what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-07-25

Debian Security Advisory 2727-1
Posted Jul 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2727-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473
SHA-256 | d4f5c2f1b04861b6443eec45834b6e3d0c817455527f364f468feff87986028c
Debian Security Advisory 2726-1
Posted Jul 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2726-1 - A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.

tags | advisory, overflow, php
systems | linux, debian
advisories | CVE-2013-2220
SHA-256 | 72f234e7c07428d2e63e1a252b99f6eb0b9282b4ae5ce2396ffd5d580e411c58
Mandriva Linux Security Advisory 2013-199
Posted Jul 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-199 - Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service. The updated packages have been patched to correct this issue.

tags | advisory, web, overflow
systems | linux, mandriva
advisories | CVE-2013-4115
SHA-256 | 4815216226b61310dce0c6530a147917f7ebac473d8ffe02ed70a0815d63d93f
Ubuntu Security Notice USN-1909-1
Posted Jul 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1909-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1861, CVE-2013-2162, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812
SHA-256 | 872c16b08d04ddfc191144c894d91138478e931567d53ba3589f43b24ed515f7
Alienvault OSSIM Cross Site Scripting
Posted Jul 25, 2013
Authored by xistence

Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b97b24ad187260fb2d369e36bc782d9527bb13c5629ef33949027b13a42c4a22
HP Security Bulletin HPSBGN02905
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-2368, CVE-2013-2369, CVE-2013-2370, CVE-2013-4797, CVE-2013-4798, CVE-2013-4799, CVE-2013-4800, CVE-2013-4801
SHA-256 | 43da885fdebda26382764369711cbf24e26c0adae71be911ebfc154158b77f6f
HP Security Bulletin HPSBGN02906
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02906 - A potential security vulnerability has been identified with HP Application Lifecycle Management Quality Center (ALM). The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2013-4802
SHA-256 | 3bb4602f64a408d4b34c04935b5443f73fb49fdc31020d8fcb2287535b6237ee
HP Security Bulletin HPSBMU02894
Posted Jul 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2007-5333, CVE-2009-3554, CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-1483, CVE-2011-2196, CVE-2011-4605, CVE-2011-4858, CVE-2012-3546
SHA-256 | eacd5c85848fe70e3b06674a93d19b20ce220a3b1047e565ac14544a22f6e877
Trickfire Spoofing Script
Posted Jul 25, 2013
Authored by Vittorio Milazzo

Bash script that permits spoofing of LAN connections and deceive firewalls, proxies, and IDS/NIDS traffic logging.

tags | tool, spoof, bash
systems | linux, unix
SHA-256 | 15c6799ab16cd99792a8c63e30913b42b5ff3d802a554e339bb9f51cb44423a9
Powershell Payload Web Delivery
Posted Jul 25, 2013
Authored by Ben Campbell, Christopher Campbell | Site metasploit.com

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is unlikely to trigger AV solutions and will allow to attempt local privilege escalations supplied by meterpreter etc. You could also try your luck with social engineering. Ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

tags | exploit, remote, web, x86, local
SHA-256 | 3df7ddc32fd686c31c096c385be3456948866192543e5796efa9d470ac552386
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Posted Jul 25, 2013
Authored by sinn3r, juan vazquez, Takeshi Terada | Site metasploit.com

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.

tags | exploit
systems | linux, windows, ubuntu
advisories | CVE-2013-2251, OSVDB-95405
SHA-256 | c240d5878f508b714bf5ceed219b636cd035393594292bf01d990b95dae4b372
Cisco Security Advisory 20130724-vsm
Posted Jul 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.

tags | advisory, vulnerability
systems | cisco
SHA-256 | 8667d0b02c37ab85ed00ba5415096d156c627c81a71f23f4f17c7bbd0f63005b
Windu CMS 2.2 Cross Site Request Forgery
Posted Jul 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

Windu CMS version 2.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 56a019a032958f9c270c1d504c29c57aa2108f118b9fc5f71f438a5c0d1abdf6
ARP-Scan ARP Generation Tool 1.9
Posted Jul 25, 2013
Authored by Roy Hills | Site nta-monitor.com

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Changes: This release adds support for ARM 64-bit CPUs and Dragonfly BSD, adds a --rtt (-D) option to display the packet round-trip time, uses libpcap functions to obtain the interface IP address and send the packet (to increase portability), requires libpcap 0.9.3 or later, raises the default timeout from 100ms to 500ms to avoid missed responses from slow-responding hosts, modifies the get-iab and get-oui scripts to the support new IEEE website URL and new file format (also fixes the -u option in these scripts), updates MAC/Vendor mapping files from the IEEE website, and adds additional arp-fingerprint patterns.
tags | tool, scanner, protocol
systems | unix
SHA-256 | ce908ac71c48e85dddf6dd4fe5151d13c7528b1f49717a98b2a2535bd797d892
Broadkam PJ871 Authentication Bypass
Posted Jul 25, 2013
Authored by d3c0der

The Broadkam PJ871 DSL router does not authenticate password change requests. Broadkam is a knock-off Chinese vendor.

tags | exploit, bypass
SHA-256 | ee602bcc310237488f32e7419735e88a1ba71b6992ab9384e9e57fff4b69c756
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close