exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-08-12 to 2013-08-13

HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow
Posted Aug 12, 2013
Authored by juan vazquez, e6af8de8b1d4b2b6d5ba2610cbf9cd38 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 10.0. The vulnerability is due to an insecure usage of the sscanf() function when parsing login requests. This Metasploit module has been tested successfully on the HP VSA 9 Virtual Appliance.

tags | exploit, overflow
advisories | CVE-2013-2343, OSVDB-94701
SHA-256 | c810c80e4fc09b6a9392a10756eb6cd6120f71ac14b60f6318728483ac84327b
Open-FTPD 1.2 Arbitrary File Upload
Posted Aug 12, 2013
Authored by Serge Gorbunov | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found in Open&Compact FTP server. The software contains an authentication bypass vulnerability and a arbitrary file upload vulnerability that allows a remote attacker to write arbitrary files to the file system as long as there is at least one user who has permission. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, arbitrary, vulnerability, code execution, bypass, file upload
systems | windows
advisories | CVE-2010-2620, OSVDB-65687
SHA-256 | 1c6829f3aa5790761fb910b2f802e2c160f810883ffc902bf2614ece3bbacfae
WATOBO 0.9.13
Posted Aug 12, 2013
Authored by Andreas Schmidt | Site watobo.sourceforge.net

WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.

Changes: Faster socket communication. Various module updates. Addition of the WShell plugin and much more.
tags | tool, web, local, scanner, vulnerability, xss, sql injection
systems | linux, unix
SHA-256 | ecc5cef05aa502575841bd3e15d42e0dc6e464feff4a873f60fa69774446b024
IBM Advanced Management Module Cross Site Scripting
Posted Aug 12, 2013
Authored by Jens Regel

The IBM Advanced Management module suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4007
SHA-256 | 5ab611a253a002c9df7f06dd2376c7652772ce0ea5af2e27482bcd1b097504f7
Debian Security Advisory 2737-1
Posted Aug 12, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2737-1 - Several vulnerabilities have been discovered in Swift, the Openstack object storage.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2161, CVE-2013-4155
SHA-256 | 919524417f732e6607d2bbf583b49fa6d0f577aaccfbc8eb587d12e9c0f29639
Red Hat Security Advisory 2013-1151-01
Posted Aug 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1151-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A flaw was discovered in the way authenticated connections were cached on the server by remote-naming. After a user has successfully logged in, a remote attacker could use a remoting client to log in as that user without knowing their password, allowing them to access data and perform actions with the privileges of that user. A flaw was discovered in the way connections for remote EJB invocations via the EJB client API were cached on the server. After a user has successfully logged in, a remote attacker could use an EJB client to log in as that user without knowing their password, allowing them to access data and perform actions with the privileges of that user.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-4128, CVE-2013-4213
SHA-256 | 5e6d958816f76a7dc58ecb35d6843de010eada38c87140b78c803ed75e597feb
Red Hat Security Advisory 2013-1152-01
Posted Aug 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1152-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A flaw was discovered in the way authenticated connections were cached on the server by remote-naming. After a user has successfully logged in, a remote attacker could use a remoting client to log in as that user without knowing their password, allowing them to access data and perform actions with the privileges of that user. A flaw was discovered in the way connections for remote EJB invocations via the EJB client API were cached on the server. After a user has successfully logged in, a remote attacker could use an EJB client to log in as that user without knowing their password, allowing them to access data and perform actions with the privileges of that user.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-4128, CVE-2013-4213
SHA-256 | 3129717156814de23bcb00f945fb1a5cf0db456762e86140e961bb07bf3ce419
Mandriva Linux Security Advisory 2013-211
Posted Aug 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-211 - It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4160
SHA-256 | 688dff96b4b4e229239cd91d4d689b8039be5f55537ba6344a4905ec3b2f7fa2
Debian Security Advisory 2736-1
Posted Aug 12, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2736-1 - Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4206, CVE-2013-4207, CVE-2013-4208, CVE-2013-4852
SHA-256 | ea09b6ba2cb0bdb082e50ab33851abed8f3f23e0762016e7993144257b9c0498
Sami FTP 2.0.1 MKD Buffer Overflow
Posted Aug 12, 2013
Authored by Polunchis

Sami FTP server version 2.0.1 MKD buffer overflow exploit with ASLR bypass.

tags | exploit, overflow
SHA-256 | ff9131394ac1e94674f687d783811a31ed116f377901defe7b7fde3fc1fcd459
PE (Portable Executable) File Format
Posted Aug 12, 2013
Authored by Nytro

This paper describes the PE (Portable Executable) file format used by Windows executables (.exe), dynamic link libraries (.dll) and other files: system drivers or ActiveX controls. It is written in Romanian.

tags | paper, activex
systems | windows
SHA-256 | a2646c777b4db6e736b6d280dbe7880941e981053a622f50cc9a96c813f0425e
Indrajith FTP Cracker
Posted Aug 12, 2013
Authored by Ajith KP

Indrajith FTP cracker is a dictionary-based FTP username and password cracker. Source included.

tags | cracker
SHA-256 | 8aea2aa3fcf09b993a9622b1814fc1f7e90da1343f5e12ee6387d0eac291be80
Packet Storm Advisory 2013-0811-1 - Oracle Java storeImageArray()
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
advisories | CVE-2013-2465, OSVDB-96269
SHA-256 | 08adb1b876765479572292aa1527fb22f2fcaf677de1dde38930f0ef325407cb
Packet Storm Exploit 2013-0811-1 - Oracle Java storeImageArray() Invalid Array Indexing Code Execution
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
advisories | CVE-2013-2465, OSVDB-96269
SHA-256 | 4bf1140afc7eb451ce1428add296d72b7d28232fc859db141fba065ebfc18d26
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close