accept no compromises
Showing 1 - 25 of 59 RSS Feed

Files Date: 2011-11-09

Ubuntu Security Notice USN-1256-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494
MD5 | ee2685f0b4d767be1169393f2ba5d7c7
AbsoluteFTP 2.2.10 Buffer Overflow
Posted Nov 9, 2011
Authored by Node

AbsoluteFTP versions 1.9.6 through 2.2.10 remote buffer overflow exploit that leverages LIST.

tags | exploit, remote, overflow
MD5 | 40fa43eda809dedf85cfeb7d8ee35974
Aviosoft Digital TV Player Professional 1.x Buffer Overflow
Posted Nov 9, 2011
Authored by modpr0be

Aviosoft Digital TV Player Professional version 1.x stack buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
MD5 | f4beae934cde090009a3740b70e26d08
Debian Security Advisory 2342-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2342-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | 29e08a0d7f0ff415d109dce47ab10613
WebDirector SQL Injection / Administrative Bypass
Posted Nov 9, 2011
Authored by DoZ

WebDirector suffers from administrative bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 8d801df448dc98b7f72002a44e61812b
Apple Security Advisory 2011-11-08-1
Posted Nov 9, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-11-08-1 - Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.

tags | advisory, java, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561
MD5 | 4ce2a2cdb81347ddcadd7a0bf0cd56f7
Debian Security Advisory 2341-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2341-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | d6567ff4e985192d6a059acd490abcb8
Cisco Security Advisory 20111109-telepresence-c-ex-serie
Posted Nov 9, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Software that runs on Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices was updated to include secure default configurations beginning with the TC4.0 release. This change was accompanied by the release of Cisco Security Advisory cisco-sa-20110202-tandberg. Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory.

tags | advisory, root
systems | cisco
MD5 | 4355f32309ad80c570f348d432ef874f
VtigerCRM 5.2.1 Local File Inclusion
Posted Nov 9, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

VtigerCRM version 5.2.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 08fca78a4e28ed06b550506fe99f592f
Mandriva Linux Security Advisory 2011-168
Posted Nov 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2011-3348, CVE-2011-3192
MD5 | d34eb9f362cf7d95f3d4f03f1a03b0e3
Ubuntu Security Notice USN-1255-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1255-1 - Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915
MD5 | c15269cc174a385c7b0846bced3e00f0
AShop 5.1.3 Cross Site Scripting / Open Redirect
Posted Nov 9, 2011
Authored by Stefan Schurtz

AShop version 5.1.3 suffers from cross site scripting and open redirect vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c56b3e656649ab653f395e2bed369f48
Dolibarr 3.1.0 Cross Site Scripting
Posted Nov 9, 2011
Authored by Stefan Schurtz

Dolibarr version 3.1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ecddba842d3bba4b92cd6842179e870f
Red Hat Security Advisory 2011-1444-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1444-01 - Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory, web
systems | linux, redhat
MD5 | 73672b0f20775b92cebffee70786cead
LabWiki 1.1 Cross Site Scripting / Shell Upload
Posted Nov 9, 2011
Authored by muuratsalo

LabWiki versions 1.1 and below suffer from cross site scripting and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss
MD5 | 0d5c93ae64a7217655ad31e46873fb94
Adobe Shockwave Player Denial Of Service
Posted Nov 9, 2011
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file parsing denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2011-2448
MD5 | 2ab6ebd6bf459bab948d9c7da051e1d5
Adobe Shockwave Player Memory Corruption
Posted Nov 9, 2011
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file PAMM memory corruption vulnerability.

tags | advisory
advisories | CVE-2011-2446
MD5 | 7b8719a9d37476ef33dfe269b8a9c5ee
Red Hat Security Advisory 2011-1441-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-3377
MD5 | 70ffdafb86ee86eb8e92e02d4c8cc217
Red Hat Security Advisory 2011-1440-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1440-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, javascript, xss
systems | linux, redhat
advisories | CVE-2011-3648
MD5 | 1ba5703d30377b8d5a2cb56538fbfd06
EIN-SOF SQL Injection
Posted Nov 9, 2011
Authored by 3spi0n

Sites designed by EIN-SOF suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 3634813d20b1f35d275ff81f8bbba5e4
Microsoft Security Bulletin Re-Release For November, 2011
Posted Nov 9, 2011
Site microsoft.com

This is a notification from Microsoft that MS11-037, MS11-JUN, and MS11-071 have undergone major revision increments.

tags | advisory
MD5 | a0aa71be32202c4caa0fa8197a00f49b
Adobe Shockwave Player TextXtra.x32 Memory Corruption
Posted Nov 9, 2011
Authored by Core Security Technologies, Pablo Santamaria | Site coresecurity.com

Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-2447
MD5 | d3b84c019ed4dff8a2cd96a854297dc7
Technical Cyber Security Alert 2011-312A
Posted Nov 9, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-312A - There are multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | windows
MD5 | c74048b8cb7ddf11361a590cfdc5534b
Ubuntu Security Notice USN-1253-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 7761ddb7b1ba2737c6628228e6c4243d
Microsoft Security Bulletin Notification For November
Posted Nov 9, 2011
Site microsoft.com

This bulletin summary lists 4 Microsoft security bulletins released for November, 2011.

tags | advisory
MD5 | 515a28cc8fe29e5b1130d270bc100344
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close