exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 177 RSS Feed

Files

Juniper Secure Access Cross Site Scripting
Posted Jul 23, 2013
Authored by Anil Pazvant

Juniper Secure Access software suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
systems | juniper
advisories | CVE-2012-5460
SHA-256 | 1e91a40814ce854dfbc08417fc774b84fa293848396a5db20ca9b655cc2fc7d0
Artweaver 3.1.5 Buffer Overflow
Posted Jul 22, 2013
Authored by Core Security Technologies, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - Artweaver is prone to a security vulnerability when processing AWD files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Artweaver users to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2576
SHA-256 | 8873c3cc679a450c834c0d3effea661d00b6fc7035c223ebc4f127cdeecfa1c1
XnView 2.03 Buffer Overflow
Posted Jul 22, 2013
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - XnView is prone to a security vulnerability when processing PCT files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2577
SHA-256 | ca26300ca7108c01d37afc023226b062ec8f28da70b639d5efffa6f4508c47ce
Red Hat Security Advisory 2013-1101-01
Posted Jul 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1101-01 - The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.

tags | advisory, local
systems | linux, redhat, windows
advisories | CVE-2013-2231
SHA-256 | ec47d43348aba295395f355d49d7df9d89d29633f2e0a120214cee8ab4f597ae
Red Hat Security Advisory 2013-1100-01
Posted Jul 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1100-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. This issue was discovered by Lev Veyde of Red Hat.

tags | advisory, local
systems | linux, redhat, windows
advisories | CVE-2013-2231
SHA-256 | 17f080562461d9428e71f2571c2d5e807125df384a59fdf41c09bd5873a86e96
Microsoft DirectShow Memory Overwrite
Posted Jul 22, 2013
Authored by Andres Gomez Ramirez

Microsoft DirectShow suffers from an arbitrary memory overwrite vulnerability.

tags | advisory, arbitrary
SHA-256 | 966359e1bfa8e5872cbdaaf4d8d308eea241b248036ed506a60a1cb9909d046f
Apache OFBiz Arbitrary UEL Function Execution
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a nest expression evaluation that allows remote users the ability to execute arbitrary UEL functions.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2250
SHA-256 | a87988f73312e5bcabc2f319c28c75d1bd10eb46024a263f67c4d2162580e354
Apache OFBiz Cross Site Scripting
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2137
SHA-256 | 26c1bb776a54ce85382e16dc08ca13d97a5a5b5d6f10425b3168cacf5d112692
HP Security Bulletin HPSBMU02900 2
Posted Jul 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 2 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2012-5217, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364
SHA-256 | aa5398e97437c28076d2f5544c40ed75d95e10ca70d3d9cb6dfa48709cc572f7
Western Digital My Net Credential Disclosure
Posted Jul 19, 2013
Authored by Kyle Lovett

Due to a unspecified bug in the Western Digital My Net N600, N750, N900 and N900C routers, administrative credentials are stored in plain text and are easily accessible from a remote location on the WAN side of the router.

tags | advisory, remote, info disclosure
SHA-256 | bf88aed4d696455490d5a2c74cfe20b56aa34c64165c1b2bd7b7ccbb82331b9b
Debian Security Advisory 2724-1
Posted Jul 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2724-1 - Several vulnerabilities have been discovered in the Chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-2853, CVE-2013-2867, CVE-2013-2868, CVE-2013-2869, CVE-2013-2870, CVE-2013-2871, CVE-2013-2873, CVE-2013-2875, CVE-2013-2876, CVE-2013-2877, CVE-2013-2878, CVE-2013-2879, CVE-2013-2880
SHA-256 | c56abdd979ad1791b0c97f5cbfe6e0aea3eb1051cb9ca106027b3fa6fbfd6a9d
Debian Security Advisory 2725-1
Posted Jul 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2725-1 - Two security issues have been found in the Tomcat servlet and JSP engine.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3544, CVE-2013-2067
SHA-256 | 76b85ff0d5e73cbb8122a1d6e4d0e53d836304cf9791d27b1dd78a04a28ceef8
HP Security Bulletin HPSBMU02900
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02900 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, windows
advisories | CVE-2011-3389, CVE-2012-0883, CVE-2012-2110, CVE-2012-2311, CVE-2012-2329, CVE-2012-2335, CVE-2012-2336, CVE-2013-2355, CVE-2013-2356, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360, CVE-2013-2361, CVE-2013-2362, CVE-2013-2363, CVE-2013-2364, CVE-2013-5217
SHA-256 | 9864656a8c7f02f65287405b436e81a4bfb33db55bb9dbe7aea8240180e998a1
HP Security Bulletin HPSBST02896 2
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02896 2 - A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device. All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today. HP StoreVirtual products are storage appliances that use a custom operating system, LeftHand OS, which is not accessible to the end user. Limited access is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ) however root access is blocked. Root access may be requested by HP Support in some cases to help customers resolve complex support issues. To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access by preventing repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system. Revision 2 of this advisory.

tags | advisory, root
advisories | CVE-2013-2352
SHA-256 | e39626a882fac82518af8405435038f5279f1f206d95e388f032ec3a0a67d197
Drupal Hostmaster 6.x Access Bypass
Posted Jul 18, 2013
Authored by Tim Lovelock | Site drupal.org

Drupal Hostmaster third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 029ae096eab1d32c2fdce40b827087a83a9a993ec8dd7ca249ba58232224eba4
Cisco Security Advisory 20130717-ips
Posted Jul 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities. Customers running a vulnerable version of the Cisco IDSM-2 Module should refer to the "Workarounds" section of this advisory for available mitigations. Workarounds that mitigate the Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability and Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability are available.

tags | advisory, denial of service, tcp, vulnerability
systems | cisco
SHA-256 | 8f827a747809b4b88d7227babf5e52be7838679b0e8ecb6655d3111b7dafa0a1
Java SE 7 Issue 69
Posted Jul 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.

tags | advisory, java
SHA-256 | 06b801519ec428ee719f86858e50021889fbd7008bbcfe62c1df7a749f41a4e1
Drupal MRBS 6.x / 7.x CSRF / SQL Injection
Posted Jul 18, 2013
Authored by Michael Hess | Site drupal.org

Drupal MRBS third party module versions 6.x and 7.x suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection, csrf
SHA-256 | b142181a17115a9d5fea3ecd0371961dc0b831c2b04c9cc9a0aa05db9b2f8020
NanoSSH Denial Of Service
Posted Jul 18, 2013
Authored by Marcus Meissner

NanoSSH on Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
SHA-256 | 4ec9685eea0f9205acd2516ddd10ca2ebd352f49eb06fdac3f8ea83053652e25
HP Security Bulletin HPSBHF02888 2
Posted Jul 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02888 2 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2340, CVE-2013-2341
SHA-256 | 5b2e403ecc8c93bc0c644e3fc1d4fec3fee8c718711c9b91ae6b9da7a7f835bb
EMC Avamar 7.0 XSF / Improper Authorization
Posted Jul 18, 2013
Site emc.com

EMC Avamar version 7.0 suffers from improper authorization checks and cross frame scripting vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2013-3274, CVE-2013-3275
SHA-256 | 2581fa5ef9d8d7bdf1d100067207d09b59c5cfcac21e72f041a71709dafd1897
Cisco Security Advisory 20130717-cucm
Posted Jul 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM. Cisco has released a Cisco Options Package (COP) file that addresses three of the vulnerabilities documented in this advisory. Cisco is currently investigating the remaining vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, vulnerability
systems | cisco
SHA-256 | 84003a42547734b89d56319bd564adac91c646bae378b2895d1a82abadfb3192
Ubuntu Security Notice USN-1904-2
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability, xxe
systems | linux, ubuntu
advisories | CVE-2013-0339, CVE-2013-2877
SHA-256 | 73ee61050460c5c1a204774c868ab1fa47667ad17da81dbf917de23f5248cb36
Debian Security Advisory 2723-1
Posted Jul 17, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2723-1 - It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2013-4113
SHA-256 | 5eb4558096f018f55bb641d30881cb44792c27980ef9cb7a5fa7ed75885fbf0b
Red Hat Security Advisory 2013-1090-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1090-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.

tags | advisory, spoof, ruby
systems | linux, redhat
advisories | CVE-2013-4073
SHA-256 | a3b4688f851d6898ccaab5569bbee67a2fe383fc6cbdc119e712e6320810a647
Page 3 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close