seeing is believing
Showing 101 - 125 of 679 RSS Feed

Files

Secunia Security Advisory 46615
Posted Oct 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in BackupPC, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | db27cd76b1f406e245203b24ebbef2ee
Ubuntu Security Notice USN-1249-1
Posted Oct 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1249-1 - It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue did not affect Ubuntu 11.10. Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3361
MD5 | 7e111d7cad2365411a96ee7bfdea39f3
Zero Day Initiative Advisory 11-316
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-316 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. When Quicktime later uses the function to determine where it should write its data it does check the upper boundaries, but not the lower ones causing a heap buffer underwrite. This can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3251
MD5 | a84bec756bcff931e233c24d207f24da
Zero Day Initiative Advisory 11-315
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-315 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allows for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3249
MD5 | cf25d840505350633407351120274590
Zero Day Initiative Advisory 11-314
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-314 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. This can be used to force the target buffer to be of an undersized length. Usage of this buffer will result in a buffer overflow in the context of the application.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2011-3247
MD5 | bb86b757a3cbef1312a56dfad0a2531a
Zero Day Initiative Advisory 11-313
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-313 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. When Quicktime tries to decompress this data it reads a user supplied RLE Packet count field from the file and uses that as loop counter. A high value for this field will cause Quicktime to write outside previously allocated memory which could result into remote code execution.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3223
MD5 | d964d43fc540f8103b2e4554b8f34787
Zero Day Initiative Advisory 11-312
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-312 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3221
MD5 | e09df08c3ae932c8998aaf6e0c10f3a4
Zero Day Initiative Advisory 11-311
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-311 - This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how QuickTime.qts parses a data handler in specific atom within a .mov file. The application will utilize a string length to copy data into an heap buffer, if the string is of zero-length, the application will fail to copy anything and then proceed to use the uninitialized buffer as a string.

tags | advisory, remote
systems | apple
advisories | CVE-2011-3220
MD5 | 2edb765a47b2f312adfd89db39f8a871
OpenCart 1.5.1.1 HTTP Response Splitting
Posted Oct 27, 2011
Authored by indoushka

OpenCart version 1.5.1.1 suffers from a CRLF injection / HTTP response splitting vulnerability.

tags | advisory, web
MD5 | c22d1178fd3348a8fc3a8887883329b1
Facebook.com Attach EXE Bypass
Posted Oct 27, 2011
Authored by Nathan Power

Facebook.com suffers from a bypass vulnerability where an executable can be attached to a message if a spaced is added to the name.

tags | advisory, bypass
MD5 | 219c79305b2961d84f0c69608ceedce5
Debian Security Advisory 2329-1
Posted Oct 27, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2329-1 - Bartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-2193
MD5 | e4e1d2fe1bcc712a32f73985c1979c83
Cisco Unified Contact Center Express Directory Traversal
Posted Oct 27, 2011
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.

tags | advisory, remote, web, arbitrary, root, tcp
systems | cisco
advisories | CVE-2011-3315
MD5 | a35722c26845aaa0b0c6b472b18c85de
Secunia Security Advisory 46347
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, suse
MD5 | 7c582b2c4f174a63e9dee1622a0b5b33
Secunia Security Advisory 46531
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Presta2PhpList module for PrestaShop, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 0c1018cfb295a07fb993182109deaa7a
Secunia Security Advisory 46584
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
MD5 | 0aa50ccdf77f63d06b0cfa66848bc7ee
Secunia Security Advisory 46596
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, redhat
MD5 | 30e73de3c419580d99a47883e31742e6
Secunia Security Advisory 46574
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere ILOG Rule Team Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 2fa9021aeff7dafec103bf682cd9d592
Secunia Security Advisory 46581
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for mod_authnz_external. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
systems | linux, gentoo
MD5 | 0eff3f6bcab498c6149db810bfeb2ba7
Secunia Security Advisory 46592
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for kde4libs. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, ubuntu
MD5 | 1096f54577a02f2be1d75feb1ee66d45
Secunia Security Advisory 46576
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in OpenStack Compute (Nova), which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | afd593a9faae6315bbfc9656e23e21b1
Secunia Security Advisory 46594
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, conduct cross-site scripting attacks, and potentially compromise a user's system.

tags | advisory, spoof, vulnerability, xss
MD5 | cb372fffd55d9c20581a0d8b26fe506a
Secunia Security Advisory 46597
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for nova. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
systems | linux, ubuntu
MD5 | 42b3bd3b9a605e3a4aa2a46a2ef0dad9
Secunia Security Advisory 46632
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
MD5 | fa1bacdc0f57983e726a0a287fb8a8e3
Secunia Security Advisory 46622
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SPIP, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 13af1652ac2f95652e4610b211b3513e
Secunia Security Advisory 46577
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for torque. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local, vulnerability
systems | linux, debian
MD5 | 52e260ca5a82624e8e380a8d19769302
Page 5 of 28
Back34567Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Adobe To Kill Off Flash By 2020
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, hacker, malware, flaw, adobe
Here's The FBI's Internal Presentation About The 9/11 Attacks
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, government, usa, terror, fbi
The SEC Just Ruled That Ethereum ICO Tokens Are Securities
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, government, usa
Las Vegas Locks Down Ahead Of DEFCON
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, hacker, usa, conference
macOS Fruitfly Backdoor Analysis And Spying Capabilities
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, malware, spyware, apple, backdoor
How Coders Hacked Back To Rescue $208 Million In Ethereum
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, hacker, bank, fraud
Pathetic Patching Leaves Over 70,000 Memcached Servers Still Up For Grabs
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, hacker, data loss, flaw
Video: Cash Machine Hacked In 5 Minutes
Posted Jul 25, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, bank, cybercrime, fraud, flaw
Companies Are Still Dealing With The Aftermath Of Petya
Posted Jul 24, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, malware, cybercrime, fraud, cryptography
Sweden Leaked Every Car Owners' Details Last Year
Posted Jul 24, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, government, privacy, data loss, sweden
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close