exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 551 RSS Feed

Files

Open Source CERT Security Advisory 2011.003
Posted Dec 29, 2011
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.

tags | advisory
advisories | CVE-2011-4461, CVE-2011-4838, CVE-2011-4885, CVE-2011-4462, CVE-2011-4815
SHA-256 | 0b2b66a010f07afd3a21848f6c4de292e1d20c5873c836998313c0f5f90e9999
HP Security Bulletin HPSBMU02731 SSRT100518
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02731 SSRT100518 - Potential security vulnerabilities have been identified with HP Database Archiving Software. These vulnerabilities could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-4163, CVE-2011-4164, CVE-2011-4165
SHA-256 | 8e6550c3b4010ae9fff5a60a6fc38b1503871ae9afe73a86b159c933b17a424e
Microsoft Security Bulletin Summary For December, 2011
Posted Dec 29, 2011
Site microsoft.com

This bulletin summary lists a Microsoft security bulletin released for December, 2011.

tags | advisory
SHA-256 | 95f9e401b87e851f6bd26e66c4095cd984e9aaf35e97816e4293032588528ffe
HP Security Bulletin HPSBPI02728 SSRT100692 2
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 2 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | ff6f22298de3f425de467f22cf364320ca21ac4e7ef6bb1908722100799044d9
HP Security Bulletin HPSBPI02732 SSRT100435
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02732 SSRT100435 - Potential security vulnerabilities have been identified with HP Managed Printing Administration. These vulnerabilities could be exploited remotely for execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, and unauthorized access to the application database. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-4166, CVE-2011-4167, CVE-2011-4168, CVE-2011-4169
SHA-256 | a49ce43d61ed9a2b50fc8032fe132797b1be9ec0a71f4e8cc8cb8d94a3664f15
Bugzilla XSS / XSRF / Unauthorized Account Creation
Posted Dec 29, 2011
Site bugzilla.org

Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.

tags | advisory, xss, csrf
advisories | CVE-2011-3657, CVE-2011-3667
SHA-256 | d7fe9cc19e92befb40189c8947a6c9db762e9a8c444631d574538ff2387c7051
Red Hat Security Advisory 2011-1854-01
Posted Dec 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1854-01 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
SHA-256 | 83eeef5fda24f5ac7761e4f57831e666f9cbabd3903c9a02dd52b0a24721586b
Microsoft Security Bulletin Advance Notification For December 2011
Posted Dec 29, 2011
Site microsoft.com

This is an advance notification of a security bulletin that Microsoft is intending to release on December 29th, 2011.

tags | advisory
SHA-256 | b43366a05e12c62f798d5883630b281ffa0bdb367b308bb896f83cfa75f7b829
Red Hat Security Advisory 2011-1853-01
Posted Dec 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1853-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
SHA-256 | 3769a5da3eca30398718bea8bed258601bbb8e2a1a21a41031c17dcfeb542759
Secunia Security Advisory 46706
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - mghack has discovered multiple vulnerabilities in e107, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | c482e45f6fdd9faa612e29b97ed32928d834721b371e24055f9a2ebf57296b54
Secunia Security Advisory 47361
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Database Archiving Software, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 59121f3ad2ba81b4079bd901998078604bedda0f49a1f5d6b18d41487248ec73
Secunia Security Advisory 47359
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
SHA-256 | 433f583085ab3ed5d7b11c68817e121541314fe966b934c3234981f4079c625f
Secunia Security Advisory 47357
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for krb5-appl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
SHA-256 | 3c98b75aa88d856beca6f503057b9d9b9c9506070f3a12060804bda9742e95a7
Secunia Security Advisory 47343
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CoCSoft Stream Down, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 39e0b5510e8c71d6ee583e4bd5146a77e857bf1365b54f5050c6ef1593c7e380
Secunia Security Advisory 46097
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the WP Symposium plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | f603ca2942ad30ac7966b577e0d88c9cb23679a649720909f275b9132b7a34ac
Secunia Security Advisory 47305
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - F5 has acknowledged two security issues and multiple vulnerabilities in F5 Enterprise Manager, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions.

tags | advisory, denial of service, local, vulnerability
SHA-256 | e53ade522b25bf127ef1c4ead55cce2ca0a39d60add47bf7428b4bf33bbd9b6d
Secunia Security Advisory 47414
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Rack, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | f9a7437ba5058f5000cbc5e11490b22eaab0059380440552855abf7e82add7c2
Mandriva Linux Security Advisory 2011-196
Posted Dec 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-196 - ipmievd as used in the ipmitool package uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. In Mandriva the ipmievd daemon from the ipmitool package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-4339
SHA-256 | e7ceb452eacf5294054577ed0e7859c33ab09a7e6112efc684299aa6865ac1a1
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
SHA-256 | 5ba7d905a60a09b9e51b4bfc83a4c27718fe15666e0535630b7937cc69f6152f
MIT krb5 Security Advisory 2011-008
Posted Dec 28, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-008 - The telnet daemon (telnetd) in MIT krb5 (and in krb5-appl after the applications were moved to a separate distribution for krb5-1.8) is vulnerable to a buffer overflow. The flaw does not require authentication to exploit. Exploit code is reported to be actively used in the wild.

tags | advisory, overflow
advisories | CVE-2011-4862
SHA-256 | 94f4852b4ef0d480fd44f6fff8a1a449daff42441b00c788d6970db82695afc2
Mandriva Linux Security Advisory 2011-195
Posted Dec 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-195 - A vulnerability has been discovered and corrected in krb5-appl, heimdal and netkit-telnet. An unauthenticated remote attacker can cause a buffer overflow and probably execute arbitrary code with the privileges of the telnet daemon. In Mandriva the telnetd daemon from the netkit-telnet-server package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4862
SHA-256 | 088c8d790f512be759b35321724ad47890342945dbacb0e3d9083cc426187e2c
FreeBSD Security Advisory - pam_start() Improper Validation
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | freebsd
advisories | CVE-2011-4122
SHA-256 | 685c68cd0d879191a8f6e9dd16fb3ba8d2d61b100f23301bbe8d7f9cde467b5e
FreeBSD Security Advisory - pam_ssh Improper Access Grant
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.

tags | advisory
systems | freebsd
SHA-256 | 3f9adbe4371e9a27a25b335c20511c3b4a8582a5127ca9a55c06862e006c1268
Secunia Security Advisory 47348
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Kerberos, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | acded041cda02e4e3d59b3cde944830d45625de300c6fee114da710417fc54c3
Secunia Security Advisory 47328
Posted Dec 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Mailing List plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | a4a45f784900f393ec9b67aa538aa4764438ec5b192357bff7d03aa0455f883f
Page 2 of 22
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close