what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2011-09-23

Pantech Link/P7040P SSL Certificate Parsing
Posted Sep 23, 2011
Authored by Paul Kehrer | Site trustwave.com

Pantech Link/P7040P browser SSL certificate parsing contains a flaw where it fails to check the Basic Constraints parameter of certificates in the chain.

tags | advisory
MD5 | ea014c4ab8c712759115c8c3bfde4a74
Snippet CMS 2.9 Cross Site Scripting
Posted Sep 23, 2011
Authored by CoBRa_21

Snippet CMS version 2.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 20dc468316f865eb73932e1ed07b8f43
Debian Security Advisory 2310-1
Posted Sep 23, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-4067, CVE-2011-0712, CVE-2011-1020, CVE-2011-2209, CVE-2011-2211, CVE-2011-2213, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2525, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 65d8d1aa0819020e5a4ce26c40213ab3
IceWarp Mail Server Injection / Information Disclosure
Posted Sep 23, 2011
Site trustwave.com

IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities.

tags | exploit, php, vulnerability, info disclosure, xxe
advisories | CVE-2011-3580, CVE-2011-3579
MD5 | 9ad56591c73dd6faeb069dcade105a91
Sunway ForceControl 6.1 SP3 Stack Overflow / Directory Traversal
Posted Sep 23, 2011
Authored by Luigi Auriemma | Site aluigi.org

Sunway ForceControl versions 6.1 SP3 and below suffer from stack overflows, directory traversals, third party ActiveX code execution, and denial of service vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability, code execution, activex
systems | linux
MD5 | a1216779ffc7ea4b96f445c5e5992778
Mandriva Linux Security Advisory 2011-135
Posted Sep 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-135 - It was discovered that the iproute2 package was not rebuilt against the latest iptables libraries. This may have security issues, as the current iproute2 should be calling an interface in the iptables libraries with incorrect arguments. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
MD5 | 922de1c99ec11b2ce3c7f05e7db428e6
AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection
Posted Sep 23, 2011
Authored by MustLive

AWStats versions 6.0 and 7.0 suffers from CRLF injection, cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
MD5 | 6cd38e23aab6ff54fd8a266aacbc51fd
Ubuntu Security Notice USN-1197-6
Posted Sep 23, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

tags | advisory
systems | linux, ubuntu
MD5 | 7d459925238222ddffac6867c838363f
WordPress Clickjacking
Posted Sep 23, 2011
Authored by Andrew Horton | Site security-assessment.com

This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.

tags | advisory, web, arbitrary, php
MD5 | e2abac98d6f8c708eef84b5e166ca4e1
Zyncro Cross Site Scripting / SQL Injection
Posted Sep 23, 2011
Authored by Ferran Pichel | Site isecauditors.com

Zyncro suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | fa4a13bc07b49dafb82d18c8498a8bb7
Ubuntu Security Notice USN-1215-1
Posted Sep 23, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.

tags | advisory, remote
systems | linux, ubuntu
MD5 | dd1dddd8b8abf8364a4e40825661688e
TWiki Cross Site Scripting
Posted Sep 23, 2011
Authored by Mesut Timur

TWiki versions prior to 5.1.0 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2011-3010
MD5 | 3f158c74952c5604cd1fa54f04fa5da1
Plesk Control Panel 10.2 Cross Site Scripting
Posted Sep 23, 2011
Site xss.cx

Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 2eb876c40da0d9da7c27b3f3ec4926b6
Red Hat Security Advisory 2011-1334-01
Posted Sep 23, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1334-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Multiple flaws were found in the way Spring Framework 3 deserialized certain Java objects. If an attacker were able to control the stream from which an application with the Spring Framework 3 AOP in its class-path was deserializing objects, they could use these flaws to execute arbitrary code with the privileges of the JBoss Application Server process via a specially-crafted, serialized Java object.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2011-2894
MD5 | 4143e0c64e310bd623f90e312ea356da
Red Hat Security Advisory 2011-1333-01
Posted Sep 23, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1333-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444
MD5 | e1b292a7166583f584a8b3176be34dfd
HP Security Bulletin HPSBOV02497 SSRT090245 4
Posted Sep 23, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.

tags | advisory, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
MD5 | 111e4142e6b3a5f7d141c0e00e8b64db
Sabadkharid SQL Injection
Posted Sep 23, 2011
Authored by s1nahack3r

Sabadkharid suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | db4f730689b0658536af99cf759aad9a
Multi Threaded TCP Port Scanner 2.0
Posted Sep 23, 2011
Authored by SecPoint | Site secpoint.com

Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.

Changes: SYN support for scanning. Minor bug fixes. More default ports and more.
tags | tool, scanner, tcp
systems | unix
MD5 | c398eee78ee925863e2a32c58479b8b6
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close