all things security
Showing 1 - 25 of 59 RSS Feed

Files Date: 2011-04-14

CVE Checker 3.1
Posted Apr 14, 2011
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This bugfix release sanitizes the user defined key before it is put in the database and fixes a runtime problem when both SQLite and MySQL support are requested.
tags | vulnerability
systems | unix
MD5 | d49e7322703045d32e741ed172be5e69
Suricata IDPE 1.0.3
Posted Apr 14, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Bugs in the detection engine, TCP stream engine, IP defrag engine, and HTTP parser were fixed.
tags | tool, intrusion detection
systems | unix
MD5 | 7c612349fd63a459ded235956769a74f
Zero Day Initiative Advisory 11-134
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RegenerateReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the RegenerateReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | 25bb625b18974103e362fbaf91661f4c
Zero Day Initiative Advisory 11-133
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReports stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReports stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | 82dda2469fe1aeb45a425d87cd8b9ce5
NEdit 5.5 Format String
Posted Apr 14, 2011
Authored by Tosh

NEdit version 5.5 suffers from a format string vulnerability.

tags | exploit
MD5 | fe997483e4267310a25f2bd1a0a3180b
Zero Day Initiative Advisory 11-132
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReportLayout stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReportLayout stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | 269c40ad69595fa25900b73c5dcec136
phpAlbum.net 0.4.1-14_fix06 XSS / XSRF / Command Execution
Posted Apr 14, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

phpAlbum.net version 0.4.1-14_fix06 suffers from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
MD5 | d4aa93b9005cc3798a838ba93e899751
HP Security Bulletin HPSBMA02652 SSRT100432 3
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02652 SSRT100432 3 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in information disclosure. Revision 3 of this advisory.

tags | advisory, info disclosure
systems | linux, windows, solaris, hpux
advisories | CVE-2011-0895
MD5 | 8dcc0beab12b78e5fe2560639f842aa8
Help And Manual Professional Edition 5.5.1 DLL Hijack
Posted Apr 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

Help and Manual Professional Edition version 5.5.1 ijl15.dll DLL hijacking exploit.

tags | exploit
systems | windows
MD5 | 72eac6ecdb470ab783e3dfa2c335232e
Qianbo Enterprise Web Site Management System Cross Site Scripting
Posted Apr 14, 2011
Authored by d3c0der

Qianbo Enterprise Web Site Management System suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 035bafab88d6dec030d2e6704febe342
Google Hack DB Tool 1.1
Posted Apr 14, 2011
Authored by SecPoint | Site secpoint.com

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.

Changes: Google query generating option added (-q).
tags | tool, scanner, vulnerability
systems | unix
MD5 | e9e4bc4259f2cd6e65e2d645dfad3259
Zero Day Initiative Advisory 11-131
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the NonAssignedUserList stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | a9aaf625c5f2b5d44f82834c63273ffa
CA Total Defense SQL Injection / Shell Upload
Posted Apr 14, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.

tags | advisory, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2011-1653, CVE-2011-1654, CVE-2011-1655
MD5 | ad9d1f32cd8cbe55dc94f5700d3238d9
Blackberry WebDesktop Cross Site Scripting
Posted Apr 14, 2011
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - A cross site scripting vulnerability was found in Blackberry WebDektop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered if a logged-in user follows a specially crafted link, executing malicious Javascript code on the user's browser.

tags | exploit, javascript, xss
MD5 | bca58248805b1a49a927d605be7140c8
EZ-Shop 1.02 SQL Injection
Posted Apr 14, 2011
Authored by Osirys | Site y-osirys.com

EZ-Shop version 1.02 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | af4139e442613d7edcfee4f90cfba5a9
Zero Day Initiative Advisory 11-130
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteFilter stored procedure, accessed via the MainApplication.html console. The Unified Network Control Management Console listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteFilter stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | 0d35cdd3a8c5b8377474610faebc335c
MIT krb5 Security Advisory 2011-004
Posted Apr 14, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.

tags | advisory, denial of service, arbitrary
advisories | CVE-2011-0285
MD5 | c33afec1ca0a68b1a779ff24e327a192
Linux Kernel 2.4 / 2.6 Denial Of Service
Posted Apr 14, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to cause kernel oops resulting in a denial of service.

tags | advisory, denial of service, overflow, kernel
systems | linux
advisories | CVE-2011-1577
MD5 | 97318e70e9704a77283d0dbb20f30c96
Zero Day Initiative Advisory 11-129
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnassignAdminRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | d5baefe1dd91978c87e7c1bfbc727a50
HP Security Bulletin HPSBMA02643 SSRT100416 2
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02643 SSRT100416 2 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi). One vulnerability could be exploited by a local user to gain unauthorized access to files. The other vulnerability could result in remote cross site scripting (XSS). Revision 2 of this advisory.

tags | advisory, remote, local, vulnerability, xss
advisories | CVE-2011-0897, CVE-2011-0898
MD5 | 6b586f183c254ac1195e023a6dad9b4a
HP Security Bulletin HPSBUX02642 SSRT100415
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02642 SSRT100415 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
systems | linux, windows, solaris, hpux
advisories | CVE-2010-4476
MD5 | b8ce7c18478f33074cd2ebc7eeabf76a
WordPress.com Compromised
Posted Apr 14, 2011
Authored by Matt Mullenweg

This is a blog entry from Matt at WordPress.com noting that they suffered from a break-in to multiple servers.

tags | advisory
MD5 | 194b7823c6b4f31c5f840912bdc389d4
Uploadform ASP Script Shell Upload
Posted Apr 14, 2011
Authored by Net.Edit0r

The Uploadform ASP script suffers from a shell upload vulnerability.

tags | exploit, shell, asp
MD5 | 6e89d47c37f5dc058220f8cb481bf813
TimThumb 1.24 XSS / DoS / Path Disclosure
Posted Apr 14, 2011
Authored by MustLive

TimThumb versions 1.24 and below suffer from cross site scripting, denial of service, path disclosure, and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure
MD5 | 2f1da420c8e46069160731c86453db2a
Zero Day Initiative Advisory 11-128
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
MD5 | 509e054ef1e53be19bfe001855189bf1
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close