what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files Date: 2011-03-22

Zero Day Initiative Advisory 11-110
Posted Mar 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which listens by default on TCP port 2050. When handling A user authentication the server uses a user supplied COOKIEFILE path to retrieve stored credentials. The application then compares this data against the user provided username and cookie. The path to the COOKIEFILE can be a UNC path allowing the attacker to control both the known good credentials and the challenge credentials. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | c60ce5be38ddd1364df0e59214769dec234a68a8836d951b19333cf79651efbd
Apple HFS+ Information Disclosure
Posted Mar 22, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.

tags | advisory, kernel, local, info disclosure
systems | apple, osx
advisories | CVE-2011-0180
SHA-256 | 4c4a96b0699e3dfee3ea36679e925786c985788771d9efba8b469276fa52bc3f
Immunity Debugger Buffer Overflow
Posted Mar 22, 2011
Authored by Paul Harrington | Site ngssecure.com

Immunity Debugger version 1.73 contains a buffer overflow vulnerability in its HTTP update mechanism.

tags | advisory, web, overflow
SHA-256 | eb3222763fbd249397289a12e1bfee1c09d0425cad699d675e1553a2e8d4d505
Cisco IPSec VPN Implementation Group Name Enumeration
Posted Mar 22, 2011
Authored by Gavin Jones | Site ngssecure.com

The Cisco IPSec VPN implementation suffers from a group name enumeration vulnerability. Systems affected include the ASA 5500 Series Adaptive Security Appliances, Cisco PIX 500 Series Security Appliances, Cisco VPN 3000 Series Concentrators.

tags | advisory
systems | cisco
SHA-256 | e273f712e7c79d45e648db42f3dadd108d184c00a953ab5b8689f1e87ed31a6d
Apple Mac OS X Image RAW Multiple Buffer Overflows
Posted Mar 22, 2011
Authored by Paul Harrington | Site ngssecure.com

Paul Harrington of NGS Secure has discovered a high risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6 with RawCamera.bundle versions prior to 3.6.

tags | advisory, overflow, arbitrary, code execution
systems | apple, osx
SHA-256 | fc0b316cf82ddc0ac592117f4d7ddb4c7b690bf50443ed7dbdc636202f42012d
Symantec LiveUpdate Administrator Cross Site Request Forgery
Posted Mar 22, 2011
Authored by Nikolas Sotiriu

Symantec LiveUpdate Administrator suffers from a cross site request forgery vulnerability. Proof of concept is included.

tags | exploit, proof of concept, csrf
advisories | CVE-2011-0545
SHA-256 | 1590de5e204cab69e3bed8c07807a00abee7648f9f8940d58e1c494577fc7b52
Apple Mac OS X ImageIO Integer Overflow
Posted Mar 22, 2011
Authored by Dominic Chell | Site ngssecure.com

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.

tags | advisory, overflow, arbitrary, code execution
systems | apple, osx
SHA-256 | 8a7f56c6bf5db4c24979da8deb5a498165e211b83b1662e863496e40d68182ac
iDEFENSE Security Advisory 2011-03-21.1
Posted Mar 22, 2011
Authored by iDefense Labs, Tobias Klein

iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.

tags | advisory, remote, arbitrary
systems | apple, osx
SHA-256 | 63116851ec25226dbd4100de9d28241e487287adbf0d2b37b83b6a4707c90918
HP Security Bulletin HPSBMA02647 SSRT100383
Posted Mar 22, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02647 SSRT100383 - A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely to allow unauthorized read-only access to the data available via the SNMP protocol. Revision 1 of this advisory.

tags | advisory, protocol
systems | windows
advisories | CVE-2011-0890
SHA-256 | ee2626cfba5637e8bb8b7ada37ec4287b573ef5446851ff7ac057d88fd616159
Zero Day Initiative Advisory 11-109
Posted Mar 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple, iphone
advisories | CVE-2011-1417
SHA-256 | 0581a4c68f5e63d36a00736efee38f3d2bb3ee49ea8fb2e43d4cdad83da323dc
Zero Day Initiative Advisory 11-108
Posted Mar 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. This can lead to code execution under the context of the application that utilizes the library.

tags | advisory, remote, arbitrary, code execution
systems | apple, osx
advisories | CVE-2011-0176
SHA-256 | f700b77cf7933fcaef38950830e10f9f85a9a55a48cc13affb62f267d9923b03
Secunia Security Advisory 43825
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has acknowledged a vulnerability in aaa_base, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, suse
SHA-256 | 40d43cbed42dab5d716806474c7937c55af13547af3aca8a27becc4b3fb8033f
Secunia Security Advisory 43807
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in CATIA V5, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | 740a1e22e633f3094d140cc16b0288aff458443fad321ac95e0216ab39fa27b5
Secunia Security Advisory 43578
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Pango, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
SHA-256 | 55b22958956b0287eb70624e8d2de77d6541d9a42c720744571e971ae639f618
Secunia Security Advisory 43591
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Secure Pages module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 56d4769e5637000d3db06980998f45bf5e107b2a0cdd63135185720751ff9471
Secunia Security Advisory 43360
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in Honeywell ScanServer ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 491d12a386f21de84d9a103729e26268183f5e411a25fdde3caa61eee887b663
Secunia Security Advisory 43844
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for policycoreutils. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security features.

tags | advisory, local
systems | linux, fedora
SHA-256 | 09bc78e13a1d2ae734f53c4563bd55693560445d86e5efb6c2a8afa82c10c027
Secunia Security Advisory 43792
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Douran Portal, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | b752fbcaa30051e2eb84897f3c136f3302d6d9ec31831920beecc547160c7865
Secunia Security Advisory 43842
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information.

tags | advisory, local
systems | linux, fedora
SHA-256 | d829f40c847d5c7ea7a6c9a40aef6c85c3bb77a9a394fc584e0d5f3e3278ae7f
Secunia Security Advisory 43824
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell NetWare, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 0cd0e2e5cfe5c8a2d4d0459e80a98ffde827f53ec03e4a047224547e188df578
Secunia Security Advisory 43107
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for maradns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 098dd24b5b59b691e1199540f25d097050170f7682e761dce0ea6cd765d73ba1
Secunia Security Advisory 43806
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information.

tags | advisory, kernel, local
systems | linux
SHA-256 | 190f00cfbf459a94e8c9c7aecb829d70a3840c8d046dc79a5df6282306088246
Secunia Security Advisory 43817
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux and linux-ec2. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | ba2b9362a8f5ca4a2d11cc0e12b06755bf27f38f44708b1d1075137edd7242b9
Secunia Security Advisory 43598
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information and to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | 0f86070dc8d6111af121eb85db14644d63bdb9c5e5d4f99743105c59f78620b6
Secunia Security Advisory 43449
Posted Mar 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for php5. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, debian
SHA-256 | 2870509598f2e6bf6e684765835f8963913e6b13c0e3ef1ee4d2a0a8dbc2117c
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close