what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2013-08-08

D-Link Devices Unauthenticated Remote Command Execution
Posted Aug 8, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in tools_vct.xgi, which is accessible with credentials. This Metasploit module has been tested with the versions DIR-300 rev A v1.05 and DIR-615 rev D v4.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit, web
advisories | OSVDB-92698
SHA-256 | 9d58ec6df990b7786634d5c2bda806a6512ca58a1d498965975b3ba04c0ab5c4
Firefox onreadystatechange Event DocumentViewerImpl Use After Free
Posted Aug 8, 2013
Authored by webDEViL, sinn3r, juan vazquez, temp66, Nils | Site metasploit.com

This Metasploit module exploits a vulnerability found on Firefox 17.0.6, specifically an use after free of a DocumentViewerImpl object, triggered via an specially crafted web page using onreadystatechange events and the window.stop() API, as exploited in the wild on 2013 August to target Tor Browser users.

tags | exploit, web
advisories | CVE-2013-1690, OSVDB-94584
SHA-256 | e39e25d6845ff273ea20decb29f0fdfaca25648ab187f57278e8c2b631ce94c2
Drupal Monster Menus 6.x / 7.x Access Bypass
Posted Aug 8, 2013
Site drupal.org

Drupal Monster Menus third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 7fb2c6eae9f60e15363d5c38f33457952348d27b086229fe30b748cd0f032469
Drupal Organic Groups 7.x Access Bypass / Information Disclosure
Posted Aug 8, 2013
Authored by Hunter Fox, Nic Ivy | Site drupal.org

Drupal Organic Groups third party module version 7.x suffers from access bypass and information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
SHA-256 | 64c8074669e4282c4ae41a821ed5a2319b610f4414b29b97de3986788f96eb26
PHPFox 3.6.0 SQL Injection
Posted Aug 8, 2013
Authored by Matias Fontanini

PHPFox version 3.6.0 build 3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 4cf237ed2cef291f424e07c47a37d6fb5149703bfeb2f9de694762fed5576060
Drupal Mozilla Persona 7.x Cross Site Request Forgery
Posted Aug 8, 2013
Authored by Heine Deelstra | Site drupal.org

Drupal Mozilla Persona third party module version 7.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | de5866c021082ed1759ffd6d9f150bed928dd41269a5fe08bec4bd41d12e95a1
Drupal Authenticated User Page Caching 7.x Information Disclosure
Posted Aug 8, 2013
Authored by Lorenz Schori | Site drupal.org

Drupal Authenticated User Page Caching third party module version 7.x suffers from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | da21ad32bdc5b8f39e6fa2645c41be2c88e5b3b14b3455eff3be5f47262807bc
Drupal RESTful Web Services 7.x Access Bypass
Posted Aug 8, 2013
Authored by Chris Oden | Site drupal.org

Drupal RESTful Web Service third party module version 7.x suffer from a remote access bypass vulnerability.

tags | advisory, remote, web, bypass
SHA-256 | 44976492ccf59db238880406de2d2b95d0c6019dc79d634c3bdf3770e3571cba
Cisco Security Advisory 20130807-tp
Posted Aug 8, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials. The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, web
systems | cisco
SHA-256 | 2ea6d0b1e64581d52717ea1757cc8500805b2b67cfb999703c1df4b10a59e436
Apache suEXEC Privilege Escalation / Information Disclosure
Posted Aug 8, 2013
Authored by Kingcope

Apache suEXEC suffers from privilege escalation and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 6eddc12273e6a9546d9219b053ff012eff046f9697318a4bec44daadab5df846
BigTree CMS 4.0 RC2 XSS / CSRF / SQL Injection
Posted Aug 8, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

BigTree CMS version 4.0 RC2 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2013-4879, CVE-2013-4880
SHA-256 | 9da95b8db9bd5d7ab61e1c4e5943ab6b7fb602a7159e15bbacf88d7869e408c4
Trustport Webfilter Traversal / File Disclosure
Posted Aug 8, 2013
Authored by Oliver Karow | Site oliverkarow.de

Trustport Webfilter version 5.5.0.2232 suffers from a remote file disclosure and traversal vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 0a40dc9d70c4a31728c655ee319583daaaf44b92e79022f423a8adb2d1a6e46f
Advanced Guestbook 2.4.3 Shell Upload
Posted Aug 8, 2013
Authored by Ashiyane Digital Security Team

Advanced Guestbook version 2.4.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 29a77059e18d788d602a7ca2a5a627fa3676928f33b6bbe62e2d2ade7590b632
Open And Compact FTP Server 1.2 Bypass / Directory Traversal
Posted Aug 8, 2013
Authored by Wireghoul

Open and Compact FTP server version 1.2 authentication bypass and directory traversal SAM retrieval exploit.

tags | exploit, bypass, file inclusion
advisories | CVE-2010-2620, OSVDB-65687
SHA-256 | 0aa630f3b70ad7a6a9b5a6a29346d0cca04ee11570d82597dcfe2a39b5d05d09
Android Weblogin: Google's Skeleton Key
Posted Aug 8, 2013
Authored by Craig Young

Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.

tags | exploit, proof of concept
systems | linux
SHA-256 | 917ef9c7b31e3a0e0835376c951d3aec56779e5a92b79073ee01261b4a737f47
Ubuntu Security Notice USN-1925-1
Posted Aug 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1925-1 - Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a document's URI could be set to the URI of a different document. If a user had scripting enabled, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717, CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 4840655df1aa4f3384933ccb3c2e90a78306e806597ac7d624680ac7c17cdc1a
Red Hat Security Advisory 2013-1140-01
Posted Aug 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1140-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox generated Certificate Request Message Format requests. An attacker could use this flaw to perform cross-site scripting attacks or execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | d1ea76370636127b4864079e126d370741fa0005db39cf1d9669d415ea313881
Red Hat Security Advisory 2013-1144-01
Posted Aug 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1144-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographic module. It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0791, CVE-2013-1620
SHA-256 | 140a763fee0b505fdf0106a347f42680f7e1f7ae60671abfe1f48a21a770b565
Red Hat Security Advisory 2013-1145-01
Posted Aug 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1145-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.6 is retired as of August 7, 2013, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages after the final errata release, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after this date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after August 7, 2013. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.

tags | advisory
systems | linux, redhat
SHA-256 | eb89e214c02bcebfea25aa39eec5760624e5b556df0f77e016d2c52b2d093bf9
Red Hat Security Advisory 2013-1142-01
Posted Aug 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1142-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird generated Certificate Request Message Format requests. An attacker could use this flaw to perform cross-site scripting attacks or execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 6e679b599e006bf8213654491aeb2584f7fe6c4b42178ee60bdfac7f93a22313
Red Hat Security Advisory 2013-1143-01
Posted Aug 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1143-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue only affected the JBoss Web Services Native stack as Red Hat JBoss SOA Platform 4 and Red Hat JBoss Portal 4 do not use JBoss Web Services CXF.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-5575
SHA-256 | b8d8b481f4dd2da7259425c0482c7654327f99b3327dce6c13b76d8dcb336eb2
Debian Security Advisory 2735-1
Posted Aug 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2735-1 - Multiple security issues have been found in Iceweasel, Debian's version missing permission checks and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, privilege escalation, bypass of the same-origin policy or the installation of malicious addons.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 7aaf510fafe53ade56d45dadc0e018b9cc4df241abe27e5dd5d98ed9b2e52245
Mandriva Linux Security Advisory 2013-210
Posted Aug 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-210 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting attacks by loading scripts from a misrepresented malicious site through relative locations and the potential access of stored credentials of a spoofed site. Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting attack when Certificate Request Message Format request is generated in certain circumstances. Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting or the installation of malicious add-ons from third-party pages. Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting attacks by web workers. Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the local file system. Mozilla developer John Schoenick later discovered that fixes for this issue were inadequate and allowed the invocation of Java applets to bypass security checks in additional circumstances. This could lead to untrusted Java applets having read-only access on the local files system if used in conjunction with a method to download a file to a known or guessable path. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by these security flaws.

tags | advisory, web, arbitrary, local, spoof, javascript, xss
systems | linux, mandriva
advisories | CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | 06e1eccc8317c48199bbdf0816b441552d6c5a399b5a21ddd3ebe80a6bcf1ac9
Brick7 Search Engine Cross Site Scripting
Posted Aug 8, 2013
Authored by Dshellnoi Unix

The Brick7 search engine suffers from multiple cross site scripting vulnerabilities. The vendor has not responded to the author for more than two months. Note that this advisory has site-specific information.

tags | exploit, vulnerability, xss
SHA-256 | 3dbced1ac11434f635065a12378197cc099a391f90a57d9c4d743660dc05b8f0
PHP VID XSS / SQL Injection / CRLF Injection
Posted Aug 8, 2013
Authored by 3spi0n

PHP VID suffers from cross site scripting, remote SQL injection, and CRLF injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
SHA-256 | 6c7f7345977e15097b906b10ba4a8141dc3482c98eca4df98a497d15d7ec4dd8
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close