what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 79 RSS Feed

Files Date: 2012-03-29 to 2012-03-30

SMF 2.0.2 Cross Site Scripting
Posted Mar 29, 2012
Authored by Am!r | Site irist.ir

SMF version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8a24d74ec72c3f3c5a5641aa378d76fba73e19c15a756f998b0b616a548362c2
OWASP Global AppSec Research (EU) Conference 2012 Call For Papers
Posted Mar 29, 2012
Site easychair.org

In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.

tags | paper, conference
SHA-256 | b67ff68635b0da527a9389e954b4fa15fc435fa409b274cf649d45bc21db5d36
McAfee Email And Web Security Appliance Session Hijacking
Posted Mar 29, 2012
Authored by Ben Williams | Site ngssoftware.com

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.

tags | advisory, web
SHA-256 | ea917b03e7a1554b15684bdf3c879c93ffadab2739f8cdd41c0e98cfd264ec09
McAfee Email And Web Security Appliance Cross Site Scripting
Posted Mar 29, 2012
Authored by Ben Williams | Site ngssoftware.com

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.

tags | advisory, web, xss
SHA-256 | 0c1840f7a89acaf990fbe44ab43b5a65bc48fca9f572401830ddd523cc72dcde
Gentoo Linux Security Advisory 201203-23
Posted Mar 29, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-23 - Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. Versions less than 0.10.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1162, CVE-2012-1163
SHA-256 | 3dc6ec677cef70e1de94b2d06ab3401e1e55afa0cbebc37c8c0cb6bceef728e8
Red Hat Security Advisory 2012-0434-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-0773
SHA-256 | 214097b723d5e1016a9378358b8884c8afd2d66057492714e906754204d059dd
Red Hat Security Advisory 2012-0436-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-1145
SHA-256 | 45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4
Ubuntu Security Notice USN-1197-8
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
SHA-256 | d65d4721c97ea8c2b04ae4bf5108126edba21737d791da66ab764bc731edc55d
Ubuntu Security Notice USN-1413-1
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-1585
SHA-256 | fa24d61a1e2ebc2f10bb016c59b802b5caa5ee81f5cd0d430c76d972c159a045
Ubuntu Security Notice USN-1412-1
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1412-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-3347
SHA-256 | ffa26fc4d4f2107fa0a64ed1c7e866f5a1c4fef22ea503843dc7738efdabb04e
Debian Security Advisory 2444-1
Posted Mar 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.

tags | advisory, python
systems | linux, debian
advisories | CVE-2012-0215
SHA-256 | 1bf8166f452ce37b8119e22989896e1361e2b04b9065dbab3659079991b8e62c
GNU Privacy Guard 2.0.19
Posted Mar 29, 2012
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A space-separated fingerprint is now accepted as a user ID, to ease copying and pasting. The longest key ID available is now used by default. Support for the original HKP keyserver has been dropped. The trustdb is now rebuilt after changing the option "--min-cert-level". The option "--cert-digest-algo" is now honored when creating a cert. Detection of JPEG files has been improved.
tags | tool, encryption
SHA-256 | efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622
Quest InTrust 10.4.x File Overwrite
Posted Mar 29, 2012
Authored by rgod | Site retrogod.altervista.org

Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.

tags | exploit, remote, vulnerability, activex, proof of concept
systems | linux
SHA-256 | 1b249434937ec1c1ec6432094ca9aca11399fda520e83ee44caaf8e3963ed614
Cisco Security Advisory 20120328-pai
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.

tags | advisory, remote, web, vulnerability
systems | cisco
advisories | CVE-2012-0384
SHA-256 | d0a54650e8efd4c39e79421b011fe738bf7decc8c31ed82b1aed3488ad1654e3
Cisco Security Advisory 20120328-ssh
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
advisories | CVE-2012-0386
SHA-256 | 69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36a
HP Security Bulletin HPSBMU02756 SSRT100596
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02756 SSRT100596 - A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | linux, windows, solaris, hpux
advisories | CVE-2012-0127
SHA-256 | efc98ae21b7578cdda64deb5dc05500c54b69e6f2036619387554bc0530e3ad6
Cisco Security Advisory 20120328-nat
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.

tags | advisory, denial of service, protocol
systems | cisco
advisories | CVE-2012-0383
SHA-256 | 621d511df36164003264ce4995e8cc2dd26b288bbfe0e1518a4cf0d7dddeebc1
Drupal Activity 6.x XSS Proof Of Concept
Posted Mar 29, 2012
Authored by Justin C. Klein Keane | Site drupal.org

This file documents a proof of concept to demonstrate the cross site scripting vulnerability in the Drupal Activity module version 6.x.

tags | exploit, xss, proof of concept
SHA-256 | 21cff53d4151dcb6cd0a86095cfb274645d44512ecad08ffa9a0c5beb8eac1e5
Drupal Fusion 6.x Cross Site Scripting
Posted Mar 29, 2012
Authored by Justin Emond, Rick Manelius, Abhishek Nagar, Jakub Suchy, Chris Lee | Site drupal.org

The Drupal Fusion module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 8311447d5c5e9a519065e8708e1a06e2ea1f83db30ea859607056582c4f49fb0
Drupal Chaos Tool Suite 7.x Cross Site Scripting
Posted Mar 29, 2012
Authored by Kristof De Jaeger | Site drupal.org

The Drupal Chaos Tool Suite module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 80d66e0a5170005cb66e1988ba20428a8cdff88a472053008c696562e43d5e13
Drupal Organic Groups 6.x Access Bypass
Posted Mar 29, 2012
Authored by John F Galvin | Site drupal.org

The Drupal Organic Groups module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | dbb190a4af2ae746e702f203bad02665c8856d9855a61e43a4847ccb615818d9
Seditio Build 161 Cross Site Scripting / Information Disclosure
Posted Mar 29, 2012
Authored by Akastep

Seditio Build 161 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 24d00df977e36031d477611c3c82dacf901cc57e002426b7b8ff69be83dee52c
WordPress Deans With Pwwangs Code Shell Upload
Posted Mar 29, 2012
Authored by T0xic

WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | 0c816792c3ca6a0b7d63857f24ed1e793ca83dd33846e3484963e4614bb59655
Cisco Security Advisory 20120328-mace
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
advisories | CVE-2012-1312, CVE-2012-1314
SHA-256 | 788885399c203d07e2f188436e87b949677dbed1fe1b4f9d5901f2a746308dff
D-Link SecuriCam DCS-5605 Network Surveillance Buffer Overflow
Posted Mar 29, 2012
Authored by rgod | Site retrogod.altervista.org

The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, activex, proof of concept
systems | linux
SHA-256 | 1edd0a6afe6d31147b097c2127b64cc9e88a0013161e4c6fafa7d291d19e8ba8
Page 1 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close