Showing 1 - 6 of 6

Files Date: 2013-11-08 to 2013-11-09

Ubuntu Security Notice USN-2014-1: Posted Nov 8, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2014-1 - Markus Friedl discovered that OpenSSH incorrectly handled memory when the AES-GCM cipher was used. A remote authenticated attacker could use this issue to execute arbitrary code as their user, possibly bypassing shell or command restrictions.; tags | advisory, remote, arbitrary, shell; systems | linux, ubuntu; advisories | CVE-2013-4548; SHA-256 | e189e6627785c00b5dcbe8d47d9b5eb49ddf89426224169d3a73aa26e7a1a493; Download | Favorite | View

MorXBrute Password Cracker 1.01: Posted Nov 8, 2013; Authored by Simo Ben Youssef; MorXBrute is a customizable HTTP dictionary-based password cracking tool written in Perl. MorXBrute comes with a few payloads for some of the more popular software used and additionally lets you add your own payloads. MorXBrute supports both GET and POST brute forcing.; tags | tool, web, cracker, perl; systems | linux; SHA-256 | ed4fe1e137b11ec8313a821cd13394c1d7af7620e2f8a182f3dbf4af9349d837; Download | Favorite | View

OpenSSH 6.3 Memory Corruption: Posted Nov 8, 2013; Authored by Markus Friedl | Site openssh.com; A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations. OpenSSH versions 6.2 and 6.3 are affected when built against an OpenSSL that supports AES-GCM.; tags | advisory, shell, code execution; SHA-256 | 5a14ae6163dbd1bc2080d2d9e5abbece4f4a06fb6c639b17aeb2e9819c2b20d2; Download | Favorite | View

Apple Mac OS X 10.9 Memory Corruption: Posted Nov 8, 2013; Authored by cxib@securityreason.com; Apple Mac OS X 10.9 suffers from a hard link memory corruption issue.; tags | advisory; systems | apple, osx; SHA-256 | 74288558db87af31ee9132cbcee3ea8ada886de745f80a98d06042a4db34f581; Download | Favorite | View

WordPress Theme Kernel Shell Upload: Posted Nov 8, 2013; Authored by iskorpitx; WordPress Theme Kernel suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell, kernel; SHA-256 | 08773f9f2461aecbc25d61bbf9b65d3b3537e7ac0ea3c0e33a68f4337a3ddee4; Download | Favorite | View

VICIdial Manager Send OS Command Injection: Posted Nov 8, 2013; Authored by sinn3r, juan vazquez, Adam Caudill, AverageSecurityGuy | Site metasploit.com; The file agc/manager_send.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru() function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with default passwords and the manager_send.php file has a SQL injection vulnerability that can be used to bypass the session check as long as at least one session has been created at some point in time. In case there isn't any valid session, the user can provide astGUIcient credentials in order to create one. The results of the injected command are returned as part of the response from the web server. Affected versions include 2.7RC1, 2.7, and 2.8-403a. Other versions are likely affected as well. The default credentials used by Vicidial are VDCL/donotedit and VDAD/donotedit.; tags | exploit, web, php, sql injection; advisories | CVE-2013-4467, CVE-2013-4468, OSVDB-98903, OSVDB-98902; SHA-256 | fe43d040fa2032ae8b0f68df36ad62a56693b4bfc023c7d6761cb75f72c9869f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days