what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-06-26

Cisco Security Advisory 20130626-esa
Posted Jun 26, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | 932804e2be92ceffb38ea7ef95554351baadb97daa74dff946b5066e74d61a87
Xaraya 2.4.0-b1 Cross Site Scripting
Posted Jun 26, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Xaraya version 2.4.0-b1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-3639
SHA-256 | ed1a6f3ff2988a17b6db15e8220f076ffe9b16698f9b2452201a32c958af6c74
Mandriva Linux Security Advisory 2013-179
Posted Jun 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-179 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. Various other security issues were also addressed. The mozilla firefox packages have been upgraded to the latest ESR version which is unaffected by these security flaws.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | b0b72cafbc2361750e49e061e443bf4c31ccb39cd9f5d1f6c678247054a8cf27
Drupal Fast Permissions Administration Access Bypass
Posted Jun 26, 2013
Authored by Philip Boden | Site drupal.org

Drupal Fast Permissions Administration third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 11a82716b74d3388b64c64bd8529925dddcbabc2d3026fe8afbb8b4d42c34108
InstantCMS 1.6 Code Execution
Posted Jun 26, 2013
Authored by Akastep

InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.

tags | exploit, remote, shell, php, code execution
SHA-256 | 58c5a918b42d3c4c9947890483bf68e4a4eea813701b686f794e5f548a9a717d
PCMan's FTP Server 2.0 Directory Traversal
Posted Jun 26, 2013
Authored by Chako

PCMan's FTP Server version 2.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | befd414d7607ce444c68284006a6190f924ef4ab3b45babc6053af1f64729a1d
Motion 3.2.12 XSS / CSRF / Buffer Overflow / SQL Injection
Posted Jun 26, 2013
Authored by xistence

Motion version 3.2.12 suffers from buffer overflow, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, overflow, vulnerability, xss, sql injection, csrf
SHA-256 | b0344ad160e1b46270a65b0478d5055eea41ebe9ede1d2cfbe6032d25f57175b
ZPanel zsudo Local Privilege Escalation
Posted Jun 26, 2013
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the zsudo binary, installed with zpanel, to escalate privileges. In order to work, a session with access to zsudo on the sudoers configuration is needed. This Metasploit module is useful for post exploitation of ZPanel vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute zsudo on the sudoers file.

tags | exploit, web, vulnerability
SHA-256 | 52e9e7c654a610547771110083d88813bc9a4795b691c2e9a5c3e03710e35924
Novell Client 2 SP3 nicm.sys Local Privilege Escalation
Posted Jun 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a flaw in the nicm.sys driver to execute arbitrary code in kernel space. The vulnerability occurs while handling ioctl requests with code 0x143B6B, where a user provided pointer is used as function pointer. The module has been tested successfully on Windows 7 SP1 with Novell Client 2 SP3.

tags | exploit, arbitrary, kernel
systems | windows
advisories | OSVDB-93718
SHA-256 | 29e2599fa19955b4e378cc384fac89d22004319b161281a41dcdcb36beb3e0b5
PHP Charts 1.0 Remote Code Execution
Posted Jun 26, 2013
Authored by infodox

This exploit leverages an eval() bug in the PHP Charts library allowing for remote code execution. A reverse shell is delivered using Perl.

tags | exploit, remote, shell, perl, php, code execution
SHA-256 | 029603a16bd1c86cec4981c7cc5216c1aedd6bad4d2e981fafffc02c8f122825
FreeBSD 9 Address Space Manipulation Privilege Escalation
Posted Jun 26, 2013
Authored by Alan Cox, Hunger, sinn3r, Konstantin Belousov | Site metasploit.com

This Metasploit module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation. Systems such as FreeBSD 9.0 and 9.1 are known to be vulnerable.

tags | exploit
systems | freebsd
advisories | CVE-2013-2171, OSVDB-94414
SHA-256 | 9d8c78182da26e1da3cf3977d1da297ce969b5376665d620df728cbdcad3f431
PHP-CGI Argument Injection
Posted Jun 26, 2013
Authored by infodox

Exploit for the PHP-CGI argument injection vulnerability disclosed in 2012. Has file uploading, inline shell spawning, and both python and perl reverse shell implementations using an earlier version of the "payload" library written for such exploits.

tags | exploit, shell, cgi, perl, php, python, file upload
systems | unix
advisories | CVE-2012-1823
SHA-256 | e1af41b9b973cb570db69238e6f14f4459e72926e687318f078562f00ce29e0f
LotusCMS 3.0 PHP Code Execution
Posted Jun 26, 2013
Authored by infodox

LotusCMS version 3.0 remote PHP code execution exploit as disclosed in 2011. It spawns a reverse shell.

tags | exploit, remote, shell, php, code execution
advisories | OSVDB-75095
SHA-256 | 56acf18780a5602a4ab5e831ef3c7a6cfef83560842950e615cae1fc4847bc4b
Debian Security Advisory 2714-1
Posted Jun 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2714-1 - Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation.

tags | advisory, kernel
systems | linux, freebsd, debian
advisories | CVE-2013-2171
SHA-256 | 26e535e94e7f71003a1fffd0d098d7f8d670f7c87a3b3313885b7e81b305b395
WHMCS Cross Site Request Forgery
Posted Jun 26, 2013
Authored by MadLeeTs

WHMCS appears to suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b5796b396efd0618d69da2887baf2e280c72e6f06191cd17881fdc38654ec207
SCTP Reverse Shell
Posted Jun 26, 2013
Authored by infodox

This is a reverse shell over SCTP implemented in Python. Currently it does not use SSL, but may evade most firewalls and IDS devices as many of them seemingly have no rules in place to check SCTP traffic.

tags | tool, shell, rootkit, python
systems | unix
SHA-256 | 6743f69ce173275310d5f2ffe1d1a49e6786c7abd202da271f4e6f25bd156590
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close