exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 393 RSS Feed

Files Date: 2013-09-01 to 2013-09-30

Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
SHA-256 | ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6
Gentoo Linux Security Advisory 201309-16
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-16 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 29.0.1457.57 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5116, CVE-2012-5117, CVE-2012-5118, CVE-2012-5119, CVE-2012-5120, CVE-2012-5121, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5127, CVE-2012-5128, CVE-2012-5130, CVE-2012-5132, CVE-2012-5133, CVE-2012-5135, CVE-2012-5136, CVE-2012-5137, CVE-2012-5138, CVE-2012-5139, CVE-2012-5140, CVE-2012-5141, CVE-2012-5142, CVE-2012-5143, CVE-2012-5144, CVE-2012-5145, CVE-2012-5146
SHA-256 | 293018f8600eb4af907da24f3a7de835c23ff421a14f1d5725376bc9025713ce
Red Hat Security Advisory 2013-1284-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1284-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
SHA-256 | 4bb7805d5def15a8dc28ddfaae2ef552d6d9441335f4d97325b7f1fdf1f7cc80
Gentoo Linux Security Advisory 201309-15
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-15 - Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. Versions less than 1.3.4d are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3555, CVE-2010-3867, CVE-2010-4221, CVE-2010-4652, CVE-2011-1137, CVE-2011-4130, CVE-2012-6095, CVE-2013-4359
SHA-256 | 791bb06b4102a706095adc46d590ae0b5ea0a225e56966180f59fa840c1de6d2
Ubuntu Security Notice USN-1967-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2013-1443, CVE-2013-4315, CVE-2013-1443, CVE-2013-4315
SHA-256 | b392b918c4a2132a058b80068ecb5d6b09912f2551f9368b0623a0e6b05f9241
Ubuntu Security Notice USN-1966-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1966-1 - Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4124
SHA-256 | ac2fb018077ff85b5f0ba303e50222cfa407826452614624bdce0b05b6b38069
Red Hat Security Advisory 2013-1283-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1283-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
SHA-256 | 63ebc0aa0fac12c356a13589f9eb998f453cf710856dedc04932ebb1d46ecd16
Red Hat Security Advisory 2013-1282-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1282-01 - RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4326
SHA-256 | 0c4ac21cdde7e806c617a55e30cacf46e89b8ea87b28d067577c29d5569e2e19
Gentoo Linux Security Advisory 201309-14
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-14 - Multiple vulnerabilities have been reported in MoinMoin, the worst of which may allow execution of arbitrary code. Versions less than 1.9.6 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6080, CVE-2012-6081, CVE-2012-6082, CVE-2012-6495
SHA-256 | 6a08d9bee44e6479fda1f205ce909241ff0aff3b3633609ae564bc28978818cf
Gentoo Linux Security Advisory 201309-13
Posted Sep 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-13 - Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code. Versions less than 2.3.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-2221, CVE-2013-2222, CVE-2013-2223
SHA-256 | af3db29ede5b0c9e93ddaaa1bc876bbedc0791bc71711edafa2fe40be107e27c
Understanding C Integer Boundaries
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial to help facilitate the understanding of C integer boundaries (overflows and underflows).

tags | paper, overflow
SHA-256 | 9017f0c8e3e11504b161f2abf7f058a5d57d87373489674675bfd92f1d5caf25
Return-to-libc Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial discussing return-to-libc exploitation.

tags | paper
SHA-256 | f1935f980e5eab5d3c4772be6b97efb487d82c08b13fc527519a912c04c08094
WordPress Miniaudioplayer Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Miniaudioplayer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | dd8134a154849569a93f038bae0d108d64c84c09b21dab4477b068a0348be4f1
Debian Security Advisory 2763-1
Posted Sep 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2763-1 - It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.

tags | advisory, python
systems | linux, debian
advisories | CVE-2013-4314
SHA-256 | 49f7af93886cb2e4925c18af4a4080e0c1640e728c84299dcb893d6514dbfc87
WordPress LBG Zoominoutslider Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress LBG Zoominoutslider plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 44134a7e3bee4ab9d030999ba0179c1860102c9503e9a2eeff937b036916c103
Good For Enterprise 2.2.2.1611 Cross Site Scripting
Posted Sep 24, 2013
Authored by Mario

Good for Enterprise iOS application versions 2.2.2.1611 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
advisories | CVE-2013-5118
SHA-256 | 9824e01c248eb8f060865f76eace7ae4777a6461f7136f0972ad8ea4dc0eb4c3
WordPress Sharebar 1.2.5 Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | d28550236ec0587220af38f8654ee2cf9fccb27b1a29c80ead8598c11f6482e4
Integer Overflow / Underflow Exploitation Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses integer overflows and underflows.

tags | paper, overflow
SHA-256 | 9b9f3ebcd70a62a4189cceeaf49edd91a6d027ae60c29bc9f51bfd8eb1a1f3fa
Gentoo Linux Security Advisory 201309-12
Posted Sep 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, possibly allowing remote attackers to execute arbitrary code, cause a Denial of Service condition or perform man-in-the-middle attacks. Versions less than 2.2.25 are affected.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6750, CVE-2012-4929, CVE-2013-1862, CVE-2013-1896
SHA-256 | a834b8c97a0c98dcf9ffd2350ae88c9499323cf2cc10bcbb258da5bf98c05882
Gentoo Linux Security Advisory 201309-11
Posted Sep 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-11 - Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information. Versions less than 1.7.13 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2010-4539, CVE-2010-4644, CVE-2011-0715, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884, CVE-2013-1968, CVE-2013-2088, CVE-2013-2112, CVE-2013-4131, CVE-2013-4277
SHA-256 | bfe40a4d66f395924c269877ddf68f495d3d3de142a58bf24a97c981c9b7c9d4
WordPress Bradesco Gateway Cross Site Scripting
Posted Sep 23, 2013
Authored by Alexandro Silva

WordPress Bradesco Gateway plugin suffers from a cross site scripting vulnerability. Versions prior to 2.0 are affected.

tags | exploit, xss
advisories | CVE-2013-5916
SHA-256 | 0dc5dd6056d1e33ed43fe0e9d5a97c9ea97521368f17f778c62040126822602a
Raidsonic NAS Devices Unauthenticated Remote Command Execution
Posted Sep 23, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user and modifying the inetd daemon configuration, this module is set to ManualRanking and could cause target instability.

tags | exploit, web, cgi
advisories | OSVDB-90221
SHA-256 | 349e9ccfce89a895bc88301a928728a68a24c672b6744b743b04b03f181ca743
Ubuntu Security Notice USN-1965-1
Posted Sep 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1965-1 - It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4314
SHA-256 | 9a62177c15f37e7c4836b84c5bef097ee6d8aade227639bbf1331a5b2718f5f8
Ubuntu Security Notice USN-1964-1
Posted Sep 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1964-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1438, CVE-2013-1439
SHA-256 | 058283230c12a801b053bf0c867c65eea622018734173ac4d9c93508f3edf518
Red Hat Security Advisory 2013-1260-01
Posted Sep 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1260-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4130
SHA-256 | b6911a2d88f3383a2433d1ba0bb3834896d31dcd24d650b65d2dbfba1df22b28
Page 3 of 16
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close