what you don't know can hurt you
Showing 1 - 25 of 35 RSS Feed

Files Date: 2011-09-09

Mandriva Linux Security Advisory 2011-134
Posted Sep 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-134 - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service via a long TAG in a legacy syslog message. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-3200
MD5 | f12749c5b35b4fc405b26091a3a66657
Spring Security RunAsManager Privilege Escalation
Posted Sep 9, 2011
Authored by SpringSource Security Team, Rob Winch

Spring Security provides a mechanism (RunAsManager) to allow particular operations to run with a different set of privileges than the predefined user. The implementation contains a race condition whereby the escalated privileges could also be used in a different invocation in another thread. Versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 are affected.

tags | advisory
advisories | CVE-2011-2731
MD5 | f20007f0bf300ce26594730e406a58ca
Freefloat FTP Server APPE Command Overflow
Posted Sep 9, 2011
Authored by Veerendra G.G | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the APPE command in the Freefloat FTP server.

tags | exploit, overflow
MD5 | 50cfd32e11f2956bd6a1c1182c0c7116
WordPress WP-Filebase Download Manager 0.2.9 SQL Injection
Posted Sep 9, 2011
Authored by Miroslav Stampar

WordPress WP-Filebase Download Manager plugin versions 0.2.9 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7c11378b5d3c1081803462cf9f698961
WordPress A To Z Category Listing 1.3 SQL Injection
Posted Sep 9, 2011
Authored by Miroslav Stampar

WordPress A to Z Category Listing plugin versions 1.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 27c65aee0c143b3e9cf3d4cf37864243
Spring Framework / Spring Security Serialization-Based Issues
Posted Sep 9, 2011
Authored by Wouter Coekaerts, SpringSource Security Team

Spring Framework versions 3.0.0 to 3.0.5 and Spring Security versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 suffer from serialization issues. Several issues have been reported which may affect applications which de-serialize objects from an untrusted source such as a remote client. It is possible for a malicious client to inject undesirable behavior into the server by serializing proxies rather than specific class instances, or by taking advantage of internal AOP interfaces which were being exposed through the remote service, in addition to the service interface.

tags | advisory, remote
advisories | CVE-2011-2894
MD5 | 0f92f6e2c7f8a5ec33c5f072d1934b8e
Spring Security Header Injection
Posted Sep 9, 2011
Authored by SpringSource Security Team, David Mas

Spring Security allows the use of a parameter (named "spring-security-redirect" by default) to determine the location URL to which a user will be redirected after logging in. This will normally be submitted as part of the login request, so is deemed to be an acceptable use of remote supplied data. However, the functionality is in a base class which is also shared by logout code, so a logout URL could be maliciously constructed to contain a version of this parameter which contained CRLF characters in order to inject additional headers or split the response. Versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 are affected.

tags | exploit, remote
advisories | CVE-2011-2732
MD5 | 4650d2ba4347dcd6d142449af9b9ac2c
MYRE Real Estate Software Cross Site Scripting / SQL Injection
Posted Sep 9, 2011
Authored by Sooraj K.S | Site secpod.com

MYRE Real Estate Software suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 59679210023e18354c4e4a3b4fcc9e56
Spring Framework Information Disclosure
Posted Sep 9, 2011
Authored by Stefano Di Paola, Arshan Dabirsiaghi, SpringSource Security Team

Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2011-2730
MD5 | 224237f28405fe41ce3d0e268c139c03
Xataface WebAuction / Librarian DB XSS / LFI / SQL Injection
Posted Sep 9, 2011
Authored by Antu Sanadi | Site secpod.com

Xataface WebAuction versions 0.3.6 and below and Xataface Librarian DB versions 0.2 and below suffer from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
MD5 | 0b7461d8e3f8de49a47776584327773e
BisonFTP 3.5 Buffer Overflow
Posted Sep 9, 2011
Authored by Veerendra G.G, localh0t | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the BisonFTP Server versions 3.5 and below.

tags | exploit, overflow
advisories | CVE-1999-1510
MD5 | 96f48d9dcb0f0f8c3117fc2a88548396
Ubuntu Security Notice USN-1197-5
Posted Sep 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-5 - USN-1197-1 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates. It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

tags | advisory
systems | linux, ubuntu
MD5 | 91e4a65a33472185d6dd6dbe4b0d25f1
Debian Security Advisory 2303-1
Posted Sep 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2303-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2011-1020, CVE-2011-1576, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2918, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 917e363aeecf249e485568a28a642067
Ubuntu Security Notice USN-1197-4
Posted Sep 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-4 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for the Network Security Service libraries (NSS). USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

tags | advisory
systems | linux, ubuntu
MD5 | 7dd014cca2eee2470dfa1318e8e2c18d
Debian Security Advisory 2302-1
Posted Sep 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2302-1 - It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitizing input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with root privileges.

tags | advisory, arbitrary, shell, root
systems | linux, debian
advisories | CVE-2011-3211
MD5 | 12a5ad7cd49bd5baa9d1099969e7ad01
HP Security Bulletin HPSBUX02702 SSRT100606
Posted Sep 9, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02702 SSRT100606 - A potential security vulnerability has been identified with HP-UX Apache Web Server. These vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192
MD5 | 309c6672b97deaad039191c96879c5fc
MyAuth 3 Blind SQL Injection
Posted Sep 9, 2011
Authored by Marcio Almeida

MyAuth version 3 remote blind SQL injection exploit that allows for access to a root shell.

tags | exploit, remote, shell, root, sql injection
MD5 | 95079b5dfaf96d2cdb7f4673893fee7f
Pluck 4.7 Local File Inclusion / Disclosure
Posted Sep 9, 2011
Authored by Bl4k3

Pluck version 4.7 suffers from local file disclosure and inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
MD5 | 7ff9061127314e9ffc11c3f9cc9797b5
Ubuntu 11.04 FTP Client Buffer Overflow
Posted Sep 9, 2011
Authored by localh0t

Ubuntu versions 11.04 and below ftp client local buffer overflow crash proof of concept exploit.

tags | exploit, overflow, local, proof of concept
systems | linux, ubuntu
MD5 | 1b85fe6de560ab101e403f2709e7219f
OpenCart 1.5.1.2 Blind SQL Injection
Posted Sep 9, 2011
Authored by Rires Walid

OpenCart version 1.5.1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 39df4b635c7a0177d4fe4a22994c254f
Microsoft Security Bulletin Advance Notification For September 2011
Posted Sep 9, 2011
Site microsoft.com

This bulletin summary lists 5 Microsoft security bulletins released for September 2011.

tags | advisory
MD5 | 9c420913de38ec0398a412de896f1f8a
28C3 Call For Participation
Posted Sep 9, 2011
Site cccv.pentabarf.org

Call for participation for the 28C3 Chaos Communication Congress. The Chaos Communication Congress is the annual four-day conference organized by the Chaos Computer Club (CCC) in Berlin, Germany. First held in 1984, it has since established itself as "The European Hacker Conference" attracting a diverse audience of thousands of hackers, scientists, artists, and utopists from all around the world. It will be held from December 27th through the 30th, 2011.

tags | paper, conference
MD5 | ff695a27cbfbdeabcb802b56bd12fb15
Secunia Security Advisory 45923
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the MailformPlus extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | ba816aa6e42fcfcf57a347ad7f173307
Secunia Security Advisory 45945
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
systems | linux, fedora
MD5 | e6a0b8f046026fcfe39c868bd4f04ad4
Secunia Security Advisory 45947
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Direct Mail Subscription extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | ab00594167d3b68c91a63cfd36ff389d
Page 1 of 2
Back12Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    16 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close