what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-07-01

Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
Posted Jul 1, 2013
Authored by Tavis Ormandy, egypt, sinn3r, juan vazquez, progmboy, Meatballs, Keebie4e | Site metasploit.com

This Metasploit module exploits a vulnerability on EPATHOBJ::pprFlattenRec due to the usage of uninitialized data which allows to corrupt memory. At the moment, the module has been tested successfully on Windows XP SP3, Windows 2003 SP1, and Windows 7 SP1.

tags | exploit
systems | windows
advisories | CVE-2013-3660, OSVDB-93539
SHA-256 | 2612430b8b89a0e631ac0fc7cddbfe75efb7eff156c315c62b9215b7b3af9cda
Barracuda SSL VPN 680Vx 2.3.3.193 Cross Site Scripting
Posted Jul 1, 2013
Authored by LiquidWorm | Site zeroscience.mk

Barracuda SSL VPN 680Vx version 2.3.3.193 suffers from multiple stored cross site scripting vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 6cdaa46c9bda87ca1e53f2efc0784e86468f2880406bfb90ebb5411edcd0dffa
WinAmp 5.63 Null Pointer Dereference
Posted Jul 1, 2013
Authored by Julien Ahrens | Site security.inshell.net

An invalid pointer dereference vulnerability has been identified in WinAmp version 5.63. The application loads the contents of the %APPDATA%\WinAmp\links.xml on startup (the key lngId="default") and while browsing through the bookmarks in the Browser view of the GUI, but does not properly validate the length of the string loaded from the "<link name>" and "<home url>" keys before using them in a pointer call in the library gen_ff.dll, which leads to a invalid pointer dereference condition with possible code execution.

tags | advisory, code execution
advisories | CVE-2013-4695
SHA-256 | 99fc912aec9bf8e6915bfe5b9f35e6490007597a4a95e0a25c852c3364dc998f
Red Hat Security Advisory 2013-1006-01
Posted Jul 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1006-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-5575, CVE-2012-5783, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | cb65575734339ab1d8443e7504fc17b4b00c1fcfe52f5530b58826c2e7774085
WinAmp 5.63 Buffer Overflow
Posted Jul 1, 2013
Authored by Julien Ahrens | Site security.inshell.net

WinAmp version 5.63 suffers from a stack-based buffer overflow vulnerability. The application loads the directories in %PROGRAMFILES%\WinAmp\Skins on startup to determine the skins that have been installed and to list them in the application menu point "Skins" and in the Skins Browser. But the application does not properly validate the length of the directory name before passing it as argument to a lstrcpynW call in the library gen_jumpex.dll, which leads to a buffer overflow condition with possible code execution.

tags | exploit, overflow, code execution
advisories | CVE-2013-4694
SHA-256 | a76ea933b9df26a37cc6888564494cffff7f2cecd9238e9b31fca155cae86ed4
HP Security Bulletin HPSBHF02888
Posted Jul 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02888 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2340, CVE-2013-2341
SHA-256 | 1eb59cdc97c3f7849e0a2f83ef4e8f44509ad160024149da079d1292a6d1c01f
Apache Geronimo 3 RMI Classloader Exposure
Posted Jul 1, 2013
Authored by Pierre Ernst

A misconfigured RMI classloader in Apache Geronimo version 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.

tags | advisory
advisories | CVE-2013-1777
SHA-256 | 86669e472c9cf821a0760e19d102a87138e31d290ff34eba5d75915bcc9ca407
HP Security Bulletin HPSBST02846 SSRT100798 2
Posted Jul 1, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02846 SSRT100798 2 - Potential security vulnerabilities have been identified with HP LeftHand Virtual SAN Appliance hydra. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-3282, CVE-2012-3283, CVE-2012-3284, CVE-2012-3285, CVE-2013-2343
SHA-256 | ecd67a27e8bf5289d2c9aab6f35a36704f248b7cbdfc521e7ab41861ddd664d2
Link Farm Evolution 1.8.7 Cross Site Scripting
Posted Jul 1, 2013
Authored by Prakhar Prasad, Rafay Baloch

Link Farm Evolution version 1.8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5020d8f67969c4f8c291fe0640c5434a7e1e0adb0ad16d4a011077f64d73a5d4
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 1, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 2028c996580de522a32dde5854cbf70842581faf2ba0f030f8f845123ce2a451
Slackware Security Advisory - mozilla-firefox Updates
Posted Jul 1, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 71ad168c4e87b78e0c541319ff88a5dc66d33a4fcc47f0605690537a643953f3
Packet Storm New Exploits For June, 2013
Posted Jul 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 192 exploits added to Packet Storm in June, 2013.

tags | exploit
systems | linux
SHA-256 | 95019076b638e2f09aaf08a7874f0386a18e21c90290b3a25dd85a226c5662bc
Bifrost 1.2.1 Remote Buffer Overflow
Posted Jul 1, 2013
Authored by Mohamed Clay

Bifrost version 1.2.1 remote buffer overflow exploit that pops calc.exe.

tags | exploit, remote, overflow
SHA-256 | 62dd68238a1da5d034d191b4e95f75a9c2f18b158abd9e490b726604beb31d12
Bifrost 1.2d Remote Buffer Overflow
Posted Jul 1, 2013
Authored by Mohamed Clay

Bifrost version 1.2d remote buffer overflow exploit that pops calc.exe.

tags | exploit, remote, overflow
SHA-256 | 7aa0932d59358b9720ee801ba756f588bdae126d26de6daeba1dc040f4a04c2c
GLPI 0.83.9 Code Execution
Posted Jul 1, 2013

GLPI version 0.83.9 suffers from a remote PHP code execution vulnerability in the unserialize() function.

tags | exploit, remote, php, code execution
advisories | CVE-2013-2225
SHA-256 | 382173b69e5b1dc2a471b37ca3ebd677f1742f77e6ce5504c3668e6680febce1
Moxieplayer Content Spoofing
Posted Jul 1, 2013
Authored by MustLive

TinyMCE versions 3.4b2 through 4.0b3 and WordPress versions up to 3.5.1 suffer from content spoofing issues with Moxieplayer. .

tags | exploit, spoof
SHA-256 | 598b87e6a2a44fe517b2304a10e934f9b7d17b3ffadc7e40f05eb037bfca680d
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close