exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2012-11-21 to 2012-11-22

ManageEngine ServiceDesk 8.0 Cross Site Scripting
Posted Nov 21, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

ManageEngine ServiceDesk version 8.0 Plus suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8616515dfc840b10244580b4236a536565045ddd3abdb1854b027016b0b960d7
Mandriva Linux Security Advisory 2012-173
Posted Nov 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-5842, CVE-2012-4202, CVE-2012-4201, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-5833, CVE-2012-5835
SHA-256 | 820a649b00028100a5269c4edfcc2cd80daf8b25e032c81ad040ddb62e795ce0
dotProject 2.1.6 Cross Site Scripting / SQL Injection
Posted Nov 21, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-5701, CVE-2012-5702
SHA-256 | d46225e6ffc0eec269ac97abe0411a6f3763bb5a9ed63edecc2da5f6af7a7779
swfupload_f8.swf Cross Site Scripting
Posted Nov 21, 2012
Authored by MustLive

swfupload_f8.swf suffers from a cross site scripting vulnerability. Affected systems are TinyMCE, Squeeze Documents for SPIP, Upload Manager for Radiant CMS, AionWeb, Liferay Portal (Community Edition, which earlier was called Standard Edition, and Enterprise Edition), SurgeMail, and symfony.

tags | exploit, xss
SHA-256 | 7cb01fdd1e05d212be9f91472666f74a1a2ccbefb7f0261aa01eccfa4a976751
Ubuntu Security Notice USN-1638-2
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838
SHA-256 | 99bb7f4ae7c5cde08a7f0475af92bbd1b2a459027ddb9a137e6275eb69fa9002
Ubuntu Security Notice USN-1636-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214
SHA-256 | 8b9c321e37e69fc94d55f674ba19416d645fa20775fb41523e7fdbeb02008603
Ubuntu Security Notice USN-1638-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838, CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209
SHA-256 | 51b60eda7a1a9533853d033f01876fc9d4848a9964a22a5de8e4b86ae64b7e32
Ubuntu Security Notice USN-1637-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2733, CVE-2012-5887, CVE-2012-2733, CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 6864ba7f5f6a718c9e0112e11cec496ec671ff32f21f776d4ab22411b5416b9c
Ubuntu Security Notice USN-1635-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4551
SHA-256 | c60b9862fd0c02eb901893aa19aecfbc975e315df18bf3ed7e1d9834919732d3
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
Posted Nov 21, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.

tags | exploit, arbitrary, perl
systems | windows
advisories | OSVDB-87334
SHA-256 | f79aa10f08abac5de98e9a1207c3259575b8c431b2e93a15ad5ebc8cf3d70dee
PHP Server Monitor Cross Site Scripting
Posted Nov 21, 2012
Authored by loneferret

PHP Server Monitor version 2.0.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | a66b0a9487b95c5307915eccadb39223d33aa5451ae999c36c581fabd1220cfc
Narcissus Image Configuration Passthru
Posted Nov 21, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.

tags | exploit, remote, web, php, code execution, bash
SHA-256 | e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501
Yii Framework 1.1.8 Search SQL Injection
Posted Nov 21, 2012
Authored by Juno_okyo

Yii Framework version 1.1.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d41438703075497185a196eafaeb2ea7f0fefde46cd9bc2ccba91796a1f6e261
pyClamd 0.3.1
Posted Nov 21, 2012
Authored by Alexandre Norman | Site xael.org

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.

Changes: This release changes the API to a class model, uses the INSTREAM scan method instead of the deprecated STREAM, adds a MULTISCAN method, makes STATS return full data on multiline, and adds Python 3.x and 2.x compatibility.
tags | virus, python
systems | unix
SHA-256 | e1ebeb3cd8d8b516d0de6025c5a67ae7cbe930bd6b71ede62b7fdd6f379d979c
Feng Office 2.0 Beta 3 XSS / Privilege Escalation
Posted Nov 21, 2012
Authored by Ur0b0r0x

Feng Office version 2.0 Beta 3 suffers from cross site scripting and privilege escalation vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c7f9176fbec9a9bd75131316e5716c7fac417c119bd0f14371400af5c4cdfa99
Secunia Security Advisory 51359
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, redhat
SHA-256 | be8ee2f9dea1ea04d565822bbeeb2456c9677be7472447e186e0618f85defcfb
Secunia Security Advisory 51378
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP Integrated Lights-Out, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 69110141fe4b1ab4fb598f741d66b4604565bb8da2cb2caf39468172dda47286
Secunia Security Advisory 51364
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

tags | advisory, vulnerability, sql injection
SHA-256 | 2dff7bd20d40719ee8b9ea6ff6c45006977c7ef70bc608918df2b94630cc00e0
Secunia Security Advisory 51379
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Security AppScan Source, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | f1d644fe8d006ebed9e202db72efd59d850407fbb3c5594c9dbc4014fd63e257
Secunia Security Advisory 51373
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Libxml2 included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | solaris
SHA-256 | 34c3094d91237d32124bc29d812fa9b36f2db7f45711d9d47066eed1dd99e2f6
Secunia Security Advisory 51268
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | d229f5ab17f0d7e33140e59a3bc600416780e5d0cbe68f343c507b24d3771deb
Secunia Security Advisory 51352
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | 4000528c635f0a487080f49dd94a9f734b804260d9fbed7bef37c8b1ee226bf8
Secunia Security Advisory 51340
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for plib. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, suse
SHA-256 | 55e19a80a6cca20a17df0c4c53e540cf7b67e0d7847ad93e576a7a10c4b38e9c
Secunia Security Advisory 51335
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 135426d29a0c4837e2d882f49e72bf45f6de288695a3cdc81b64dd7b0d73b468
Secunia Security Advisory 51279
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a security issue and a vulnerability in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof
SHA-256 | aafdd9602a49cc63edc87be513dbfb2910e619f3528ce3b1a073f00d3a02b7ba
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close