what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2012-10-12 to 2012-10-13

EMC NMM Arbitrary Code Execution
Posted Oct 12, 2012
Site emc.com

Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-2290, CVE-2012-2284
SHA-256 | e578dd03321c59fbe78efe605f063204a71d4d6faaa23ba7cf3acc4f001878eb
Mandriva Linux Security Advisory 2012-166
Posted Oct 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-166 - The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. The updated packages have been patched to correct this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-4430
SHA-256 | 8cfe8805dd48a203515484d432c7248bbb3799beb183b5f3b2580af17bdd261a
Metasploit pcap_log Local Privilege Escalation
Posted Oct 12, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com

Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.

tags | exploit
SHA-256 | 4653de66b5cfae88c0edc2f5c0a58393f2d39227d368a5cfa35582ea4cadf8b7
BigPond 3G21WB Hardcoded Credentials / Command Injection
Posted Oct 12, 2012
Authored by Roberto Paleari

BigPond version 3G21WB suffers from hard-coded credentials and command injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 528d35dafb7e12c69511a3b7e37d3507bbea5187e3044ad1f0c8cccc97d468f2
Mandriva Linux Security Advisory 2012-165
Posted Oct 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-165 - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-3438
SHA-256 | 5d8930e55d1224cc16a61677a0c1de9b1e2045cb54886eb0b43ba6c05f110d5e
WordPress Abtest Directory Traversal
Posted Oct 12, 2012
Authored by Scott Herbert

The WordPress Abtest plugin suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 6dc4803404fba35aadcaea0bf00d71b7fbd232c6e8c86681b1e45ec676a5c7f3
Fast And Furious DNS Security
Posted Oct 12, 2012
Authored by Shubham Mittal

This is a brief whitepaper that discusses an overview of DNS and security implications surrounding the model.

tags | paper
SHA-256 | 475818236411c1ac7500b295fd8df49f50c5ccb8c848b3bd75c834e36ed45469
Slackware Security Advisory - bind Updates
Posted Oct 12, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
SHA-256 | 9086af22342777575a843c6520e3ef66e20ce11e80c366a0eb671d4ed4d09bc0
Red Hat Security Advisory 2012-1364-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1364-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-5166
SHA-256 | c7ba0a0b9af7f074ca5ac2de81f2559d838a34c85c046075f80be27dcfeeebd1
Red Hat Security Advisory 2012-1362-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1362-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-4193
SHA-256 | ab09352e4d57e95746704ddd95ce87c7f85cd5ac5807482e2f93dd343779715e
Red Hat Security Advisory 2012-1363-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1363-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-5166
SHA-256 | 43253f9beb8d6c62e2d415c4ab7cd742aa2c27c7836d23355645c09a802c42d0
Red Hat Security Advisory 2012-1361-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1361-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the privileges of the user running the application.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-4193
SHA-256 | 10660788872271b7030716cb094ae1913ae259acb17f917150e81e999a26543d
Red Hat Security Advisory 2012-1365-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1365-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-4244, CVE-2012-5166
SHA-256 | 742e2befeceeca5edca4866efb3535e12f6b9a7fbf26889a4973a014fa966a82
Ubuntu Security Notice USN-1611-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the <select> element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.

tags | advisory, remote, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2012-4191, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3991, CVE-2012-3992, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188, CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180
SHA-256 | ac3e5de9ebdb73ec00e147e7680d9376d270bd2da91832b181c8f7c595d6f432
Ubuntu Security Notice USN-1610-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1610-1 - Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2012-3520
SHA-256 | 697880beb07592581d786acced25e12402f8ea81e2020a74c4da5adcc3af8003
Ubuntu Security Notice USN-1609-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2137
SHA-256 | 23b5d306ee486b624bdb46554b117f6c45aae634e07c1d779d08323f85ec76af
Adobe Flash Player Integer Overflow Analysis
Posted Oct 12, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.

tags | paper, overflow
advisories | CVE-2012-1535
SHA-256 | e46a3e43ec3e9446bcf1fa801d93b9d52396891905bbbce417daada24526d84c
Atarim SQL Injection
Posted Oct 12, 2012
Authored by TUNISIAN CYBER

Sites designed by Atarim suffer from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 2bb6e06fd8609d916dc58eca8b561329226e407eb5849f39b9f9a315b38810eb
Project Pier Arbitrary File Upload
Posted Oct 12, 2012
Authored by BlackHawk, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Project Pier. The application's uploading tool does not require any authentication, which allows a malicious user to upload an arbitrary file onto the web server, and then cause remote code execution by simply requesting it. This Metasploit module is known to work against Apache servers due to the way it handles an extension name, but the vulnerability may not be exploitable on others.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-85881
SHA-256 | 11c1a7aab09ed04fe7881c752ec380fbceb9afbe21696aec0a35b66be9600936
Ubuntu Security Notice USN-1608-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1608-1 - It was discovered that the browser engine used in Firefox contained a memory corruption flaw. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. It was discovered that Firefox allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4191, CVE-2012-4192, CVE-2012-4191, CVE-2012-4192
SHA-256 | b3171a505c67b1392922829ab39b752d7cd1456e5f0239477cb2728a9ae678c2
Ubuntu Security Notice USN-1607-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1607-1 - Vadim Ponomarev discovered a flaw in the Linux kernel causing a reference leak when PID namespaces are used. A remote attacker could exploit this flaw causing a denial of service. A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2127, CVE-2012-2137, CVE-2012-2127, CVE-2012-2137
SHA-256 | b775b2c073e0cddc09605951eec16b90dd54513b10ec2c5e957b0bb697d6f168
Ubuntu Security Notice USN-1606-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1606-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2137, CVE-2012-2745, CVE-2012-2137, CVE-2012-2745
SHA-256 | 9a3ba44876b1d362029c9288e940d7dfe23310e5040c7750391867cf06ca5d06
Ubuntu Security Notice USN-1605-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1605-1 - It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-1820
SHA-256 | 4cbd744f767a7f2c0d9f0d5fb600e54e33cb368e5875c40aeff2ec2ce54426d1
Secunia Security Advisory 50952
Posted Oct 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
SHA-256 | 8bf77c81133b02f8c85559cf1eb596b5f28a51c4e23d28583ed87684be913ec8
Secunia Security Advisory 50951
Posted Oct 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Roberto Paleari has reported two security issues in BigPond Wireless Broadband Gateway 3G21WB, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable device.

tags | advisory
SHA-256 | 7949ec4199dd66080c285d4b6eee7a76ef669cbe1c520d80ad2f1ed6c323ffd1
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close