what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-05-14

Ruby Gem Creme Fraiche 0.6 Command Injection
Posted May 14, 2013
Authored by Larry W. Cashdollar

Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.

tags | exploit, remote, ruby
advisories | CVE-2013-2090
SHA-256 | 432f99098884e80c6594d67b9edd44d3c6a943e78df04188f65f7a5a60c25b58
Wordpress Newsletter 3.2.6 Cross Site Scripting
Posted May 14, 2013
Authored by LiquidWorm | Site zeroscience.mk

Wordpress Newletter plugin version 3.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 989ee39dd2aa266687be0d7eb57b6bd6a79938c363c3ad5149eb8eb735782f24
Ubuntu Security Notice USN-1823-1
Posted May 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1823-1 - Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.

tags | advisory, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2013-1669, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
SHA-256 | 6bd1e9ff8b497160ca832c72224f6dece7c64aca1cfaba89925ec17810fc1f8a
Netcraft.com Cross Site Scripting
Posted May 14, 2013
Authored by Stefan Schurtz

www.netcraft.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 634e49019e0df121608fd4d662505b0de9358f848a8db182c17e5f6f967896a9
Red Hat Security Advisory 2013-0823-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0823-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440
SHA-256 | 7976d7f92951a88876a7eb7901961e1753ddc3c76e5eae1cb91cb6fd64c17c66
Red Hat Security Advisory 2013-0822-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0822-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434
SHA-256 | b73c83c3cdb9c589a8c653747142c482009b5367d3fae38dcfb1512ad7a819be
Red Hat Security Advisory 2013-0820-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0820-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting attacks.

tags | advisory, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
SHA-256 | f0c1245adc420fe9949c729df1f1edad8e3e57cb43d7ebf94cf6c5176f6162b7
Red Hat Security Advisory 2013-0821-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting attacks.

tags | advisory, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
SHA-256 | 151d0654166b000317cd71fbfe25f8fc2e6199bb127056c2735148eaf59c71e0
Ubuntu Security Notice USN-1822-1
Posted May 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1822-1 - Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.

tags | advisory, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2013-1670, CVE-2013-1671, CVE-2013-1674, CVE-2013-1675, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
SHA-256 | ac25ce948a4dcc634750fd0f1b4fedb6a05de4dbbdb5cdf815be15b301fcf801
Microsoft Security Bulletin Summary For May, 2013
Posted May 14, 2013
Site microsoft.com

This bulletin summary lists 10 released Microsoft security bulletins for May, 2013.

tags | advisory
SHA-256 | a26e039e0ae06f15b7edb5fbed7be9df1e2279065255d905b7804d4990e672b6
WordPress Video JS Cross Site Scripting
Posted May 14, 2013
Authored by MustLive

Various WordPress plugins that embed video-js.swf suffer from cross site scripting vulnerabilities. These include Video Embed and Thumbnail Generator, External "Video for Everybody", 1player, S3 Video and EasySqueezePage.

tags | exploit, vulnerability, xss
SHA-256 | 5353566b47099624d07091f78ba99de22b3590171921393a6150f67e5e76fda4
Kloxo 6.1.6 Privilege Escalation
Posted May 14, 2013
Authored by HTP

Kloxo version 6.1.6 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 05c8a48c93af3659880c9fc3c9b6dc020d3b89b769551432c305b8d9a7ee8d6f
Joomla Jnews 8.0.1 Cross Site Scripting
Posted May 14, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla Jnews version 8.0.1 suffers from an Open Flash-Chart cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 058c3d8323c683caf66eb576a0868269c46b8dbf04990cb5ef9bf2500850783c
Red Hat Security Advisory 2013-0815-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0815-01 - The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862
SHA-256 | 8ac681819050f76835e7e03059b14a970ed924170ecca367e162d301f1e59b63
Sanewall 1.0.2
Posted May 14, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: Fixes kernel version detection per 1.0.2. The configure script makes sanewall executable. The unconfigured sanewall.in issues a warning when it is run directly. The configure script now sets /usr/local/etc as the location for Sanewall to look in as well as store configuration files in if --sysconfdir is not given, solving bug 78. There is a switch to enable debug output. Handles domain names that refer to records that are IPv4, IPv6, or both. Fixes protection against direct use of /sbin/iptables and /sbin/ip6tables that was broken from 1.1.0.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | de89a99279e9adb00d0b31773b2d9e9f51a184329ffb6353fe9e05a836447a0b
ZedLog 0.2 Beta
Posted May 14, 2013
Authored by Zachary Scott | Site github.com

ZedLog is a robust cross-platform input logging tool (or key logger). It is based on a flexible data logging system which makes it easy to get the required data. It captures all keyboard and mouse events, has a full GUI, and supports logging to a file and basic hiding.

Changes: This release adds an initial replay simulation tool, saving and opening of log files, a record/pause button, separate mouse pressed and released loggers, a more polished GUI, and a new icon set.
tags | system logging
systems | unix
SHA-256 | 834358374b6a141df9fbed51bebefa6c00e5fd27294858da6d36b6bbbdd7685b
Hook Analyser Malware Tool 2.5
Posted May 14, 2013
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: Hook Analyser can now perform XOR bruteforce on "encoded/obfuscated" executables. Deep search improved (new signatures added). Bug fixes.
SHA-256 | 045f5f0ecd20de83f65cd4ccb4ad415cf4c87bccad9fa04b9f1a6a2b8f4d4524
ipset 6.19
Posted May 14, 2013
Authored by Jan Engelhardt | Site ipset.netfilter.org

ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.

Changes: This release adds per-element byte and packet counters for every set type.
tags | tool
systems | unix
SHA-256 | 058e7950efdf8b9539ab79eb145de7be60d6cb7b92c0c011edda37e70135024c
Linux PERF_EVENTS Local Root
Posted May 14, 2013
Authored by sd

Linux local root exploit that requires that PERF_EVENTS be compiled into the kernel. This has been fixed in 3.8.10. This bug apparently got backported from 2.6.37 into CentOS5 2.6.32 kernels.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
SHA-256 | 2f5dc509c381d9e991e5bf9ec1e43911abf68baf1a9e3035473ddfd75ba8c11a
libtins 1.0
Posted May 14, 2013
Authored by Matias Fontanini | Site libtins.sourceforge.net

libtins is a high-level, multiplatform C++ library for crafting, sending, sniffing and interpreting raw network packets. Its main purpose is to provide the C++ developer an easy, efficient, platform and endianess-independent way to create tools which need to send, receive and manipulate specially crafted packets.

tags | library
systems | unix
SHA-256 | f788a658b1e9ed494fbc5e2a591ce0950e22dd97b7461a80be3d8c6c4de02f67
Gallery Server Pro File Upload Filter Bypass
Posted May 14, 2013
Authored by Drew Calcott | Site security-assessment.com

Gallery Server Pro suffers from a file upload filter bypass vulnerability.

tags | exploit, bypass, file upload
SHA-256 | abe9b8be02390c18d3fd7b1d380bed2c7bf844dfdb7bdc344eed391eeefc8cff
WHMCS 4.5.2 SQL Injection
Posted May 14, 2013
Authored by Ahmed Aboul-Ela

WHMCS version 4.5.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 157cbb660d1d85c77b3a38c0c0bf3c21d9875acd83168e26264664cd19fa1450
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close