what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2011-09-23

Pantech Link/P7040P SSL Certificate Parsing
Posted Sep 23, 2011
Authored by Paul Kehrer | Site trustwave.com

Pantech Link/P7040P browser SSL certificate parsing contains a flaw where it fails to check the Basic Constraints parameter of certificates in the chain.

tags | advisory
SHA-256 | 05ac689c17d1d0ced452b3a748d9579a449b11a3cf9146257494b471ee8787a9
Snippet CMS 2.9 Cross Site Scripting
Posted Sep 23, 2011
Authored by CoBRa_21

Snippet CMS version 2.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ce28103ed4c015dcfa61b7684505164a0f275baf87d3f73ee702361d91a0f0af
Debian Security Advisory 2310-1
Posted Sep 23, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-4067, CVE-2011-0712, CVE-2011-1020, CVE-2011-2209, CVE-2011-2211, CVE-2011-2213, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2525, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836
IceWarp Mail Server Injection / Information Disclosure
Posted Sep 23, 2011
Site trustwave.com

IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities.

tags | exploit, php, vulnerability, info disclosure, xxe
advisories | CVE-2011-3580, CVE-2011-3579
SHA-256 | 177fcab56aba98987239362bc9964a8f77c924d6b9828e6ee3cf63ed1cfab71a
Sunway ForceControl 6.1 SP3 Stack Overflow / Directory Traversal
Posted Sep 23, 2011
Authored by Luigi Auriemma | Site aluigi.org

Sunway ForceControl versions 6.1 SP3 and below suffer from stack overflows, directory traversals, third party ActiveX code execution, and denial of service vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability, code execution, activex
systems | linux
SHA-256 | 89c4c166c8194c9585125b7a6737879dcfa4a5324859d50835a4df7c6271c943
Mandriva Linux Security Advisory 2011-135
Posted Sep 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-135 - It was discovered that the iproute2 package was not rebuilt against the latest iptables libraries. This may have security issues, as the current iproute2 should be calling an interface in the iptables libraries with incorrect arguments. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
SHA-256 | a4e60342d65555aecd95e0fb2248b88a7dbcd47532b94f39fccca26c1ac2df85
AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection
Posted Sep 23, 2011
Authored by MustLive

AWStats versions 6.0 and 7.0 suffers from CRLF injection, cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
SHA-256 | 59557071b1987b2fde0f1594bff019d2392bfda8e3b64f00a2219e1a52209747
Ubuntu Security Notice USN-1197-6
Posted Sep 23, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

tags | advisory
systems | linux, ubuntu
SHA-256 | ffcdd5bd50bb293ea8bfd41f16c5b291b1012994e0b0446df4dcd98cdd52ba28
WordPress Clickjacking
Posted Sep 23, 2011
Authored by Andrew Horton | Site security-assessment.com

This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.

tags | advisory, web, arbitrary, php
SHA-256 | 6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321
Zyncro Cross Site Scripting / SQL Injection
Posted Sep 23, 2011
Authored by Ferran Pichel | Site isecauditors.com

Zyncro suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 3d090067f0f959e9cf97dd199f23e7744fb3ae52ab14a5636464e0885b0b80f1
Ubuntu Security Notice USN-1215-1
Posted Sep 23, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.

tags | advisory, remote
systems | linux, ubuntu
SHA-256 | 5b052a7ad17040106cf59d16c4d5bc715cb92e50d84263e25ce9d3526181ada7
TWiki Cross Site Scripting
Posted Sep 23, 2011
Authored by Mesut Timur

TWiki versions prior to 5.1.0 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2011-3010
SHA-256 | 0b721e4d9676d5b60b610d1babe695c6509ba929ff94e78448e1a286678fbe4f
Plesk Control Panel 10.2 Cross Site Scripting
Posted Sep 23, 2011
Site xss.cx

Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 9ce94f018b6a159b2536c30e1849e01d5740c9bd9318fe2e6a86e92ad9d7fff7
Red Hat Security Advisory 2011-1334-01
Posted Sep 23, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1334-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Multiple flaws were found in the way Spring Framework 3 deserialized certain Java objects. If an attacker were able to control the stream from which an application with the Spring Framework 3 AOP in its class-path was deserializing objects, they could use these flaws to execute arbitrary code with the privileges of the JBoss Application Server process via a specially-crafted, serialized Java object.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2011-2894
SHA-256 | 442edbde35d879e5f6ef8501cfa0f1ff6854082e839ec89ffac4cd267f0d8341
Red Hat Security Advisory 2011-1333-01
Posted Sep 23, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1333-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444
SHA-256 | 0e33bcedad49a5cc8888e9a734c3e94fcecb1fb3502bcd6135296876772943af
HP Security Bulletin HPSBOV02497 SSRT090245 4
Posted Sep 23, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.

tags | advisory, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
SHA-256 | 276161f9b5defba94587895476977046f39846e30ab23de7e9fcec0f7db3fd13
Sabadkharid SQL Injection
Posted Sep 23, 2011
Authored by s1nahack3r

Sabadkharid suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4f49591983f6123ecd6d0a423471b6d6ce31a8e01e579b66b2ab4aa56dbf2273
Multi Threaded TCP Port Scanner 2.0
Posted Sep 23, 2011
Authored by SecPoint | Site secpoint.com

Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.

Changes: SYN support for scanning. Minor bug fixes. More default ports and more.
tags | tool, scanner, tcp
systems | unix
SHA-256 | f7a1988b7fa2031d76134d53841a1a59fe4268b7b7ee60f194d73c64614abf0a
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close