what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2011-06-28

Red Hat Security Advisory 2011-0910-01
Posted Jun 28, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0910-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. Various other issues were also addressed.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2011-0188, CVE-2011-1004, CVE-2011-1005
MD5 | 284cb759f0b3fbe4cafb951d0eadef6d
Trixbox 2.8.0.4 User Enumeration
Posted Jun 28, 2011
Authored by Francesco Tornieri

Trixbox versions 2.8.0.4 and below suffer from a remote user enumeration vulnerability via the Flash Operator Panel.

tags | exploit, remote
MD5 | 68df12afe27c13e6318a1fcd8fa18ff0
Smallftpd 1.0.3 Denial Of Service
Posted Jun 28, 2011
Authored by Myo Soe | Site metasploit.com

This Metasploit module triggers an unauthenticated denial of service condition in Smallftpd server versions 1.0.3-fix and earlier with a few dozen connection requests.

tags | exploit, denial of service
MD5 | 210ded01b7bc9473d908aad1b78d9e97
Apache Tomcat Information Disclosure
Posted Jun 28, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.16, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.

tags | advisory, info disclosure
advisories | CVE-2011-2204
MD5 | 49d91e02ee8dc19d984eae0669deeb5f
Jira Atlassian File Attachment Download
Posted Jun 28, 2011
Authored by Ignacio Garrido

Jira Atlassian 3.x remote file attachment download exploit.

tags | exploit, remote
MD5 | 4c09ca2ad20bf44f48dddc57bfdeba49
Red Hat Security Advisory 2011-0909-01
Posted Jun 28, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0909-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. Various other issues were also addressed.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2009-4492, CVE-2010-0541, CVE-2011-0188, CVE-2011-1004, CVE-2011-1005
MD5 | 067959c7597a5e9df47ef8d0dd1e3bc5
Ubuntu Security Notice USN-1160-1
Posted Jun 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1160-1 - Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-4529, CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1082, CVE-2011-1083, CVE-2011-1169, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1745, CVE-2011-1748, CVE-2011-2022
MD5 | 0b27c7685536805308dcb14221dc34a5
Red Hat Security Advisory 2011-0908-01
Posted Jun 28, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0908-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. It was found that WEBrick did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2009-4492, CVE-2010-0541, CVE-2011-0188, CVE-2011-1005
MD5 | df186f6785dcd15afd8d2ed50e603201
RGBoard 4.2.1 SQL Injection
Posted Jun 28, 2011
Authored by hamt0ry

RGBoard version 4.2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7fb700324db70c9a2cda71439344b6f6
Douran Portal LFI / XSS / SQL Injection
Posted Jun 28, 2011
Authored by K0242

Douran Portal suffers from local file inclusion, SQL injection, cross site scripting, and various other vulnerabilities.

tags | exploit, local, vulnerability, xss, sql injection, file inclusion
MD5 | 97516322d7cd898a957804d3f5ec5641
Joomla CSVUploader SQL Injection
Posted Jun 28, 2011
Authored by pks

The Joomla CSVUploader component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7c47d23a242b5b54f4469026deb24bec
Drupal 6.22 Cross Site Scripting
Posted Jun 28, 2011
Authored by MustLive

Drupal versions 6.22 and below suffer from brute forcing and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 88deba8d28b3ef77cc7b8d50b5110843
SAP NetWeaver SLD Information Disclosure
Posted Jun 28, 2011
Authored by Sh2kerr

SAP NetWeaver suffers from a version information disclosure vulnerability.

tags | advisory, info disclosure
MD5 | bfc87e1f18f95004027e80a7ac8b338b
2Wire Password Reset
Posted Jun 28, 2011
Authored by Travis Phillips | Site metasploit.com

This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.

tags | exploit
MD5 | a5f7051e07ebfa9e1ff9f95631347b74
Secunia Security Advisory 45074
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise a user's system, and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, suse
MD5 | f2f39fe54f0701e0617ba6089597bb7e
Secunia Security Advisory 45071
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Novell File Reporter, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
MD5 | a455c0bacc1d2a74cd56146be7ffaddf
Secunia Security Advisory 45019
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
MD5 | cd10a22b549adf45956b27fe7a72ba05
Secunia Security Advisory 45046
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

tags | advisory, denial of service
MD5 | 7eb190936f5d96c5154823b8f5f9035d
Secunia Security Advisory 45065
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell File Reporter, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | bc3cabcfb43dde7b99e921c48755a014
Secunia Security Advisory 44916
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Trend Micro Data Loss Prevention Management Server, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | cbe3b73f4bd7d01c9b1dd6694ec25801
Secunia Security Advisory 45085
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for glibc. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a vulnerable system.

tags | advisory, local, vulnerability
systems | linux, suse
MD5 | 807022478b8f2a254e1b729797b0a0d1
Secunia Security Advisory 45093
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Parodia, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | d356ad528d9cefe270292b88f745fe4f
Secunia Security Advisory 45078
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for glibc. This fixes multiple vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system.

tags | advisory, local, vulnerability
systems | linux, suse
MD5 | 6ee7c15b470707a5193fa44d1cc44397
Secunia Security Advisory 45052
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for glibc. This fixes multiple vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system.

tags | advisory, local, vulnerability
systems | linux, suse
MD5 | 2f9acc5effbe1098ffaa73276e76fc6c
Secunia Security Advisory 45061
Posted Jun 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krtic has discovered multiple vulnerabilities in NetServe Web Server, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, vulnerability, xss
MD5 | 629ecbfb6a33c8d4904b7844bc5dbd31
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close