what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2011-04-21

Asterisk Project Security Advisory - AST-2011-005
Posted Apr 21, 2011
Authored by Tzafrir Cohen | Site asterisk.org

Asterisk Project Security Advisory - On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.

tags | advisory, web, tcp
advisories | CVE-2011-1507
SHA-256 | 471ce01d238810bef4b672c13bed60968aa25283433c449bf7c0a05b6b29d2ae
Mandriva Linux Security Advisory 2011-076
Posted Apr 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
advisories | CVE-2011-0465
SHA-256 | 98c29e489c7a3034e37fef43ea71869d0f15c136da08b86e735d49fce054a15a
FreeBSD Security Advisory - mountd ACL Mishandling
Posted Apr 21, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call. While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2011-1739
SHA-256 | daab8415751957e3ad1463b8ec1447aa42b593613cb89eb97366e0b6b20911e2
QtWeb Browser 3.7.2 Denial Of Service
Posted Apr 21, 2011
Authored by t3rm!n4t0r

QtWeb Browser version 3.7.2 denial of service exploit.

tags | exploit, denial of service
SHA-256 | 581ae9825f747c9d90efbdbf86d6b4f59c7c4189dcdaf7f197aea76418369baf
Ubuntu Security Notice USN-1120-1
Posted Apr 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1120-1 - It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-5022
SHA-256 | b07452b15b9bd47493da17c9b8107457a4deb3f3a8e3b4b9d2b8af8f82198122
PulseCMS Basic 1.3_Get.Pro Backup Download / Cross Site Scripting
Posted Apr 21, 2011
Authored by KedAns-Dz

PulseCMS Basic versions 1.3_Get.Pro and below suffers from backup disclosure, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, file upload
SHA-256 | a43aadcb2478b2bc0ec83ff3f7bedcd2ba01b63a7d45f522cd4c14a1da9f01e0
Syctel Design Local File Inclusion
Posted Apr 21, 2011
Authored by Ashiyane Digital Security Team

Syctel Design suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 11f1c099543d17f8873d34c13df2d69bded8de7891f064517bb4ff526c875227
HP Security Bulletin HPSBMA02665 SSRT100185
Posted Apr 21, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02665 SSRT100185 - A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. Revision 1 of this advisory.

tags | advisory
systems | windows
advisories | CVE-2011-1724
SHA-256 | 8c7e4c8543912a417c70b3b411edcf19891be429df960a539bcfa10a74b9f84c
HP Security Bulletin HPSBMA02664 SSRT100417
Posted Apr 21, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02664 SSRT100417 - Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in privilege elevation and cross site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, vulnerability, csrf
systems | windows
advisories | CVE-2011-1544, CVE-2011-1545
SHA-256 | 11f59e895c6a78303b7055f68276c2f1555fa5170f23f91220d99224a78bfbbb
Moscrack WPA Cluster Cracker 2.05b
Posted Apr 21, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: This release added various automatic chunk size options, hung node detection, dynamic node configuration, improved CPU demands, TCP-based status checks, and a CGI interface.
tags | cracker
systems | unix
SHA-256 | 4b26d31504786a1ad4422ca5b61802511847d6c0251eadc36194d0932ed7c4d1
WiRouter KeyRec 1.0.4
Posted Apr 21, 2011
Authored by Salvatore Fresta | Site salvatorefresta.net

WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Changes: Some internal changes were made.
tags | tool, wireless
SHA-256 | 8d8897a7611cad7322ea647a0f2f2b2532bab2ec111a098cf56370486ca60375
Firewall Builder With GUI 4.2.0.3530
Posted Apr 21, 2011
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: This version significantly improves importation of existing firewall configurations and introduces support for importing Cisco ASA/PIX/FWSM configuration and de-duplication of imported objects. Support for the configuration of bridge and VLAN interfaces and static routes on FreeBSD was added, and it is now possible to generate configuration in the format of rc.conf files. The latest versions of Cisco ASA software are now supported, including the new command syntax for NAT commands in ASA 8.3. The speed of rule compilation has been improved, and is especially noticeable on very large data files.
tags | tool, firewall
systems | cisco, linux, unix, openbsd
SHA-256 | 79f962fb992be94afbaab6e191e501775fa100b0a85d5cc930a3a15ad4701e1f
Linux/x86 netcat Bindshell Shellcode
Posted Apr 21, 2011
Authored by Jonathan Salwan

Linux/x86 /usr/bin/netcat -ltp6666 -e/bin/sh shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 84aa0c4d97e3ba738247628d5bb9d317fcac19a4b680f5764acf2335664d47e8
Gesytec ElonFmt Active-X 1.1.14 Buffer Overflow
Posted Apr 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

The Gesytec ElonFmt active-x control module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in the elonfmt.ocx module, a few memory registers get overwritten including the SEH. Proof of concept exploit included. Version 1.1.14 is affected.

tags | exploit, overflow, activex, proof of concept
SHA-256 | d243509ba1defdb6a43cd5e44c3842fe251b3364720483e0de16bec5c0e5ef92
DNSpoison 1.0
Posted Apr 21, 2011
Authored by Vilmain Nicolas

DNSpoison is a DNS request sniffer tool that forges a false DNS response for IPv4 and IPv6 addresses. Hijacked traffic is needed before starting the program. Tested on GNU/Linux and FreeBSD.

tags | tool
systems | linux, unix, freebsd
SHA-256 | a6daf346b6c6ca16ffd9865d5cacf8de784ec1a1c7404d7deeeb47db52ebf015
CA SiteMinder R6 / R12 Improper Handling
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user.

tags | advisory
advisories | CVE-2011-1718
SHA-256 | 54d353436068f5967916378335b32cc7d35d97264b19d01f20dab55f3ff1a995
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.

tags | advisory, remote, web, arbitrary, vulnerability, activex
advisories | CVE-2011-1719
SHA-256 | a2fdaccf936701cb458f4e2b02cdf7db59f508b0f0e7f796daac3f28d4115ccb
Secunia Security Advisory 44296
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Learning Management, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory
SHA-256 | b222da7c54fdca7f27df3b150a209486fa84b6327ff00aedbd23bc223afa22f7
Secunia Security Advisory 44247
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in the Universal Post Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 214d4e3a0dd28378acab1b190f5cd3d250738a8b1114d2be260516c087678a5e
Secunia Security Advisory 44299
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle PeopleSoft Enterprise Applications Portal, which can be exploited by malicious users and people to manipulate certain data.

tags | advisory, vulnerability
SHA-256 | 7e2d453470ff8ee009f74b3f151639d46d2600c2cfbbc1df174e910bfa1d44df
Secunia Security Advisory 44214
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has acknowledged a vulnerability in language-selector, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 46481eab19ce0b2e550bd548b7c7c2dbbf58594715a0bf665b29f1c805310431
Secunia Security Advisory 44212
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has acknowledged a security issue in kbd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, suse
SHA-256 | 9d96ba7b021a0c1b3d2f6dafc44ae7895d7afe0a60d72d4613ff770bee17db67
Secunia Security Advisory 44220
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | f11629d60daff1a6ca84f7cea3e2f06f1e80ab40921c95c8c6f3e52c23c9204f
Secunia Security Advisory 44298
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, vulnerability
SHA-256 | 37efed92cedfda2a98b34c7e5720676ac9cbd2936efc158da4a981c2fdb6de46
Secunia Security Advisory 44251
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, disclose sensitive information, bypass certain security restrictions, or compromise a user's system.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 7c9ca47f2465e178579b4a1ee99973ef41c0166f29ac61d40a554879ffd8298f
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close