what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2011-10-21

Gentoo Linux Security Advisory 201110-14
Posted Oct 21, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-14 - Multiple vulnerabilities were found in D-Bus, the worst of which allowing for a symlink attack. Versions less than 1.4.12 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2010-4352, CVE-2011-2200, CVE-2011-2533
SHA-256 | 55b8075783df5c6f9b4afa7745043043619b3aca7b24e38ad62b9bcd97d97883
Oracle Database Spatial SQL Injection
Posted Oct 21, 2011
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.

tags | advisory, sql injection
advisories | CVE-2011-3512
SHA-256 | 4616869b107611943cfb158aaeb48dfebc849d4b8aa5d6f570567435e9d23081
Oracle Database Account Management Protection Bypass
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).

tags | advisory, bypass
advisories | CVE-2011-2322, CVE-2011-3511
SHA-256 | 08eb0063be1a9f53dacc8a42dfd1b62599503ff8a01981427d4b037d0ff49eff
Open EMR 4.0 SQL Injection
Posted Oct 21, 2011
Authored by Houssam Sahli, Mehdi Boukazoula

Open EMR version 4.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 115ccc61323b5f3e6518c7a2084a9bd363254a02e7ef505592e749b25644dfd5
Oracle Database CTXSYS.DRVDISP.TABLEFUNC_ASOWN Buffer Overflow
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.

tags | advisory, overflow
advisories | CVE-2011-2301
SHA-256 | 1770f12dffe5349b52e240a1777ecd2d6c40866b8e7d13e00fc89042de1955e0
HWK Wireless Auditing Tool 0.3.1
Posted Oct 21, 2011
Authored by atzeton | Site sourceforge.net

hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.

tags | tool, wireless
systems | linux, unix
SHA-256 | fd8f96435bfbc2c8b9e273632f1b0d1579d7413d749d7fc059f09193858d585e
Mandriva Linux Security Advisory 2011-158
Posted Oct 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-158 - Multiple vulnerabilities have been found and corrected in phpmyadmin. Missing sanitization on the table, column and index names leads to XSS vulnerabilities. When the js_frame parameter of phpmyadmin.css.php is defined as an array, an error message shows the full path of this file, leading to possible further attacks. Other issues were also addressed.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3181, CVE-2011-3646, CVE-2011-4064
SHA-256 | 513a6634ec239490a9a92a87936f7267be3961a1e77857529e832da2c9b6ba9e
Cyclope Internet Filtering Proxy 4.0 Denial Of Service
Posted Oct 21, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy version 4.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 88e107c4bd84cd131ab1004d7397c57eab86ce2aa642b91196f8730223d2e824
Sports PHool 1.0 Remote File Inclusion
Posted Oct 21, 2011
Authored by cr4wl3r

Sports PHool versions 1.0 and below remote file inclusion exploit.

tags | exploit, remote, code execution, file inclusion
SHA-256 | c9a5c128ec7ff9c3d7ec7c6edb9409f77c5343312821b394125b2666c39bb2b6
Microsoft Internet Explorer X-UA-COMPATIBLE Use-After-Free
Posted Oct 21, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing the "X-UA-COMPATIBLE" keyword of a "META" tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, remote, web
SHA-256 | 48c8c110e7a16caf9bec75c333999b1e5148e63511b0674e0649301d7dfb1252
WordPress ThemeCity Cross Site Scripting
Posted Oct 21, 2011
Authored by Mr.PaPaRoSSe

WordPress ThemeCity suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 480a0862d20875300617c3117d32f28a213fe2b504fccb44353af5cad6b61d1c
Mandriva Linux Security Advisory 2011-157
Posted Oct 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-157 - FreeType allows remote attackers to execute arbitrary code or cause a denial of service via a crafted font. A regression was found in freetype2 in Mandriva Enterprise Server 5 that caused ugly font rendering with firefox. Additionally, improvements concerning the LZW handling (as noted in the freetype-2.4.7 version) was added. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3256
SHA-256 | 6f11129e2987a35e63c2b055f657449a05b60e7b6e472f6484ab277b8302f973
inCommand Technologies Cross Site Scripting
Posted Oct 21, 2011
Authored by md.r00t

inCommand Technologies suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dc4746b27e2df90e6a39ca95395e5cc14bd1078f7b2ede898c0defeb07d1f3bd
Radius Manager 3.9.0 SQL Injection
Posted Oct 21, 2011
Authored by Mehdi Boukazoula

Radius Manager version 3.9.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d7465d1cae603ceb6c99ab6cb16dcc593475dfd9122a239007bd547a0423fc45
Ubuntu Security Notice USN-1232-3
Posted Oct 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1232-3 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4818
SHA-256 | d16b6ed5db915dab2883dbe8e21542b35ed1a03bc7433c600486d192144e139b
Oracle AutoVue 20.0.1 AutoVueX SaveViewStateToFile File Creation
Posted Oct 21, 2011
Authored by rgod | Site retrogod.altervista.org

Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control SaveViewStateToFile remote file creation / overwrite vulnerability. Proof of concept code included.

tags | exploit, remote, activex, proof of concept
systems | linux
SHA-256 | aeb1dfdd12a44a730bcec5864f95e60c365b938d372f776b6178f5919b0b4cf8
Oracle AutoVue 20.0.1 AutoVueX Export3DBom Code Execution
Posted Oct 21, 2011
Authored by rgod | Site retrogod.altervista.org

Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control Export3DBom remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, activex, proof of concept
systems | linux
SHA-256 | f6e3523ba390057db8b6b08be7f5fe37093ca96f4f6757e658263c95e5e02a38
Oracle AutoVue 20.0.1 AutoVueX ExportEdaBom Code Execution
Posted Oct 21, 2011
Authored by rgod | Site retrogod.altervista.org

Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control ExportEdaBom remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, activex, proof of concept
systems | linux
SHA-256 | 1803baa2803612ed90a10f88057d39ae9f52161fa48eacbdfb002679c5977463
Secunia Security Advisory 46476
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for ldns. This fixes a vulnerability, which can be exploited by malicious users to compromise an application using the library.

tags | advisory
systems | linux, fedora
SHA-256 | 05156b796b50ff48e75f9c548025092ca15f7d548fd6eef5b4c5333286e0d855
Secunia Security Advisory 46511
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Ray Server Software, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 952d585720ba2c517d193737c74648d28e2b2f90f548daa5828d4fb1b353c204
Secunia Security Advisory 46494
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 66de2ef0e0f9b490fb730f3fc0473e68c770ed69da2896f9844d18420f114458
Secunia Security Advisory 46475
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, fedora
SHA-256 | 59dd999fdf17947af5e1f750d7a7d5aa298d7b4ce85e2ea85cb7b15dc5c715ad
Secunia Security Advisory 46479
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for gimp. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
systems | linux, suse
SHA-256 | c618e4f9d3f1380cfa40b1cfe5624bf58fc733f1bdad5268a6645a575433103f
Secunia Security Advisory 46472
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for tor. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
SHA-256 | 1350318873256e37be08e7a2a7048927e168afb7032b908b1b1cc084a05cc4c7
Secunia Security Advisory 46465
Posted Oct 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in Cisco Show and Share, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.

tags | advisory
systems | cisco
SHA-256 | 7baea8f03424786bc1d91896230ea8cd782d9eddcbb48abdda8fe4b0e0b29059
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close