exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-11-25 to 2013-11-26

Gentoo Linux Security Advisory 201311-15
Posted Nov 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-15 - Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure. Versions less than 2.0.9_rc1-r2 are affected.

tags | advisory, denial of service, vulnerability, sql injection, info disclosure
systems | linux, gentoo
advisories | CVE-2010-1277, CVE-2011-2904, CVE-2011-3263, CVE-2011-4674, CVE-2012-3435, CVE-2013-1364, CVE-2013-5572
SHA-256 | 376284ead2ebc1de7d71b4043ed1c195b1d07fa77b9a865731ec3db09ef944b1
Gentoo Linux Security Advisory 201311-16
Posted Nov 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-16 - A vulnerability has been found in fcron, allowing local attackers to conduct symlink attacks. Versions less than 3.0.5-r2 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2010-0792
SHA-256 | 66b03180e217e23b048a674187af4a6802ff86495b72dcbc3228880511f078d0
Mandriva Linux Security Advisory 2013-283
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 1c82e380a68105a8faa750720b4e2f2251bb1cd7f4dd03f29ae8a02d1b90188b
GNU Transport Layer Security Library 3.2.7
Posted Nov 25, 2013
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Several improvements in smart card handling, in the handling of the pre-DTLS-1.0 protocol used in OpenConnect, and record decompression. Support has been added for writing the "no well defined" expiration date in certificates.
tags | protocol, library
SHA-256 | 7ca3e261402e90344585cbd5cc54379f4e294697b2cc7cd979458707666ac872
NETGEAR ReadyNAS Perl Code Evaluation
Posted Nov 25, 2013
Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com

This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.

tags | exploit, web, perl
advisories | CVE-2013-2751, OSVDB-98826
SHA-256 | bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93
Mandriva Linux Security Advisory 2013-282
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-282 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.

tags | advisory, web, perl
systems | linux, mandriva
advisories | CVE-2013-4407
SHA-256 | ae8a09f529384327fb193842fcebddd1a96d9cfda45247e283628ee923156f50
IPSet Bash Completion 2.3
Posted Nov 25, 2013
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Some bugs have been fixed. Input validation is now optional. The default completion behavior slightly changed. Some improvements in completion of testing port ranges have been implemented. Hostname and completion of networks have been added to the "range" option when creating bitmap:ip and bitmap:ip,mac types of sets.
tags | tool, shell, firewall, bash
systems | linux, unix
SHA-256 | ee17e74244675a46e555b896916b39a54ee8275031a95efac0f4ad9f7c932c7b
Pirelli Discus DRG A125g Remote SSID Change
Posted Nov 25, 2013
Authored by Sebastian Magof

Pirelli Discus DRG A125g suffers from a remote SSID changing vulnerability.

tags | exploit, remote
SHA-256 | 2b1f91be8747fd519dafa4451cffde3fb3465914cd7c91ec96a5c22286dcfcec
Pirelli Discus DRG A125g Remote Wifi Password Change
Posted Nov 25, 2013
Authored by Sebastian Magof

Pirelli Discus DRG A125g suffers from a remote wifi password change vulnerability.

tags | exploit, remote
SHA-256 | 0844fc4064b35b2b1fca0daf8ee6e09c155f3fa44819becc99422a59b86589f0
IPTables Bash Completion 1.1
Posted Nov 25, 2013
Authored by AllKind | Site sourceforge.net

iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.

Changes: New in this version is support for the new options coming with iptables 1.4.21. The SYNPROXY target and the --nowildcard option of the socket match.
tags | tool, firewall
systems | linux, unix
SHA-256 | 0f7bd2fe3254cad9270ecead41bdee72d159e9eb6aeda443841f658250f0a6a0
Mandriva Linux Security Advisory 2013-281
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-281 - Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4547
SHA-256 | 24200da29b62dbc19d61f3556eb553257ad19ae7b5b9d0f6454ad0816b56eed0
Tapuz Flix Password Bypass
Posted Nov 25, 2013
Authored by Liad Mizrachi

Tapuz Flix suffers from a video password bypass vulnerability.

tags | exploit, bypass
SHA-256 | 20f632be7ad02a0dcebd94c26baecb40dccfdf5a54d98a77fd3ae541fbfd3644
LimeSurvey 2.00+ Build 131107 Cross Site Scripting / SQL Injection
Posted Nov 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

LimeSurvey 2.00+ build 131107 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5c44ba55fe8e63eb71a478dcca53f2b4e82fdae8fea63259254d0ae14c55a594
Pirelli Discus DRG A125g Password Disclosure
Posted Nov 25, 2013
Authored by Sebastian Magof

Pirelli Discus DRG A125g suffers from a local password disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | d3a434fc5af641e203162cf1a2bd32c1dacc470434958a1a05827b049654a80b
TPLINK WR740N / WR740ND Cross Site Request Forgery
Posted Nov 25, 2013
Authored by Samandeep Singh

TPLINK WR740N / WR740ND suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 6ed034621950641cdd64908b842248f86ceb3c3fa4144f7f1cd978a254f5ded8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close