what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2011-12-30

Microsoft ASP.NET Forms Authentication Bypass
Posted Dec 30, 2011
Authored by K. Gudinavicius | Site sec-consult.com

Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.

tags | advisory, asp, bypass
advisories | CVE-2011-3416
SHA-256 | 294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
Mandriva Linux Security Advisory 2011-197
Posted Dec 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-4566, CVE-2011-4885
SHA-256 | 65c4b018cdfd49592c9f7dbcf34ecabd28e6273c44adf4c53cd71a54905612c5
Debian Security Advisory 2263-2
Posted Dec 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2263-2 - Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package.

tags | advisory
systems | linux, debian
SHA-256 | b6fd5f67db4288edf661bbc8943258fa17410cbc92bcad67c9f6da86124d49ce
Debian Security Advisory 2376-1
Posted Dec 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2376-1 - It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2011-4339
SHA-256 | 1792cce81ebb6c50f256dc4d012b7bb7f95b15fee06cdf02d505666c659648ca
Reaver-WPS 1.1
Posted Dec 30, 2011
Authored by Craig Heffner | Site code.google.com

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Changes: Fixed getopt bug in x64. Fixed association failure bug.
tags | tool, wireless
systems | unix
SHA-256 | eb0ab404a41e58a9c8d3dbaf9f79b310c14ffa514716f7e578dd2ae6d3777aad
Dede CMS SQL Injection
Posted Dec 30, 2011
Authored by Cyber White Hats

Dede CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | df03b2ebb7cfe88eb85c2bb352f38c18cfc7e408fab8b6125c050fcdea213b35
Rapidleech Cross Site Scripting
Posted Dec 30, 2011
Authored by Farbod Mahini, H4ckCity Security Team | Site h4ckcity.org

Rapidleech suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2f66024dbaf497388ab9cb2425d28e6a35d8224f0aacb201ccbc05aab073696d
WordPress Facebook Page Promoter Lightbox Cross Site Scripting
Posted Dec 30, 2011
Authored by Am!r, H4ckCity Security Team | Site irist.ir

The WordPress Facebook-Page-Promoter-Lightbox plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5f3ad62542d3f82f4ad3a9b7972034eb047dbbf3cf236b13181a24be1cb0736a
Secunia Security Advisory 47337
Posted Dec 30, 2011
Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Blog module for DiY-CMS, which can be exploited by malicious people to conduct SQL injection attacks.

SHA-256 | 07f1f300ddfbb6478b51a2a7a7621c85f5c6ee6b7e6bca783ddd9a09af94e18b
Secunia Security Advisory 47368
Posted Dec 30, 2011
Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

SHA-256 | a2fce17c9cf03464633726694af6295906e5650b87b9b63aa6df3f74720b330d
Secunia Security Advisory 47406
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 4a2ac19c6da13d24fad94b3772255813440486cb2bb53265c54ecf6462b2d393
Secunia Security Advisory 47390
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with unknown impact has been reported in the Connections plugin for WordPress.

tags | advisory
SHA-256 | 28be9d52b8bd3c09de12140b4a5072e9d012e792e2052823fb61d05935414c59
Secunia Security Advisory 47344
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in op5 Monitor, where one has an unknown impact and the other can be exploited by malicious users to disclose certain sensitive information.

tags | advisory, vulnerability
SHA-256 | 55b5faf29df0e97c988be26cdda20aab0c6de521037659c4b45e6a0b06cb3778
Secunia Security Advisory 47365
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | a277cea7af4b387deb5cb0236404c6595b15b62839d7df3259e49a762b1deae9
Secunia Security Advisory 47417
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in op5 Appliance, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | c7f3e961fc39ff594fe6fce250ca26f3902271954cd5e2eca01f0adefeba389b
Secunia Security Advisory 47358
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a weakness in Oracle iPlanet Web Server, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.

tags | advisory, web
SHA-256 | 77d35fadfdce866909ddc3ae63459e420634532769f2b400a421e7399064677d
Secunia Security Advisory 47354
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Neturf eCommerce Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 6f998b2b51ca3296875bdcec7ba68cc145be56bdb81f3c86ddfc38ea09f5fb00
Secunia Security Advisory 47318
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alexander Fuchs has reported a vulnerability in Akiva WebBoard, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 4302f066e5f240a0cc634f90c970cb52e67116fdb96d6de3c9183cf31bbda206
Secunia Security Advisory 47391
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Winn Guestbook, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 06108cba32738d8b4803ec2e61f25bf4b8fe84cb5613b324d1ab0637d920e4db
Secunia Security Advisory 47337
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Blog module for DiY-CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 07f1f300ddfbb6478b51a2a7a7621c85f5c6ee6b7e6bca783ddd9a09af94e18b
Secunia Security Advisory 47368
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | a2fce17c9cf03464633726694af6295906e5650b87b9b63aa6df3f74720b330d
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close