc when it's trying to make a call to the object's SecurityContext virtual function at offset +0x70, which results a crash. An attacker can take advantage of this by first creating an CAnchorElement object, let it free, and then replace the freed memory with another fake object. Successfully doing so may allow arbitrary code execution under the context of the user. This bug is specific to Internet Explorer 8 only. It was originally discovered by Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update.

tags | exploit, arbitrary, code execution
SHA-256 | 1c003b48b2f0c41a3c3ef91938ebd714d766a2510222a8c5b84652445ec8f591
HP SiteScope Remote Code Execution
Posted Sep 9, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists on the opcactivate.vbs script, which is reachable from the APIBSMIntegrationImpl AXIS service, and uses WScript.Shell.run() to execute cmd.exe with user provided data. Note which the opcactivate.vbs component is installed with the (optional) HP Operations Agent component. The module has been tested successfully on HP SiteScope 11.20 (with HP Operations Agent) over Windows 2003 SP2.

tags | exploit, shell, code execution
systems | windows
advisories | CVE-2013-2367, OSVDB-95824
SHA-256 | 02888ebdda6dc97a16fcb507f825f9cfbf26bc98824bc1efc03e5b0ff9d28b2f
Android FTP Server 1.2 Privilege Escalation
Posted Sep 9, 2013
Authored by Larry W. Cashdollar

Android FTP Serve version 1.2 exposes the configuration file with full read and write permissions. A malicious party can overwrite the credentials for the administrator and escalate privileges.

tags | exploit
SHA-256 | 3dd744c0f1c0dd5fbffad80344f989d7b3436f5030e2d950967eb38f7e5aca7f
lshell 0.9.16
Posted Sep 9, 2013
Authored by Ignace Mouzannar | Site lshell.ghantoos.org

lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.

Changes: Lots of new code and code cleanup has been done in this version. Many bugs have been fixed.
tags | tool, shell
systems | unix
SHA-256 | 22b28f22eb3445ed1514953c24e30bf3feaacc1225a19332f50245982537c35f
Moodle 2.3.9 / 2.4.9 Javascript Insertion
Posted Sep 9, 2013
Authored by Ciaran McNally

Moodle versions 2.3.9 and below and 2.4.6 suffer from a javascript insertion vulnerability that allows for the addition of an RSS blog.

tags | exploit, javascript
SHA-256 | 6c800321ff5da86e73199561fdef96721f8bc5417e76c8a405874d08d029a1a7
Ruby Gem Features 0.3.0 Injection
Posted Sep 9, 2013
Authored by Larry W. Cashdollar

Ruby Gem Features version 0.3.0 suffers from a file injection vulnerability that can lead to cross site scripting.

tags | exploit, xss, ruby
SHA-256 | c7a54aa106b7c9bed756067a2616950105a69b23c99d49249959d5fa0792fbd6
Watchguard Server Center 11.7.4 Insecure Library Loading
Posted Sep 9, 2013
Authored by Julien Ahrens | Site rcesecurity.com

Watchguard Server Center version 11.7.4 suffers from a dll hijacking vulnerability with wgpr.dll.

tags | exploit
systems | windows
advisories | CVE-2013-5701
SHA-256 | b67a720d0a797532d0f3e4fea6a5b7cd8823f0a69b548c11cca0352f1007db8e
Ubuntu Security Notice USN-1948-1
Posted Sep 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1948-1 - It was discovered that httplib2 only validated SSL certificates on the first request to a connection, and didn't report validation failures on subsequent requests. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the httplib2 library.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-2037
SHA-256 | 9a52785ec4e2cc7f14626c006c99565fa97fdc8e6944fa72227aa037f067d433
Mandriva Linux Security Advisory 2013-227
Posted Sep 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-227 - A vulnerability has been discovered and corrected in easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue.

tags | advisory, web, arbitrary, python
systems | linux, mandriva
advisories | CVE-2013-1633
SHA-256 | d56f8c3565be8c63463cce4e0e9d65136463c2d516b30db8705d1224c10d780d
Red Hat Security Advisory 2013-1218-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1218-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
SHA-256 | 86c9f0a10099718fdb23e425ee225470603c1c725723f459d41aede2928769fd
Red Hat Security Advisory 2013-1219-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1219-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
SHA-256 | abee122a260a1c9a751e37c925b27cbfe84bafc8da70fcd05307e592d3ea0f77
Red Hat Security Advisory 2013-1217-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1217-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
SHA-256 | 59e7da5d79addbf6d0e2afd386dbf5d968a3902d09a2c111b3eee38b33e88794
Red Hat Security Advisory 2013-1221-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1221-01 - Fuse Message Broker is a messaging platform based on Apache ActiveMQ that provides SOA infrastructure to connect processes across heterogeneous systems. It was found that, by default, the Apache ActiveMQ web console did not require authentication. A remote attacker could use this flaw to modify the state of the Apache ActiveMQ environment, obtain sensitive information, or cause a denial of service. This update delivers a README file which describes how to manually configure an XML properties file to fix this flaw. Back up existing Fuse Message Broker configuration files before making changes.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2013-3060
SHA-256 | 000553cc2879535243ceda3ad06ead5bc50253e906095e08d32a5ee81edc2fb5
Red Hat Security Advisory 2013-1220-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1220-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
SHA-256 | d1d48b044c8e81444b792c0b4be3f50ddb02185e3d592da856fb85d0a7fc4933
E-Local Business Directory SQL Injection
Posted Sep 9, 2013
Authored by Lazmania61

E-Local Business Directory suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, local, sql injection
SHA-256 | c1d4c9d5f50521e060fe033687d603aa630e392d325da34fe3e28f1eee8a7e6c
Real Estate PHP Script Cross Site Scripting
Posted Sep 9, 2013
Authored by Lazmania61

Real Estate PHP Script suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | eb35f8e405da94d313757ebb8ae923971442c98b949e0e63c130d42119376e1e
freeFTPd 1.0.10 PASS Command SEH Overflow
Posted Sep 9, 2013
Authored by Wireghoul, Muhamad Fadzil Ramli | Site metasploit.com

This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10.

tags | exploit, overflow
advisories | OSVDB-96517
SHA-256 | 02521b6229ecb5c00ebc4a5b2081e20949f1c436bc6899cb1c51b9e3982be68b
Xoops 2.5.6 Cross Site Scripting
Posted Sep 9, 2013
Authored by Mehdi Dadkhah

Xoops version 2.5.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 732c016a214a226e7da6dcf115b40bb86fc5de7d0885d0e950ddf7520b2c2f01
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close