exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-05-06

RSA Archer GRC 5.x XSS / Shell Upload
Posted May 6, 2013
Site emc.com

RSA Archer GRC version 5.x suffers from improper authorization, remote shell upload, and cross site scripting vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss
advisories | CVE-2013-0932, CVE-2013-0933, CVE-2013-0934
SHA-256 | 6a8a5e91e1b57ce0408f1ab97e52945082afdc7c31d4610a7ee64b7b5f03ed2e
Red Hat Security Advisory 2013-0788-01
Posted May 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0788-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6137
SHA-256 | 69e05585ba6d8d8814f688c1b52bb27b2f1508f025869853c0eea5b7c2bbdc7b
Mandriva Linux Security Advisory 2013-161
Posted May 6, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-161 - Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.

tags | advisory, java
systems | linux, mandriva
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436
SHA-256 | ffcfcad0a47762c3459b69a420724e734e59173d0e903c4fc4e1cb8318bc2a35
IBM SDK 7 New Security Issues
Posted May 6, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API.

tags | advisory, java
SHA-256 | 5ee140ef4ee1fbbba3be2d987e3af93d9141d6766d1e154771745114d62a987d
D-Link DSL-320B Authentication Bypass / Cross Site Scripting
Posted May 6, 2013
Authored by Michael Messner

D-Link DSL-320B suffers from persistent cross site scripting and multiple authentication bypass bypass vulnerabilities.

tags | exploit, vulnerability, xss, bypass
SHA-256 | 39f8eb0877b4a1479fcf473272af42277ef75ed9a0c42219a8756b0d491a8ad4
Javascript Page Interaction History Leak
Posted May 6, 2013
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Michal Zalewski put together a really amusing asteroids proof of concept to demonstrate how a modified version of the javascript ":visited" attack can be leveraged based on visibility. Proof of concept js included.

tags | exploit, javascript, proof of concept
systems | linux
SHA-256 | 0c1b7330caf6f1622bcdfe153cd13fde591641b80ff7a9881a550469301c5a39
Huawei SNMPv3 Buffer Overflow
Posted May 6, 2013
Authored by Roberto Paleari

The Huawei AR1220 SNMPv3 service suffers from multiple buffer overflow vulnerabilities. Proof of concept code included.

tags | exploit, overflow, vulnerability, proof of concept
SHA-256 | a2461e3befdfb50515c11ca9595e07480247ee2c8f41a08738dc3a72c2c19311
Webid 1.0.6 File Disclosure / SQL Injection
Posted May 6, 2013
Authored by Ahmed Aboul-Ela

Webid version 1.0.6 suffers from local file disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 18d44295209f490ad81cc1f5e3e8e12c5e0835f2ffdca7b29f8ebc0733e53a86
GetSimpleCMS 3.2.1 Cross Site Scripting
Posted May 6, 2013
Authored by Ahmed Elhady Mohamed

GetSimpleCMS version 3.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c104417689e0929e94e0ffb8bc8dcf34adf9b7f88d9438da13fcb5b0af45065d
GetSimpleCMS 3.2.1 Arbitrary File Upload
Posted May 6, 2013
Authored by Ahmed Elhady Mohamed

GetSimpleCMS version 3.2.1 suffers from a remote arbitrary file upload vulnerability due to not using whitelisting.

tags | exploit, remote, arbitrary, file upload
SHA-256 | 6e6a12193bbda8bbf5d3e8f79bc113751942309e56cc2e70e3ea96dc597d99f5
3CX Phone 11 Outdated Libraries
Posted May 6, 2013
Authored by Stefan Kanthak

3CXPhoneSystem11.exe (for Windows) comes with vulnerable outdated third party libraries and components.

tags | advisory
systems | windows
SHA-256 | 69cba503c241948b132b39eaebd4d6ea204480f2f09dd78aff20760fcccfa577
3CX Phone 6 Outdated Libraries
Posted May 6, 2013
Authored by Stefan Kanthak

3CXPhone6.msi (for Windows) comes with vulnerable outdated third party libraries and components.

tags | advisory
systems | windows
SHA-256 | bb201f262088d88b08a2e77776c0afb02bbbe6e69f68855536164dd78da9e033
Apache VCL 2.x XSS / Denial Of Service
Posted May 6, 2013
Authored by Josh Thompson

Apache VCL versions 2.1, 2.2, 2.2.1, 2.3, and 2.3.1 suffer from denial of service and cross site scripting vulnerabilities due to missing input validation.

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2013-0267
SHA-256 | 2c1c5596e8e13b9395cc426a070f1a3de460f01bc9bca5807ab970a455c1f3d9
Digital Whisper Electronic Magazine #41
Posted May 6, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 41. Written in Hebrew.

tags | magazine
SHA-256 | 943ec4e0485d74dd9ed39aa0d674f085cffe2af06b44da200b7904e9cc427b26
JW Player / JW Player Pro 5.x Cross Site Scripting
Posted May 6, 2013
Authored by MustLive

JW Player and JW Player Pro versions prior to 5.10.2393 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3245ddea3643dcef93da43abf81563693bdd734be6dea6a9c28c227473275b39
NTDS Hash Decoder 01.b
Posted May 6, 2013
Authored by Kevin Devine

This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.

tags | tool
systems | windows
SHA-256 | 9f18945c55a2fbd9055540900907f3a8eaa040d2e359f0cf0c72ca1e9f641b44
VideoJS Cross Site Scripting
Posted May 6, 2013
Authored by MustLive

VideoJS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 139174ef78c5cd7005b493eea97a84315c36e8d0deb9be083d494629a3bc8d5d
MyBB Games Cross Site Scripting
Posted May 6, 2013
Authored by Darksnipper, Soul~inj3ctor, Dream.Killer

MyBB Games suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4587a32c6a64a7513957760fbd359aa4690e411b2d53bfdc353478481de946cf
Fujitsu Lifebook A512 Out Of Date
Posted May 6, 2013
Authored by Stefan Kanthak

The Fujitsu Lifebook A512 with Windows 8 Professional x64 factory preinstallation comes shipped with out of date vulnerability components and insecure installations.

tags | advisory
systems | windows
SHA-256 | 149be66ca877ed618264fb078501befafb7a2310c8c9244bbcb494a5d08d46b6
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close