exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-01-03

Allied Telesis AT-MCF2000M 3.0.2 Local Root
Posted Jan 3, 2013
Authored by dun

Allied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.

tags | exploit, local, root
SHA-256 | ff5d7406c17bd8ff7fdbdde80e74244fd325b7101bde127bdef0b679b0c3a63e
Simple Webserver 2.3-rc1 Directory Traversal
Posted Jan 3, 2013
Authored by CwG GeNiuS

PM Software Simple Webserver version 2.3-rc1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 2663bdc531c6611591adc8e749cdf1a7cf2bc800a1b30940b76d2f8744e04aba
WHMCS 5.x Authentication Bypass
Posted Jan 3, 2013
Authored by Agd_Scorp

WHMCS version 5.x suffers from an authentication bypass vulnerability that leverages the cache.

tags | exploit, bypass
SHA-256 | d53f2c4012a4d5108946de6ff528b18152a971b4bcf46cfa3468c753a7282f74
Indrajith Mini Shell 2.0
Posted Jan 3, 2013
Authored by Ajith KP, Vishunath KP, Indishell, Team Open Fire

This is a mini-php backdoor shell. It has a PHP encoder/decoder, mail bombing functionality, reverse shell, cPanel cracker, and more.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 27ad339a1514e347e845b24923cfcd49b2242e7c4f4111ce61e4b88048eb9c3e
Simple Machines Forum 2.0.3 Path Disclosure
Posted Jan 3, 2013
Authored by WHK Yan

Simple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 30f1040ff99e0f67f1b77894262c84fd5663126aec547c224447e7db57abf887
WordPress Advanced Custom Fields Remote File Inclusion
Posted Jan 3, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).

tags | exploit, remote, php, code execution, file inclusion
advisories | OSVDB-87353
SHA-256 | 211cc121330742fad11775f13953820e22f2025d773fe3a885e62accdc9e3acd
WordPress Xerte Online 0.32 Shell Upload
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress Xerte Online plugin version 0.32 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9e1471059686b4e961c8ac940f2e04b1d4052bceac37ae587baadfee1050b3ce
WordPress Uploader 1.0.4 Shell Upload
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress Uploader plugin version 1.0.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 53b75f19799c13d11b6607cc9cba345c09e212d55444b7c54c4828de32017cb8
WordPress ReFlex Gallery 1.3 Shell Upload
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress ReFlex Gallery plugin version 1.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5a7972cf9303988631377a1aedd2e7506e0f1d4a9da51cc427459146ada8d3e3
Secunia Security Advisory 51687
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Joshua Reynolds has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | efeacb2e22f472178930dbca1fa0845ef1e05df4b4ed0941c642cefc4034ca8e
Secunia Security Advisory 51665
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aung Khant has discovered a security issue in CubeCart, which can potentially be exploited by malicious people to gain knowledge of sensitive information.

tags | advisory
SHA-256 | c34f648cebc8d969a1cda801c596db8fdd663bd49e8f1e93ea9f4394e37d85c3
Secunia Security Advisory 51629
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Windows, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
systems | windows
SHA-256 | 9fea7e7c2fe16cfb3a9128d36a1b6aaba59efe61a9bbefaa6c3c61f46c0330ef
Secunia Security Advisory 51697
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - joernchen has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection, ruby
SHA-256 | c53de4a619ff75ae8990ef1770a8d39c81744c7a1334b41d66e116669fe51ba4
Secunia Security Advisory 51703
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aung Khant has discovered multiple vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.

tags | advisory, vulnerability, csrf
SHA-256 | 2ff130923b8d8b0dd7dfba1c0004741cd9b82edbd70ad8b4bb43ccac0ca51df7
Secunia Security Advisory 51718
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in RuggedCom Rugged Operating System, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to hijack a user's session.

tags | advisory
SHA-256 | e639736114594d150e98f600eec77c2052888640a04c1e380aca3ef11c1eafd6
WordPress Shopping Cart 8.1.14 Shell Upload / SQL Injection
Posted Jan 3, 2013
Authored by Sammy FORGIT

WordPress Shopping Cart version 8.1.14 from Level Four Store Front suffers from remote SQL injection and shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 951abd74837c5df0549439721f23a575abafcc05749422fca7d29dd93f63fd3f
Secunia Security Advisory 51689
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 662bab53ab82508f640119860572586ff03692e8b32c59cdb43d90de16c537b9
Secunia Security Advisory 50832
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Google Doc Embedder plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 1355b85e3fb032f148ffcea35c6bb79fde8bd29c606c78195eae6577c3d2a7b8
Secunia Security Advisory 51710
Posted Jan 3, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in osTicket, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, sql injection, csrf
SHA-256 | be920b656d21cc57f657e490440c753004a928da15a9b442d5d6574e8a140ac0
Asterisk Project Security Advisory - AST-2012-015
Posted Jan 3, 2013
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk maintains an internal cache for devices. The device state cache holds the state of each device known to Asterisk, such that consumers of device state information can query for the last known state for a particular device, even if it is not part of an active call. The concept of a device in Asterisk can include things that do not have a physical representation. One way that this currently occurs is when anonymous calls are allowed in Asterisk. A device is automatically created and stored in the cache for each anonymous call that occurs; this is possible in the SIP and IAX2 channel drivers and through channel drivers that utilize the res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). Attackers exploiting this vulnerability can attack an Asterisk system configured to allow anonymous calls by varying the source of the anonymous call, continually adding devices to the device state cache and consuming a system's resources.

tags | advisory
advisories | CVE-2012-5977
SHA-256 | 773b7fb319c073a4c00909384b60645dea28da3fd585d83a3a36440ff0b98590
Asterisk Project Security Advisory - AST-2012-014
Posted Jan 3, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.

tags | advisory, web, overflow, udp, tcp
advisories | CVE-2012-5976
SHA-256 | 0eda4a18f48435624a5845545ce7bded4867ce8731fbb4a94114a41619146e72
Mandriva Linux Security Advisory 2013-001
Posted Jan 3, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-6085
SHA-256 | 98023f4d9132db57090088051e5e2ee2e1a8760b86910a9d1265a08a87f0e5c9
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close