what you don't know can hurt you
Showing 1 - 25 of 54 RSS Feed

Files Date: 2011-10-25

Joomla YJ Contact Local File Inclusion
Posted Oct 25, 2011
Authored by MeGo

The Joomla YJ Contact component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 8720c539e8911f2948c7331369b5a141
Packet Fence 3.0.2
Posted Oct 25, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This minor release focused on small improvements and fixes, including some security fixes. Enhancements included Trapeze hardware support, support for wireless devices in bridge mode, and guest management options put behind configurable values. There were several inline enforcement and guest management fixes, changes to default firewall rules, fixes for long-standing issues with the pie charts in the Web admin, and several other minor bugfixes.
tags | tool, remote
systems | unix
MD5 | d4b6326a15c0c37a8e72de4feadceb18
Haveged 1.3
Posted Oct 25, 2011
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: haveged has been reorganized to allow its collection mechanism to be better accessed directly through the file system. This reorganization includes the option to suppress the daemon interface in the build for circumstances where /dev/random is unavailable or its use is inappropriate. This also means that haveged can now be built and used on non-Linux systems.
tags | tool
systems | linux, unix
MD5 | 7e7fed038fa45f455610ed430ca30a5e
Red Hat Security Advisory 2011-1402-01
Posted Oct 25, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1402-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3256
MD5 | e4860bf8dd5f4f3b4d8322e1b4712803
Ubuntu Security Notice USN-1248-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.

tags | advisory, spoof
systems | linux, ubuntu
advisories | CVE-2011-3365
MD5 | ea875d820a8dc7f6f1b616901e19ae6a
Ubuntu Security Notice USN-1238-2
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3872
MD5 | c68495a1f07f49f1ad6821bf20130d16
Ubuntu Security Notice USN-1247-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1247-1 - An information leak was discovered in Nova. An attacker with access to a valid EC2_ACCESS_KEY could obtain the corresponding EC2_SECRET_KEY for that user.

tags | advisory
systems | linux, ubuntu
MD5 | 588d3a4df490a9ff3ad0e089f9e9ea59
Jara 1.6 Cross Site Scripting
Posted Oct 25, 2011
Authored by Expl0its

Jara version 1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d11e6179f8cd2aa6d98aad1915773d74
HP Security Bulletin HPSBUX02700 SSRT100506 2
Posted Oct 25, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02700 SSRT100506 2 - Potential security vulnerabilities have been identified in HP-UX running the Veritas Enterprise Administrator (VEA), which comes bundled with VxVM. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2011-0547
MD5 | 8b1826147bf26c98ffa8dd875e09e0be
Gentoo Linux Security Advisory 201110-23
Posted Oct 25, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-23 - An input sanitation flaw in mod_authnz_external allows remote attacker to conduct SQL injection. Versions prior to 3.2.6 are affected.

tags | advisory, remote, sql injection
systems | linux, gentoo
advisories | CVE-2011-2688
MD5 | 11259463e435feb779db988e9f45c527
Ubuntu Security Notice USN-1246-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1246-1 - Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2011-2213, CVE-2011-2497, CVE-2011-2695, CVE-2011-2700, CVE-2011-2723, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 7c7f25407535036c70e0426c08f4c579
Ubuntu Security Notice USN-1245-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | a377b41087e2fdf775b805d448907abc
Ubuntu Security Notice USN-1244-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-3873, CVE-2011-2183, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2517, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3363
MD5 | 4483b1d256342df0c0be0cc7f289dd23
Ubuntu Security Notice USN-1243-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363
MD5 | fff4a0f314b96a2bab0a25782dc9e3c4
Ubuntu Security Notice USN-1242-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363, CVE-2010-4250
MD5 | a1392163976dafaae4ee98fda84eec69
Ubuntu Security Notice USN-1241-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1241-1 - It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2011-1573, CVE-2011-1576, CVE-2011-1776, CVE-2011-2213, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2695, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191, CVE-2011-3363
MD5 | 447c461aca2cec9be3fb95e5c596cd81
Ubuntu Security Notice USN-1240-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 7f8b27a4895207903ddd22763f71b81a
Ubuntu Security Notice USN-1239-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 0145fca527819eed3f01ab8622ae7882
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection
Posted Oct 25, 2011
Authored by EgiX, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.

tags | exploit, php
MD5 | 6ff2f43db9509854e854f8121b45df3e
Gentoo Linux Security Advisory 201110-22
Posted Oct 25, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-22 - Multiple vulnerabilities in the PostgreSQL server and client allow remote attackers to conduct several attacks, including the execution of arbitrary code and denial of service. Versions less than or equal to 9 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0922, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, CVE-2009-4034, CVE-2009-4136, CVE-2010-0442, CVE-2010-0733, CVE-2010-1169, CVE-2010-1170, CVE-2010-1447, CVE-2010-1975, CVE-2010-3433, CVE-2010-4015, CVE-2011-2483
MD5 | f7d036f0c50c94edf6b793b5e129be78
Debian Security Advisory 2327-1
Posted Oct 25, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2327-1 - Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2011-2766
MD5 | 492844c82ef9a3ab5cbe1e128424984f
zFTP Server Remote Denial Of Service
Posted Oct 25, 2011
Authored by Myo Soe

The zFTP server suffers from a remote denial of service condition when handling multiple STAT and CWD command requests.

tags | exploit, remote, denial of service
systems | linux
MD5 | c12dc94d14939ee2a758f1b83e6b46fd
Secunia Security Advisory 46562
Posted Oct 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tele-Consulting has reported multiple vulnerabilities in Alcatel-Lucent OmniTouch 8400 Instant Communication Suite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | 5fc23edcca764bd7ecd70f2790b0aca6
Secunia Security Advisory 46565
Posted Oct 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alcatel-Lucent has acknowledged multiple vulnerabilities in Alcatel-Lucent Business integrated Communication Solution, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | 99dd45d25198a0fb7eec6d9f6ab68fdd
Secunia Security Advisory 46568
Posted Oct 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for postgresql. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), gain escalated privileges, and compromise a vulnerable system and by malicious people to conduct spoofing attacks and bypass certain security restrictions.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, gentoo
MD5 | b5d333f5bc1097177047a7f76337e45f
Page 1 of 3
Back123Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close