exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2011-01-06

Ubuntu Security Notice USN-1038-1
Posted Jan 6, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1038-1 - Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-1679
SHA-256 | 124b7f8c1c05e457c65f82fc182edb95d165faa7814266e2591a6fd193c682aa
RoomWizard Credential Disclosure
Posted Jan 6, 2011
Authored by Sean Lam

RoomWizard suffers from a default password and sync connector credential leak vulnerability. Firmware version 3.2.3 is affected.

tags | exploit, info disclosure
advisories | CVE-2010-0214
SHA-256 | cd571a6d6eac92710b122e7baf4146e0163348b1c380b890746f3484d6c692d5
Debian Security Advisory 2142-1
Posted Jan 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2142-1 - Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories. Raphael Hertzog additionally discovered that symbolic links in the .pc directory are followed, which could make it traverse directories too.

tags | advisory
systems | linux, debian
advisories | CVE-2010-1679
SHA-256 | 8e690f33c7653e56ed9c86a7672e50dbdc177342340cfb3bcb5b75c359559091
Debian Security Advisory 2141-3
Posted Jan 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2141-3 - DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients.

tags | advisory
systems | linux, debian
advisories | CVE-2010-3555
SHA-256 | 79659e879f2786c42feb3eace46bd0eaf37600fbd1d71d910d2b1d1cf02f2b5f
Debian Security Advisory 2141-2
Posted Jan 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2141-2 - Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed.

tags | advisory, arbitrary, shell, protocol
systems | linux, debian
advisories | CVE-2010-3555
SHA-256 | 9367f429fd7b1e5134a847e38bf501417bb0c2db300ba9b0a1a36f7e56ecbdf6
phpMySport 1.4 Bypass / Path Disclosure / SQL Injection
Posted Jan 6, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

phpMySport version 1.4 suffers from bypass, path disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 369cf723cc0a747ddb78ab1aaf934eaf0b81d0e73bd01834d6b6cd741b7891f5
Avaya Aura AES Authorization Bypass
Posted Jan 6, 2011
Authored by Ben Heinkel

Avaya Aura AES suffers from an authorization bypass vulnerability.

tags | advisory, bypass
SHA-256 | cf596ceb98e9794fe26da9c067cf878a55087a32581760fdc487b617c54a3741
Phenotype CMS 3.0 SQL Injection
Posted Jan 6, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Phenotype CMS version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 836eeb376fb7af4e4600df9da51656c3acd6e8714afcc4e7dd3b953c0d623e13
Debian Security Advisory 2141-1
Posted Jan 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2141-1 - Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.

tags | advisory, web, arbitrary, protocol
systems | linux, debian
advisories | CVE-2010-3555, CVE-2010-4180
SHA-256 | e51d87d1ee8b18157edde2e72dde7a519c02a7696a6328d3a164c2b081dd9c27
PHP Bexfront SQL Injection
Posted Jan 6, 2011
Authored by jos_ali_joe

PHP Bexfront suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 6289383dc8bf95fab2092f29c469325b035638748827ff7838ec29efb8b52cfa
CMS Cine 1.3 SQL Injection
Posted Jan 6, 2011
Authored by jos_ali_joe

CMS Cine version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | dac3551239920205e51b77cb28b2d09d9d2f7ddeb70d1f21c51deaa24895665f
PHP MicroCMS 1.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 6, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

PHP MicroCMS version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss, csrf
SHA-256 | 6f4ba29315693d37d833a9efd02ac6148c9e900a593a10f37064f4c7eed0849f
WonderCMS 0.3.3 Cross Site Scripting
Posted Jan 6, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WonderCMS version 0.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3facfaacba231371f3f259ba097488238823e277059a582b91c05b6d1ffd7f1c
Enzip 3.00 Buffer Overflow
Posted Jan 6, 2011
Authored by C4SS!0 G0M3S

Enzip version 3.00 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 1722316fe5cfae7aff93d4a12d012e9e36dc07aa331e3ed67a3512834dbe34d9
Debian Security Advisory 2140-1
Posted Jan 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2140-1 - A vulnerability has been found in Apache mod_fcgid.

tags | advisory
systems | linux, debian
advisories | CVE-2010-3872
SHA-256 | aa4566310a428b20f72a1d693f9aa009f25eee03bcf07893810ce4c272bba516
Bypassing Browser Memory Protections
Posted Jan 6, 2011
Authored by Mark Dowd, Alexander Sotirov

Whitepaper called Bypassing Browser Memory Protections.

tags | paper
SHA-256 | 4bb235b44799001d4a44274262b9d944e99bca3cb5b4c65e5344121784a5e29e
The Evil Karmetasploit Upgrade
Posted Jan 6, 2011
Authored by Veysel Oezer

Whitepaper called The Evil Karmetasploit Upgrade.

tags | paper
SHA-256 | 96def36a60d3c657334ad6fffda78a85fce9e8188b594e266aa0b619b9db9561
F3Site 2011 Alfa 1 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 6, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

F3Site 2011 Alfa 1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | bae36f16965913911abf2957d5d8b0dbc8416e1034b64001bb3b3fe58dd5290b
Governo.it SQL Injection
Posted Jan 6, 2011
Authored by SYSTEM_OVERIDE, God_Of_Pain, LordTittiS

Governo.it suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 707519420fd7175ebb27b3fcc9da0a3b508efbd7758c61f9a21e1fd68f006a39
Secunia Security Advisory 42788
Posted Jan 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jordan Santarsieri has reported some vulnerabilities in SAP KERNEL, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, vulnerability
SHA-256 | 70953dd7f745c1c9007fe468c62835d8ad5ce7cd778ae5cd67c3d19e4727ecde
Secunia Security Advisory 42791
Posted Jan 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in TIBCO Collaborative Information Manager and TIBCO ActiveCatalog, which can be exploited by malicious people to conduct session fixation attacks, disclose potentially sensitive information, conduct cross-site scripting attacks, manipulate certain data, and conduct SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | fdc5b48e2d5157b397062de952b9aa737eebf13af6e43457b1de3be72de9e249
Secunia Security Advisory 42764
Posted Jan 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Pierre's Wordspew plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 8816ededdb1aa20ac5c4702d996b5936c7c4b67547194cbe9c3f66462762ed41
Secunia Security Advisory 42824
Posted Jan 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 874823b582d2b493a37093851db7df3bb7a7f249a21e0822f6a7851dd42e271f
Secunia Security Advisory 42819
Posted Jan 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell Identity Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 23c14da2c664279babeb045c41a53c0fc2118f6676ccb2e8fa06bb22f05b52c7
Secunia Security Advisory 42769
Posted Jan 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Evince, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 652cbf422f0397207438fca7dfc295820f4411ef9d8bdcad05efa4f03235440f
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close