what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-12-14

YSTS 8th Edition Call For Papers
Posted Dec 14, 2013
Site ysts.org

The 8th edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on April 14th, 2014.

tags | paper, conference
SHA-256 | 3b0ac16b1c3d1f2f338ca329022283e37fe61b9f45603e36ae05e59c69b84867
Etoshop B2B Vertical Marketplace Creator 2.0 SQL Injection
Posted Dec 14, 2013
Authored by R3d-D3v!L

Etoshop B2B Vertical Marketplace Creator version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4c97856afca4f37a4169b6c77b646730273f7c0f06d478284d87bf03d17fa7c9
HP Security Bulletin HPSBMU02874 3
Posted Dec 14, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02874 3 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 3 of this advisory.

tags | advisory, java, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-3342, CVE-2012-4301, CVE-2012-4305, CVE-2013-0169, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0436, CVE-2013-0437, CVE-2013-0438, CVE-2013-0439, CVE-2013-0440
SHA-256 | 4c70eda32ba12099ad62298acd9d2be2d0eb44814e5ae0c535f3d1fb3f8c8e9c
Classifieds Creator 2.0 SQL Injection
Posted Dec 14, 2013
Authored by R3d-D3v!L

Classifieds Creator version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 469802ef4e01943e3566c6fe54ad7a3e3e9a3e84b4851b5694bd10c727f2d6c7
C2C Forward Auction Center SQL Injection
Posted Dec 14, 2013
Authored by R3d-D3v!L

C2C Forward Auction Creator version 2.0 suffers a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ae31cd335ed87386bcafdb14fe024120d0f470311e5145ece776f00d8bebba93
Bypassing Modern Web Application Firewalls
Posted Dec 14, 2013
Authored by Rafay Baloch

This whitepaper is called Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters.

tags | paper, web
SHA-256 | 65acaee3edb30787203ec67ebd4b8e85f2ced5170a1f786efb797a9df09856b3
iScripts MultiCart 2.4 Cross Site Request Forgery / Cross Site Scripting
Posted Dec 14, 2013
Authored by Saadat Ullah

iScripts MultiCart versions 2.4 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8116f2279a10f7bdb72b6df08d209697707902f047a882d86a524e3a509ac792
Osclass 3.3 Cross Site Request Forgery / SQL Injection / Traversal
Posted Dec 14, 2013
Authored by R3d-D3v!L

Osclass version 3.3 suffers from cross site request forgery, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion, csrf
SHA-256 | 4fa3514459f4aca30fccd02be0cf6585b6640c1c254bb345c870f8314607400b
IBM SPSS 21 Weak Cryptography Implementation
Posted Dec 14, 2013
Authored by Ben Pfaff

IBM SPSS2 21 and later suffer from use of an encryption scheme with inherent weaknesses.

tags | advisory
SHA-256 | c58972c405ed50c8cc26d0d54d3e71001da9a74b2fb837e0a855029df5beba68
Microsoft Online, Office And Cloud Persistent Encoding Issues
Posted Dec 14, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Online, Office and Cloud suffer from persistent encoding issues that can allow for cross site scripting.

tags | exploit, xss
SHA-256 | 63cf5e2791308ca0d363962ff6c757b4793ef7bcfe09f63ed76b3d045e0a8e1f
Simple Machines Forum Username Faking / Clickjacking
Posted Dec 14, 2013
Authored by Jakob Lell | Site jakoblell.com

Simple Machines Forum suffers from username impersonation and clickjacking issues. These issues are are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5.

tags | advisory
SHA-256 | ec054b0bcc023ef1325986cda6d0998e1dc4e6a4098ffcf06f2400521afdec66
Red Hat Security Advisory 2013-1801-01
Posted Dec 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller implementation. A privileged guest user could use this flaw to crash the host.

tags | advisory, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2141, CVE-2013-4470, CVE-2013-6367, CVE-2013-6368
SHA-256 | d0f1b4d682fc9cc34de66855fdecdbfa199350b9da866e2821619994c2c3dc37
Red Hat Security Advisory 2013-1829-01
Posted Dec 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1829-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
SHA-256 | f778761e056c7efa104a541475faedf8d662d6d1bb56cca7afb6b493634b3cde
Red Hat Security Advisory 2013-1802-01
Posted Dec 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1802-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-6367
SHA-256 | 488924ed85a07410046fc5c802fdf12cb089449d350cd905dea1f623e371af24
Ubuntu Security Notice USN-2055-1
Posted Dec 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2055-1 - Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2013-6420, CVE-2013-6712, CVE-2013-6420, CVE-2013-6712
SHA-256 | c6ef991d0ccc41796972414e6d71c5b30987d4a61cbb7d2479a0c2048a6270da
Debian Security Advisory 2816-1
Posted Dec 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2816-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2013-6420, CVE-2013-6712
SHA-256 | a0155be6343e9327de45b565e42824097017d0c21bade638fa6da7395e180c7f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close