exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-01-21

Franklin Fueling's T550 Evo Access Control / Credentials
Posted Jan 21, 2014
Authored by Matthew Jakubowski, Nate Drier | Site trustwave.com

Franklin Fueling's TS-550 Evo suffers from insufficient access control and hard-coded credential vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-7248, CVE-2013-7247
SHA-256 | 14ac4a0dcc8435d0f374279cb775ebf17d70e2a89ab2da0be5848b1242b49de8
Ubuntu Security Notice USN-2086-1
Posted Jan 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2086-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-5891, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
SHA-256 | ecdc49310c2f71acc9a595510d489697a1eee7e94d568bb4b84e9a20b11f608d
OpenPNE PHP Object Injection
Posted Jan 21, 2014
Authored by Secunia, EgiX | Site secunia.com

Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.

tags | advisory, arbitrary, php
advisories | CVE-2013-5350
SHA-256 | 862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955d
Mandriva Linux Security Advisory 2014-013
Posted Jan 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-013 - Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a long string in a character name in a BDF font file. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-6462
SHA-256 | b0af7255ba31dc33177e93d56e6db8a83b8031f8aed0fa39e9a98030107af6e4
Gentoo Linux Security Advisory 201401-15
Posted Jan 21, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 11.7.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5976, CVE-2012-5977, CVE-2013-2264, CVE-2013-2685, CVE-2013-2686, CVE-2013-5641, CVE-2013-5642, CVE-2013-7100
SHA-256 | d5b3fc8ed465d4421b3d81a545983bd6659d93187fad9065936730f85fd097e5
Red Hat Security Advisory 2014-0037-01
Posted Jan 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0037-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-5784, CVE-2013-2192
SHA-256 | 0efac53ce37dda2703115556d8acdb23c24e8653403827521c96bb2c8715f1ab
Gentoo Linux Security Advisory 201401-18
Posted Jan 21, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-18 - Multiple stack-based buffer overflows have been found in OpenSC, allowing attackers to execute arbitrary code. Versions less than 0.11.13-r2 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-4523
SHA-256 | f7754ad1de3b980ff1e8b4d74435828455a2e2c1d07ad228b46d148aa2740c15
Ubuntu Security Notice USN-2084-1
Posted Jan 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2084-1 - It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6888
SHA-256 | e92ab9f2fc27450cbdfc097304af025ca1ef510e02d2e35503392f21c8a3522a
Ubuntu Security Notice USN-2085-1
Posted Jan 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2085-1 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-6402, CVE-2013-6427, CVE-2013-6402, CVE-2013-6427
SHA-256 | 82c9a363a9042992362ccff7d326ebeec0884d0c91fb82f0fb606370bad9f552
Gentoo Linux Security Advisory 201401-17
Posted Jan 21, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-17 - A vulnerability in PCSC-Lite could result in execution of arbitrary code or Denial of Service. Versions less than 1.6.6 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2010-4531
SHA-256 | d9ebd17c9ea06a31a3f650f7cbeb686c6eca5ea673dc3832bc97cdb7e38dc582
Gentoo Linux Security Advisory 201401-16
Posted Jan 21, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-16 - A vulnerability in CCID could result in execution of arbitrary code. Versions less than 1.4.1-r1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2010-4530
SHA-256 | 4f0fa5f1896195a50a99d07e9cae6879be76eabf823c0761b9296527c318d03b
Imageview 6.x Shell Upload
Posted Jan 21, 2014
Authored by TUNISIAN CYBER

Imageview version 6.x suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9e8ceb871f0ad6945720f72ead88ac76a5adde822a800af98a3e6c5cb69a998f
HP Data Protector Backup Client Service Directory Traversal
Posted Jan 21, 2014
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service (OmniInet.exe) when parsing packets with opcode 42. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2013-6194
SHA-256 | e7a3d21e3865ca5079635e091b85f2ee54310e84b996a25d7bb03ee3a94397c1
Debian Security Advisory 2847-1
Posted Jan 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2847-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1475, CVE-2014-1476
SHA-256 | aa18c02a1e2bc92bf8e6cbaf332041d96c7fbb2e5309c8aaa2138487acb989b7
MuPDF 1.3 Buffer Overflow
Posted Jan 21, 2014
Authored by Jean-Jamil Khalife

MuPDF versions 1.3 and below suffer from a stack-based buffer overflow in xps_parse_color(). Proof of concept file included.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 7d0272e5a941d51fad81deef68d7e97246b779ea7b1e7ff989e5baf9afe9ee13
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close