what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2011-06-08

WordPress Star Rating SQL Injection
Posted Jun 8, 2011

WordPress WP Star Rating plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7dac28384266cc675e4d9a02e4c652fb7e180c3f643fcaac8c2948a3e5ff532a
Zero Day Initiative Advisory 11-185
Posted Jun 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color profiles. When parsing a color profile containing a invalid 'bfd ' tag it is possible to specify an integer that can cause an integer to wrap. This integer is then used to specify the size of a heap allocation. By providing a specially crafted tag value an attacker can cause memory corruption that can lead to remote code being executed under to user running the browser.

tags | advisory, java, remote, arbitrary
advisories | CVE-2011-0862
SHA-256 | 1560eac1178a6b8c0716b0a811e0c7664004c1cdfcbeaef89d196dd74e976ae1
Zero Day Initiative Advisory 11-184
Posted Jun 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-184 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid 'pseq' tag, the process can be forced to overflow an integer value during an arithmetic operation. The newly calculated value is then used to allocate memory on the heap. By providing specific values it is possible to cause a memory corruption that can lead to remote code being executed under to user running the browser.

tags | advisory, java, remote, overflow, arbitrary
advisories | CVE-2011-0862
SHA-256 | 50143877d3e4b4885557fb15e037b0186033700efd7594e5f0abe8ee9ff99046
Zero Day Initiative Advisory 11-183
Posted Jun 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-183 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a color profile containing a invalid MultiLanguage 'mluc' tag it is possible to cause an integer to wrap during an arithmetic operation. This new value is used to allocate memory on the heap. A remote attacker can abuse the faulty code to execute code under the context of the user running the browser.

tags | advisory, java, remote, arbitrary
advisories | CVE-2011-0862
SHA-256 | 7e0d49ef311a48a90d62b1e21bf5d79a85918153e08ac3ba9add9aadb19c1620
Zero Day Initiative Advisory 11-182
Posted Jun 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll browser plugin. The module creates a window hook when an applet is instantiated within the context of a browser. If the underlying DOM element is cloned and the parent object removed, a dangling reference can exist. When the module attempts to walk the relationship list to call the window hook, the process can be made to jump into uninitialized heap memory. This can be exploited by an attacker to execute code under the context of the user running the browser.

tags | advisory, java, remote, arbitrary
advisories | CVE-2011-0817
SHA-256 | 85736bd649bf4812a9393b9c6ab6c4eabca3f9fe0c7db63a9b00d0baddbd29e2
Red Hat Security Advisory 2011-0858-01
Posted Jun 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0858-01 - The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service . Various other issues were also addressed.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
SHA-256 | 1322afc9e163b1accbe04131a1f2a00f8a9ce70a16cc72b304a79fe535bc6706
Red Hat Security Advisory 2011-0857-01
Posted Jun 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0857-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871
SHA-256 | afd4e81a2dd219864c346af58a66fae5a0fae7090eba420dd5e3b78ed53286c9
Red Hat Security Advisory 2011-0856-01
Posted Jun 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0856-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871
SHA-256 | 8a1c7e56402963170d1f3c42e5ff1376f2c517a2432f75d3a4f6714cd83cad69
Secunia Security Advisory 44852
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Prosody, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 1fcf5a18ed71d68568e95c46646d13475d7a097b5aa052750e6dd5f05879a684
Secunia Security Advisory 44866
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in LuaExpat, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

tags | advisory, denial of service
SHA-256 | f9fe609e7e603db12ef3380101787c39117a3b7ae67428bb79256f228c51b50f
Secunia Security Advisory 44811
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 4a4fd021a3e263adbe68a43d8b41c003d29412b32daf5f9ac4a486400c60e6c3
Secunia Security Advisory 44869
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for couchdb. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
systems | linux, fedora
SHA-256 | a84c7cbe058c74eb71bba453f9c43950624332f1a3e8b6b00d1c400218a35004
Secunia Security Advisory 44790
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for oprofile. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, debian
SHA-256 | 3b6b1b13b171c8348917b7df967054ec35ea6c1a556e32aead51fa7f34ae536b
Secunia Security Advisory 44757
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Black Box Veri-NAC, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 3bce93b4e77a6f7f45f7c935eef76a868c08e6ac2d06b1202f501cf32396c604
Secunia Security Advisory 44833
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Patrick Webster has reported multiple vulnerabilities in Squiz Matrix, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 071cfaae8c773a16da33d1a9652db9aab0ac5e714d1e054efefa0c4d41566fc7
Secunia Security Advisory 44862
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for tor. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | a7ffdb6e120399d8c62e1828a6cbaee8cd3cc4a26b4dac916c3ec5dbfdf8ccbf
Secunia Security Advisory 43756
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Russ McRee has discovered a vulnerability in Silex, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d65202032a0dda5211323a4021b6581c6bcf22dbee7eea8b0fa135633021b497
Secunia Security Advisory 44759
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stefan Schurtz has discovered multiple vulnerabilities in BLOG:CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | c03813741f50ce2593b1d89053611bcb765cbe19ba8f3f86e1e8319d5660d10c
Secunia Security Advisory 44829
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose potentially sensitive information, conduct injection attacks, bypass certain security restrictions, and potentially compromise a user's system.

tags | advisory, vulnerability
SHA-256 | de23dcb83c14346c0700b16f3a93ddf20572b94b906ed92a516f4757fdd4ffe8
Secunia Security Advisory 44758
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, suse
SHA-256 | 576680641c3b205e28c199a302ae9b6ae66834d904ab8566c0046910e74f2e7a
Secunia Security Advisory 44793
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | d6f6b4c34fdaadf64239b4d9ca14a2007d4a2c0c47bd870315160846b5cdbfac
Secunia Security Advisory 44836
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Service Manager and Service Center, which can be exploited by malicious, local users to gain access to potentially sensitive information, by malicious users to conduct script-insertion attacks and bypass certain security restrictions, and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, hijack a user's session, and bypass certain security restrictions.

tags | advisory, local, vulnerability, xss
SHA-256 | b15da978341f5d5e67a27e58ee1f0e94eb917578b279a024e3775ee7880b44b9
Secunia Security Advisory 44832
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Data::FormValidator module for Perl, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.

tags | advisory, perl
SHA-256 | bb449747abb92dce6a2456ba010f867c615d529284264d6443b8c7a463a197ac
Secunia Security Advisory 44740
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Revelation Space has reported a security issue in NetGear ProSafe Wireless-N Access Point WNDAP350, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 1f48d0902c7b4a6a77e6c5d2783a0af5c862239b7ae8f8a01f3cf69a0d3c331b
Secunia Security Advisory 44789
Posted Jun 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks.

tags | advisory, xss, ruby
SHA-256 | 54ea0758339c1732ae0e5c788897c526cc846767badd7a5102dd9e8a4fa800d4
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close