what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2011-04-19

Ubuntu Security Notice USN-1116-1
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1116-1 - Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0285
SHA-256 | c504f1c9e5d08ae993d2698e2444496612eecf5d1fb541616146ac4d8d9f8667
Debian Security Advisory 2221-1
Posted Apr 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2221-1 - Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework.

tags | advisory, web, perl
systems | linux, debian
advisories | CVE-2011-1589
SHA-256 | efa3cdcbde041e83ec205667ae8245c5b7baeda7a87fa21d4fbd8fc11196212b
Zero Day Initiative Advisory 11-140
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application manages a reference to an anonymous block located near a particular element within the document. When cloning this element, the application will duplicate a reference to the block and then later re-attach this element to the rendering tree. During this process the library will free the original rendering element. Subsequent access to the same element will then cause the library to use the freed object. This can be utilized to achieve code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
SHA-256 | 40dd6ea91673743449e56a8727550ee9ff4a19ab0e24dfd4a7aba4e4d5736946
Zero Day Initiative Advisory 11-139
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a frame element. When parsing a malformed document embedded inside an SVG document, the library will create an anonymous block around a frame element in the block's contents. When freeing this anonymous block via an assignment to the read-only .textContent attribute, a reference to one of the child elements will still exist. Accessing this child element can then lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
SHA-256 | 00723402a97ecf39fc8143f1331d5e7f3de6c1b85e14db17cb92427be8fbf0bc
Zero Day Initiative Advisory 11-138
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-138 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of a Frame element. When attaching this element to a document, the application will duplicate a reference of an anonymous block. When freeing the container holding the Frame element, the reference will still be available. If an attacker can perform an explicit type change of the contents the element this can then be leveraged to gain code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
SHA-256 | c5c176e5059de1f71aa14633e9b958b6607820b50d3bbd9db249376f94983214
Zero Day Initiative Advisory 11-137
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.

tags | advisory, java, remote, web, arbitrary, tcp
advisories | CVE-2011-0807
SHA-256 | 7e6ca7dff63838e7c6fdbef482c0740402a5c4c6e9ecfed8c82166c9310e4f47
Universal Post Manager WordPress Plugin 1.0.9 XSS / Path Disclosure
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Universal Post Manager WordPress plugin version 1.0.9 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 102cf0e64c2f11df5c2c172c84165cc8368f22459b6530a25c61f3e8981faea4
Dalbum 1.43 XSRF / XSS / Path Disclosure
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Dalbum version 1.43 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
SHA-256 | 09372ad70aa1abc41f8aa4a481a03890c923d2e52985bf88da28c1730df43db1
Ubuntu Security Notice USN-1108-2
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1108-2 - USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem. Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation.

tags | advisory, arbitrary, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0997
SHA-256 | 5304a29b072afd7b22861f6a5bec448d166a9a19548bb7b5f72b687ba16b1705
Ubuntu Security Notice USN-1115-1
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1115-1 - Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation.

tags | advisory, shell, local, root
systems | linux, ubuntu
advisories | CVE-2011-0729
SHA-256 | 9adcdb45a05761524f5baaa6558fa3bb665b5121e28ae6c04e06590ad6778447
Debian Security Advisory 2220-1
Posted Apr 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2220-1 - Several vulnerabilities were in Request Tracker, an issue tracking system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-1685, CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, CVE-2011-1690
SHA-256 | 394f200ccdf48036b2cdcd7cc8632b273ab2a30edda1ceb14cb7f4584ba11b9c
HP Security Bulletin HPSBMA02659 SSRT100440
Posted Apr 19, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02659 SSRT100440 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized access to NNMi processes. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, hpux
advisories | CVE-2011-1534
SHA-256 | b62a692adb4e6a6ad801a2ef7f4ede09578ea1654eb84a5e1b2189830f3e887a
ChatLakTurk PHP Botlu Video Cross Site Scripting
Posted Apr 19, 2011
Authored by kurdish hackers team | Site kurdteam.org

ChatLakTurk PHP Botlu Video suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 395c4fdc5d1280f977177c02b57ce5e3f108c1e3fcc1ed991b6d446c53a07cf1
IBM Tivoli Directory Server SASL Bind Request Remote Code Execution
Posted Apr 19, 2011
Authored by Francis Provencher

IBM Tivoli Directory Server suffers from a SASL bind request remote code execution vulnerability. Proof of concept is included.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2011-1206
SHA-256 | 5284324a4a29b178a5b939f787fa5c9d3c21309a1ece529b498f801b822487cc
Adobe Flash Player Action Script Type Confusion
Posted Apr 19, 2011
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.

tags | exploit
systems | linux
advisories | CVE-2010-3654
SHA-256 | 6a3bd8107ea80cac8dbedad82b6d7d57fa7090ea8489291d5ca2ed8531f0f4e4
webSPELL 4.2.2a Cross Site Scripting / Path Disclosure
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

webSPELL version 4.2.2a suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 5f1c019451c9f1c7db98a74067807915ee368338c1b9f1fa1a88316da9c188e4
SocialGrid WordPress Plugin 2.3 Cross Site Scripting
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

SocialGrid WordPress plugin version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3bf102cd4615330e0f0e0975da6cd38026e54c9b3d053fbe7f99c10ad83eed5c
WP-StarsRateBox WordPress Plugin 1.1 XSS / SQL Injection
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WP-StarsRateBox WordPress plugin version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 4cbebd550aba0c97b880bd56065412e61237e0eea91f25ae4d0e45f7623605f5
Universal Post Manager WordPress Plugin 1.0.9 SQL Injection
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Universal Post Manager WordPress plugin version 1.0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 752251aab30106883fa79102fcc1ccf758d7e13f93906b1858e2607876b65fe3
Ocomon 2.0RC6 SQL Injection
Posted Apr 19, 2011
Site dclabs.com.br

Ocomon version 2.0RC6 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | c5dfb185b71cba5c9411793f2c827ec7b3e434e3284ff4781b25d4a1a15577ce
ActiveCMS 1.2_dev Cross Site Request Forgery
Posted Apr 19, 2011
Authored by KedAns-Dz

ActiveCMS version 1.2_dev suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 27f2f0c400f4ca0d4310859efae3088bd94c0d730bbd6fe8b1ac640d89b0c463
e107 0.7.25_full Cross Site Scripting / Remote File Inclusion
Posted Apr 19, 2011
Authored by KedAns-Dz

e107 version 0.7.25_full suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | a1009de0e9d35d4684ddf711c669b7f6adc01cfdf2acabcd1c1311d4efad15bb
Old Dogs And New Tricks: Do You Know Where Your Handles Are?
Posted Apr 19, 2011
Authored by Brooke Stephens, Jeffrey Walton

This paper offers incremental research in the area of untrusted program input via synchronization handle manipulations. Unlike the Michal Zalewski paper on Delivering Signals for Fun and Profit, this paper focuses on the source of the Unix signal handlers. Tested were personal computers running Windows XP and Vista. The synchronization objects were mutexes and events, and the security software included products from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset, F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials), Nor- man, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend Micro.

tags | paper
systems | windows, unix
SHA-256 | 18409a8b03683d7197b587b4852f899980f92cd46bb417ee6903700ce8d70d62
Wireshark 1.4.4 packet-dect.c Stack Buffer Overflow
Posted Apr 19, 2011
Authored by corelanc0d3r, sickness | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2011-1591, OSVDB-71848
SHA-256 | 8f106e8404d0b3f4126f6f01b343c0f70315188f1d02c21066e67ef03f0f07b9
Secunia Security Advisory 44176
Posted Apr 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for kdenetwork. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, ubuntu
SHA-256 | dae43d3e8c580e0867de6a2826232b0771cc3d9cebe2e601fa4f5d299621b295
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close