what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 51 RSS Feed

Files Date: 2013-02-05

Java SE Proof Of Concept Code
Posted Feb 5, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This is an archive that houses all of the proof of concept code for the issues affecting Java SE as reported in SE-2012-01 by Security Explorations.

tags | exploit, java, proof of concept
advisories | CVE-2013-0437, CVE-2013-1478, CVE-2013-1480
SHA-256 | 29990bedc5aaf8fec7315dabd3c309b9e55195b778db471fd572429d9a0d9159
Ubuntu Security Notice USN-1681-4
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-4 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743
SHA-256 | bf192cfff19c29e10b100e4aec1f13cafb8ca88e7634b0553139b7a451b50736
Linksys E1500 / E2500 CSRF / XSS / Command Execution / Traversal
Posted Feb 5, 2013
Authored by Michael Messner

Linksys models E1500 and E2500 suffer from cross site request forgery, cross site scripting, OS command injection, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, csrf
SHA-256 | 2190f55bd127ac7423c9c743f4167459612f148b992042f0bd75b4b858c6d942
HP Security Bulletin HPSBST02846 SSRT100798
Posted Feb 5, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02846 SSRT100798 - Potential security vulnerabilities have been identified with HP LeftHand Virtual SAN Appliance hydra. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-3282, CVE-2012-3283, CVE-2012-3284, CVE-2012-3285
SHA-256 | 7cbc99cc15b1c65435a26d46b4aca1b9291a13d67dac603fb9ab64d5a57b2292
Mandriva Linux Security Advisory 2013-007
Posted Feb 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-007 - This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389
SHA-256 | f5a1c34858824d1881921e777f921ed942d8506bf1d30a4c663954e96f6caef7
ezStats For Battlefield 3 0.91 XSS / Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats for Battlefield 3 version 0.91 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | f5b8e559926beca46afba459941ed9dd04aac8f272d789dbb0fd55b3a2fc2fce
ezStats2 For Playstation Network 1.10 Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats2 for Playstation Network version 1.10 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 95d1e398fd1f3aed8cc7ee3aa15b6960c309c5660b77cba1b20aa7632a2ea5b9
ezStats2 Serverviewer 0.62 Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats2 Serverviewer version 0.62 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | c47f90f38309baa06b8af48bfa4202d6730bd7e0cdf210720552609fa9c65015
ezStats2 For Medal Of Honor Warfighter 1.0 Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats2 for Medal of Honor Warfighter version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ff61a0d26f12481d625b37a5a47fffd3ce8c580f6db84af42abb84f45e5f149a
Lorex LNC116 / LNC104 IP Camera Authentication Bypass
Posted Feb 5, 2013
Authored by Jason Doyle

Lorex LNC116 and LNC104 IP cameras only perform basic authentication on the main login page. If you perform direct browsing to any other interface, you are not forcibly authenticated.

tags | exploit, bypass
advisories | CVE-2012-6451
SHA-256 | 532d540044cc96ed4cfe086c59d4780d62b41757e2ba6cc0661bfb60590b25f3
Netzob 0.4.1
Posted Feb 5, 2013
Site netzob.org

Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).

Changes: While the previous release introduced a large amount of changes, this one focuses on stability, UI, and model export towards Wireshark and Peach Fuzzer. Thanks to the new plugin mechanism, that was introduced in the previous release, some great features such as Wireshark and Peach exporters are now available as plugins, allowing you to dissect and fuzz proprietary protocols with well-known tools. It also added some new dialogs for configuring the workspace and projects, and to manage imported traces.
tags | tool, web, tcp, protocol
systems | unix
SHA-256 | f3b03410fdb11d74fbf08ce3e8bbe50d66ab4885564a4d1e3038648079df1e71
Cisco Unity Express Cross Site Request Forgery / Cross Site Scripting
Posted Feb 5, 2013
Authored by Jacob Holcomb

Cisco Unity suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
systems | cisco
advisories | CVE-2013-1120, CVE-2013-1114
SHA-256 | b068be738d33fe236140afc114dc3e0fbab4151b887109f24eef615fdca1fdaa
Ubuntu Security Notice USN-1715-1
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1715-1 - Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0247
SHA-256 | 6931121898407cec646aa576445f110d3643fe67cbbeb3559b44c52d6f2575c1
Red Hat Security Advisory 2013-0223-01
Posted Feb 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0223-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-4398, CVE-2012-4461, CVE-2012-4530
SHA-256 | 23104a0b9abf52386877248cf3fda61cea983577bc8d351a059a8b00c18b9e53
Ubuntu Security Notice USN-1714-1
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1714-1 - It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0241
SHA-256 | 34e5a5471b41675ffbad0db9aa777c0850bcbeb3a4429c30dbd0066bb7633a06
Apple Security Advisory 2013-02-04-1
Posted Feb 5, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-02-04-1 - OS X Server version 2.2.1 is now available and addresses security issues in Profile Manager and Wiki Server.

tags | advisory
systems | apple, osx
advisories | CVE-2013-0156, CVE-2013-0333
SHA-256 | 1539326776e23788431f0984ab4d0680604244ca202a398ecc143ae598d269a1
Hiverr 2.2 Shell Upload / SQL Injection
Posted Feb 5, 2013
Authored by xStarCode

Hiverr version 2.2 suffers from remote shell upload, information disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, info disclosure
SHA-256 | 75925c789076694615f0da0d2ea89760bed4b6da0c067ce264f78bd92641c089
Oracle Auto Service Request File Clobber
Posted Feb 5, 2013
Authored by Larry W. Cashdollar

Oracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.

tags | exploit, denial of service, root
systems | solaris
SHA-256 | 3201569e185a30abb901fe01ff0684a58d22ab75b3d2eb41883373ead659d4e8
Sony Playstation Vita Addressbar Spoofing
Posted Feb 5, 2013
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.com

The Sony Playstation Vita browser that is in firmware version 2.05 suffers from an addressbar spoofing vulnerability.

tags | exploit, spoof
SHA-256 | 4f94f5e5c19e28c6340f59b12d08adb37173a79130562d0dcdf3c0ae6a51fd9a
DataLife Engine 9.7 Session Fixation
Posted Feb 5, 2013
Authored by Timur Yunusov | Site ptsecurity.com

DataLife Engine versions 9.7 and below appear to suffer from a session fixation vulnerability.

tags | exploit
SHA-256 | 30051446adef01da95c26d8b48d2e2e66c0ec348166de75102ba359fd0d0bb97
Lucky Thirteen: Breaking The TLS And DTLS Record Protocols
Posted Feb 5, 2013
Authored by Kenneth G. Paterson, Nadhem J. AlFardan

The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto secure protocol of choice for Internet and mobile applications. DTLS is a variant of TLS that is growing in importance. In this paper, the authors present distinguishing and plaintext recovery attacks against TLS and DTLS. The attacks are based on a delicate timing analysis of decryption processing in the two protocols. The authors include experimental results demonstrating the feasibility of the attacks in realistic network environments for several different implementations of TLS and DTLS, including the leading OpenSSL implementations. The authors provide countermeasures for the attacks. Finally, they discuss the wider implications of their attacks for the cryptographic design used by TLS and DTLS.

tags | paper, protocol
SHA-256 | 5e5f1f853fbe738cb8f080812f033a884a041ffb3a968f219a1bbc25ac8d892d
OpenSSL Security Advisory 20130205
Posted Feb 5, 2013
Site openssl.org

OpenSSL Security Advisory 20130205 - Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. Other issues have also been addressed.

tags | advisory
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
SHA-256 | 9c4459b12d23541849b3b7bba6f0980bf73c7efd0715788c8712fa8d0e9388ee
Opera SVG Use-After-Free
Posted Feb 5, 2013
Authored by cons0ul

Opera appears to suffer from a SVG use-after-free vulnerability.

tags | exploit
SHA-256 | d90e95931435f6286ab827232216ed637ec6b27b22b209246804429448843063
Secunia Security Advisory 52043
Posted Feb 5, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
SHA-256 | e92a8ec997894cff2383d7921b310e65489e70f2b096ee4e12f210d46cf0e615
Secunia Security Advisory 52084
Posted Feb 5, 2013
Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

SHA-256 | 6460873f00b577cedf5575de38336ed5b35c232763e43c4f3ba5cd658bda5260
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close