exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2013-08-07

MyBB 1.6.10 Open Redirection
Posted Aug 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

MyBB version 1.6.10 suffers from an arbitrary site redirection vulnerability.

tags | exploit, arbitrary
SHA-256 | ac319ac2761fd810ff270e3d6536bf0e39351b6818fcc0992609e4633316b9e5
GNU MAC Changer 1.6.0
Posted Aug 7, 2013
Site github.com

MAC Changer is a GNU/Linux utility for viewing/manipulating the MAC addresses of network interfaces. It can set specific, random, vendor-based (with a 6600+ vendor list), and device-type-based MACs.

Changes: This release fixed various important and less important issues.
tags | tool
systems | linux, unix
SHA-256 | 31534f138f1d21fa247be74ba6bef3fbfa47bbcd5033e99bd10c432fe58e51f7
NIELD (Network Interface Events Logging Daemon) 0.4.0
Posted Aug 7, 2013
Authored by Tetsumune KISO | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.

Changes: This release adds traffic control support.
tags | tool, kernel, system logging
systems | unix
SHA-256 | 12176f94719144d12932a13b96c31d03cb3253843bf044aac7cb6cdd6fff50cc
Atlassian JIRA 6.0.3 Cross Site Scripting
Posted Aug 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

Atlassian JIRA suffers from a reflective cross site scripting issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Versions 6.0.2 and 6.0.3 are affected.

tags | exploit, arbitrary, xss
SHA-256 | ab3cb5e6a9aa9ab21e1203de1595664804cc4c0b93ca4062353260a40b6d0a24
Apache CloudStack 4.0.x / 4.1.0 Cross Site Scripting
Posted Aug 7, 2013
Site cloudstack.apache.org

Apache CloudStack suffers from a cross site scripting vulnerability. Versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2, and 4.1.0 are affected.

tags | advisory, xss
advisories | CVE-2013-2136
SHA-256 | cede899e8d6411ed24f0609ba390790970bac3c8867fe2ee368805e332e88d9b
Nmap Http-domino-enum-passwords File Upload
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

An arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.

tags | advisory, web, arbitrary, file upload
advisories | CVE-2013-4885
SHA-256 | 3f3f0fed34e91a5d44d190bceb8508b03d02326855de030750d04807d7eb4044
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
Posted Aug 7, 2013
Authored by Alberto Solino, Core Security Technologies, Anibal Sacco, Alejandro Rodriguez | Site coresecurity.com

Core Security Technologies Advisory - Hikvision IP Cameras suffer from buffer overflow, authentication bypass, hard-coded credential, and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-4975, CVE-2013-4976, CVE-2013-4977
SHA-256 | a4a4535ab067aafda1e020840c583034d91d05f5ea87d44f5643945fba43b443
Atlassian Confluence 5.3 Cross Site Scripting
Posted Aug 7, 2013
Authored by Muhammad Waqar

Atlassian Confluence versions 3.5.6 through 5.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 134e7eac520cc20aea86f2b420492abe84f6288beee1c6ba0561fd1835097ec4
Microsoft Yammer Social Network O-Auth Bypass
Posted Aug 7, 2013
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Yammer Social Network suffered from a critical information disclosure vulnerability due to an insecure O-Auth 2 implementation.

tags | exploit, info disclosure
SHA-256 | ee17ca110cf9ff28ea039cf6aeaf554e36835d8cc584b07592f7aea1af5a528a
McAfee Superscan 4.0 Cross Site Scripting
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

McAfee Superscan version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4884
SHA-256 | bd831b86fa9986e22ed6966c13d321dab445ccc1cb7456fece5b01c3b191f1b7
LibPKI 0.8.0
Posted Aug 7, 2013
Site openca.org

The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI-enabled application development. The library provides the developer with all the needed functionality to manage certificates, from generation to validation. It helps developers integrate X509 digital certificates into their applications, and implement complex cryptographic operations with a few simple function calls using a high-level cryptographic API. The library constitutes the core of other OpenCA Labs Projects like the PRQP Server, the OCSP Responder, and the OpenCA-NG PKI.

Changes: Improvements over the last publicly available release (0.6.7) include fixing of various memory leaks in BIO handling and in OCSP responses signing, adding new errors for better logging of token issues, adding SOCK_DGRAM in PKI_NET_* interface, and a fixed OCSP interface for response building.
tags | library
systems | unix
SHA-256 | 6a4d125664c593f647956a1f083e9ab1981ad1c4de30456bd1147ac51762901b
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta

This python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl, python
advisories | CVE-2011-0923, OSVDB-72526
SHA-256 | f3af687e6ae93d7108daba5565a341cceceb6c51dd70cc03120b8c1910bc8e5c
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta | Site metasploit.com

This Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl
systems | windows
advisories | CVE-2011-0923, OSVDB-72526
SHA-256 | 5f0f9f62015fe421d3fb88ace93c276d32b36986aa82809a47927f87e8803536
Mandriva Linux Security Advisory 2013-209
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-209 - The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service via a certain MOVE request against a revision root. This advisory provides the latest version of subversion which is not vulnerable to this issue.

tags | advisory, remote, denial of service, root
systems | linux, mandriva
advisories | CVE-2013-4131
SHA-256 | 48e908e5d6e879f8685025136974907f6e608316de4840a22d5d7adb36ddf92b
Mandriva Linux Security Advisory 2013-208
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-208 - A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. A stack-based buffer overflow was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-1960, CVE-2013-1961
SHA-256 | 447932103e3d2b4135501f9e4d13f9622d71d76bfd8c995a757d16a355d9d1ab
Mandriva Linux Security Advisory 2013-207
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-207 - Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service via a malformed packet. The updated packages for Enterprise Server 5.2 has been patched to correct this issue. The updated packages for Business Server 1 has been upgraded to the 3.6.17 version which resolves many upstream bugs and is not vulnerable to this issue. Additionally the libtevent packages are being provided which is a requirement since samba 3.6.16.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-4124
SHA-256 | dfd7340822a40086019cf3ecd9e0e9b67dccce6e2b4941cbdeaedded779c5002
Slackware Security Advisory - httpd Updates
Posted Aug 7, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1896,CVE-2013-2249.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1896, CVE-2013-2249
SHA-256 | 904e94b9f1535379b3379c68263113ed857048be3d847e496283546b5a717292
Ubuntu Security Notice USN-1924-1
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-1 - Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717, CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 2f541122cf4292e498f025c0357ccebe409fbe0e6d41fb8080dadc4db0a84b7b
Ubuntu Security Notice USN-1924-2
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, local, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | d5607d8e20cc440391ba757e7d3496cd61fbee9d67917085c9b5c5ebf59e0da4
Slackware Security Advisory - samba Updates
Posted Aug 7, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4124.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4124
SHA-256 | cb6d7598ef0a905393d72be99fd794c7acd18caf7ff84cd293b3f21e5305d5e2
SocialEngine 4.5 Shell Upload
Posted Aug 7, 2013
Authored by Wesley Henrique Leite

SocialEngine version 4.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2013-4898
SHA-256 | 67317f4cfcb1678cd318bb5c6c5d7b2d74b7020c8a8a285dd1f9b21910ab4007
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close