exploit the possibilities
Showing 1 - 25 of 36 RSS Feed

Files Date: 2011-12-06

Debian Security Advisory 2359-1
Posted Dec 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2359-1 - It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true.

tags | advisory
systems | linux, debian
advisories | CVE-2011-4358
MD5 | 749a55848c9f7ae994c344b20d39e7f0
Red Hat Security Advisory 2011-1635-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1635-03 - The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.

tags | advisory, overflow, arbitrary
systems | linux, redhat, unix
advisories | CVE-2011-2896
MD5 | 1697eb5cb7551765cb871dba17ae642d
WebIndia Hosting Cross Site Scripting / SQL Injection
Posted Dec 6, 2011
Authored by 3spi0n

WebIndia Hosting suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 3ac52fef1180d7531ac0a211ff5f0e85
Red Hat Security Advisory 2011-1615-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1615-03 - virt-v2v is a tool for converting and importing virtual machines to libvirt-managed KVM, or Red Hat Enterprise Virtualization. Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted guest's VNC console. Now, converted guests will require the same VNC console password as the original guest. Note that when converting a guest to run on Red Hat Enterprise Virtualization, virt-v2v will display a warning that VNC passwords are not supported.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-1773
MD5 | 0e1ba58e41b6ae5b21df5f66673a3ffc
HP Security Bulletin HPSBMU02726 SSRT100685 2
Posted Dec 6, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02726 SSRT100685 2 - A potential security vulnerability has been identified with HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris. The vulnerability could be locally exploited to gain unauthorized access to a directory. Revision 2 of this advisory.

tags | advisory
systems | linux, solaris, aix, hpux
advisories | CVE-2011-4160
MD5 | 785c52100ea4b62e1896914df7935e38
Red Hat Security Advisory 2011-1581-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1581-03 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes. A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2011-2705, CVE-2011-3009
MD5 | 0ae37fa667a635323e4b590490b5c715
Red Hat Security Advisory 2011-1580-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1580-03 - The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2010-3389
MD5 | b29476fb9bd04a252e2b78272c9962a8
Red Hat Security Advisory 2011-1536-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1536-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4083
MD5 | a966522a45e673d60d0875d4a3bcb3d6
Red Hat Security Advisory 2011-1534-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1534-03 - The nfs-utils packages provide a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported to a group of systems using a DNS wildcard or NIS netgroup, an attacker could possibly gain access to other directories exported to a specific host or subnet, bypassing intended access restrictions.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-1749, CVE-2011-2500
MD5 | 375ff0561809723057968e8531404399
Red Hat Security Advisory 2011-1533-04
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1533-04 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.

tags | advisory, remote, web, csrf
systems | linux, redhat, unix
advisories | CVE-2011-3636
MD5 | 7cd7c5f46a10875dc34350c66fbbfb79
Red Hat Security Advisory 2011-1532-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1532-03 - Kexec allows for booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps. mkdumprd created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2011-3588, CVE-2011-3589, CVE-2011-3590
MD5 | f991017ba1e5e5c40ceb8b09c657199f
Red Hat Security Advisory 2011-1531-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1531-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-2527
MD5 | 31787241acc4337bc357b83f0585fef3
Red Hat Security Advisory 2011-1530-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1530-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3347, CVE-2011-3638, CVE-2011-4110
MD5 | dfc3ef314e2580c0027a786e0bf031cb
Red Hat Security Advisory 2011-1526-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1526-03 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.

tags | advisory, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2009-5064, CVE-2011-1089
MD5 | ea38bf6d87800e71cb6dd203fb233c5f
WordPress Pretty Link 1.5.2 Cross Site Scripting
Posted Dec 6, 2011
Authored by Am!r | Site irist.ir

WordPress Pretty Link plugin version 1.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3e75143a16a9c672d13c26a66310f948
SMF Portal 1.1.15 Shell Upload
Posted Dec 6, 2011
Authored by HELLBOY

SMF Portal version 1.1.15 suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 84daf6285f6d166761ec993d9647518e
EPractize Labs Backdoor
Posted Dec 6, 2011
Authored by Jan van Niekerk

EPractize Labs spamming software appears to have a file write backdoor.

tags | exploit
MD5 | 80ecf56129abd7612e084bb1ff24753a
Web Backdoors - Attack, Evasion And Detection
Posted Dec 6, 2011
Authored by FB1H2S

Whitepaper called Web Backdoors - Attack, Evasion and Detection. This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. It explains a few techniques that could be used to render undetectable and unnoticed backdoors inside web applications.

tags | paper, web
MD5 | a20aeba09104afb3f9e5e9a93ee0cd9c
AlstraSoft EPay Enterprise 4.0 SQL Injection
Posted Dec 6, 2011
Authored by Don from BalcanCrew

AlstraSoft EPay Enterprise version 4.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 91c330f0b55acfbed8e29aa878c867ac
Five Star Review Remote SQL Injection
Posted Dec 6, 2011
Authored by EthicalPractice

Five Star Review suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 46e05b7584e3ff349efafef8b36b8694
PHP Calendars SQL Injection
Posted Dec 6, 2011
Authored by Mr.MLL

PHP Calendars suffers from a remote SQL injection vulnerability in eventdisplay.php.

tags | exploit, remote, php, sql injection
MD5 | 625de987a961f8a5a46656e8c344ca36
Secunia Security Advisory 47090
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 142cc16b0b167385834afe7ba56d7b9e
Secunia Security Advisory 47072
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in EPractize Labs Subscription Manager, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 3cb157806eec11d05643b7ffe72aa193
Secunia Security Advisory 47127
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Google Chrome, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | ed1e07b83cee7fbcccc344902c03b58f
Secunia Security Advisory 47128
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Opera, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | f29a50cc1514a900ec8d98c684f357bc
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close