what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-07-08

Oracle Java Applet Preloader Click-2-Play Warning Bypass
Posted Jul 8, 2013
Authored by Florent Hochwelker | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction. Oracle Java versions 7u21 and below are affected.

tags | advisory, java, remote
SHA-256 | 10e02ec7b9426a95440e714eac97006eaeca4b625413293939ad86595f91ad55
D-Link UPnP OS Command Injection
Posted Jul 8, 2013
Authored by Michael Messner

D-Link devices DIR-300 rev B, DIR-600 rev B, DIR-645, DIR-845, and DIR-865 suffer from a remote command injection vulnerability. The vulnerability is caused due to missing input validation in different XML parameters.

tags | exploit, remote
SHA-256 | 45b06bd652acac11c15608f66dea0133730d0c898dc986726de440ece8669b91
Debian Security Advisory 2721-1
Posted Jul 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2721-1 - A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker process memory, or possibly execute arbitrary code.

tags | advisory, web, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-2070
SHA-256 | 6e99ad6cc32808c72aea2fdc8a60c3b1e83edc6d3f8b8b8a6b9b122cd944919c
HP Security Bulletin HPSBST02890 2
Posted Jul 8, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02890 2 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. A user who is logged in via the HPSupport user account does not have access to the data that has been backed up to the HP StoreOnce Backup system, and hence is not able to read or download the backed up data. However, it is possible to reset the device to factory defaults, and hence delete all backed up data that is present on the device. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2013-2342
SHA-256 | 9f18eb5ef4c93f01c624397b15391591aecd9224dfc4b12234c5acfe333401c8
Debian Security Advisory 2720-1
Posted Jul 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2720-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery.

tags | advisory, arbitrary, vulnerability, info disclosure, csrf
systems | linux, debian
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | 2169fb3cae789aee11903229ba2e3f01583061efa102f4bfa9860b38144f8fe9
Solaris Recommended Patch Cluster 6/19 Local Root
Posted Jul 8, 2013
Authored by Larry W. Cashdollar

Solaris Recommended Patch Cluster 6/19 suffers from a local root command execution vulnerability on x86.

tags | exploit, x86, local, root
systems | solaris
advisories | CVE-2010-1183
SHA-256 | 532e22bc6ff3e644f7b297fffe8d58e1796dc3a75b7965cd74a76062a5280627
NTLM Authentication Library 1.4
Posted Jul 8, 2013
Authored by Grant Edwards | Site josefsson.org

The NTLM library contains utilities for authenticating against Microsoft servers that require NTLM authentication. The goal of this project is to make libntlm easier to build (by using autoconf, automake, and libtool) for use by other projects.

Changes: This release adds build fixes.
tags | library
systems | unix
SHA-256 | 8415d75e31d3135dc7062787eaf4119b984d50f86f0d004b964cdc18a3182589
Google Chrome 25.0.1364.152 HTTP Referer Header Faking
Posted Jul 8, 2013
Authored by Liad Mizrachi

Google Chrome version 25.0.1364.152 suffers from an XMLHttpRequest HTTP Referer Header faking vulnerability.

tags | exploit, web
SHA-256 | b637b280b79f7030e948538de6695ffcde18a45fea4e3bb46f714e32896ebea4
Mozilla Firefox Maintenance Service Local Privilege Escalation
Posted Jul 8, 2013
Authored by Richard L. | Site vupen.com

VUPEN Vulnerability Research Team discovered high risk vulnerabilities in Mozilla Firefox. The vulnerabilities are caused by errors in the Mozilla Maintenance Service on Windows when interacting with local software, which could allow local unprivileged users to execute arbitrary code with SYSTEM privileges. It is possible to combine these vulnerabilities with a remote Firefox memory corruption to achieve a remote SYSTEM code execution.

tags | advisory, remote, arbitrary, local, vulnerability, code execution
systems | windows
SHA-256 | 6d67487dd7131f3f10ac5977a85cdbc90ed1c00cd95ae50e00f955350a1f8791
File Roller Path Traversal
Posted Jul 8, 2013
Authored by Open Source CERT, Yorick Koster

The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.

tags | advisory, arbitrary
advisories | CVE-2013-4668
SHA-256 | f6e7eec5337ffaec3b1e39f19c1e07cbe65ea4c169f65204d92f2634cdcc1947
D-Link DIR-505L / DIR-826L Authentication Bypass
Posted Jul 8, 2013
Authored by Jason Doyle

D-Link DIR-505L and DIR-826L devices suffer from an authentication bypass vulnerability due to not validating session cookies.

tags | advisory, bypass
advisories | CVE-2013-4772
SHA-256 | 15aeb881d7e8aff6673857cc13ccac13075a10312358a2e2634d2fabe3a41b31
Avira Analysis Web Service SQL Injection
Posted Jul 8, 2013
Authored by Ebrahim Hegazy, Vulnerability Laboratory | Site vulnerability-lab.com

Avira Analysis Web Service suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | b3027710b6c99a1596e86ed291f5ab4b8ddd1efb8e6a7331dbc90080704db339
Crypthisthing Blowfish Encryption Tool
Posted Jul 8, 2013
Authored by Juan J. Fernandez Lopez | Site tcpapplication.com

This program encrypts and decrypts files using a 128 bit length key with Blowfish in CBC mode.

tags | tool, encryption
SHA-256 | 47e5f1406f19065edce7cda9fd3183d37944e05e7a528e286ee0343714aad83d
AOL Instant Messenger 8.0.1.5 Binary Planting
Posted Jul 8, 2013
Authored by Marshall Whittaker

AOL Instant Messenger versions 8.0.1.5 and below suffer from a binary file planting vulnerability.

tags | exploit
systems | windows
SHA-256 | da5758570b995ade98829ed009b58ef415a94b0fdcdf1d9efe1ebb63339d6fa4
Adobe Reader X 10.1.4.38 BMP/RLE Heap Corruption
Posted Jul 8, 2013
Authored by feliam

Adobe Reader X version 10.1.4.38 suffers from a BMP/RLE heap corruption vulnerability.

tags | exploit
advisories | CVE-2013-2729, OSVDB-93358
SHA-256 | 5c80216fd665dd80e7efa0a83034620674ebe12cdd052dd3151c9b2f257b9ab2
WordPress JS Restaurant SQL Injection
Posted Jul 8, 2013
Authored by Ashiyane Digital Security Team

WordPress JS Restaurant plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 48ddb834b6b5c6d9fbea650fb35d3b87734eda81ec9641f4a14fba0edf197f4b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close