Exploit the possiblities
Showing 1 - 25 of 46 RSS Feed

Files Date: 2011-12-08

Red Hat Security Advisory 2011-1801-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1801-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4111
MD5 | ee6abb2d22f6624ee9b2ea95bd05563b
Red Hat Security Advisory 2011-1800-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1800-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 296f00f98530195c6dde94e22d9abf79
Red Hat Security Advisory 2011-1799-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1799-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 793b887b9a50c55fbd66bf3a7083b713
Red Hat Security Advisory 2011-1798-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | exploit, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 5671b5f7f9fdd48d14d7ab20d42dc559
Red Hat Security Advisory 2011-1797-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1797-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.

tags | advisory, remote, web, arbitrary, cgi, perl
systems | linux, redhat
advisories | CVE-2010-2761, CVE-2010-4410, CVE-2011-3597
MD5 | b400cc5f054a764c47b2cdc38af433d1
JavaScript Switcharoo Proof Of Concept
Posted Dec 8, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.

tags | exploit, javascript
MD5 | fbb16e97002e8540980b677c7dab802b
Joomla QContacts 1.0.6 SQL Injection
Posted Dec 8, 2011
Authored by Don from BalcanCrew

Joomla QContacts component version 1.0.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 539045eb1eaaa3853ccfe95a35138839
SantriaCMS SQL Injection
Posted Dec 8, 2011
Authored by Troy

SantriaCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7e30f1fbf9e49d5f84607bc3fcb44514
HP Application Lifestyle Management Platform 11 Code Execution
Posted Dec 8, 2011
Authored by 0a2940

HP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
MD5 | 9f1910278de9f0e73b868299a8b263b5
Ubuntu Security Notice USN-1294-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1294-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2494, CVE-2011-2942, CVE-2011-3209, CVE-2011-3638, CVE-2011-4081, CVE-2011-4087, CVE-2011-4326
MD5 | 4140a017e41c8e07afe8d2c3038b67a3
Ubuntu Security Notice USN-1293-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1293-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
MD5 | 48786b190cd0797fd78643ec0228d7e3
Ubuntu Security Notice USN-1292-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1292-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
MD5 | c18b940f56da2f040ff9c9a7f5ac57c0
Ubuntu Security Notice USN-1291-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1291-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4132, CVE-2011-4330
MD5 | bcf508fcf3a228a94b568de357738f77
Restorepoint 3.2-Evaluation Remote Root Command Execution
Posted Dec 8, 2011
Authored by Tavaris Desamito | Site trustmatta.com

The 3.2 evaluation image of Restorepoint is vulnerable to a remote command execution vulnerability in the remote_support.cgi script prior to license activation.

tags | exploit, remote, cgi
advisories | CVE-2011-4201, CVE-2011-4202
MD5 | 79b4c5ab83bc560c00bd5aa047d01dab
Download.com Adding Malware To Nmap
Posted Dec 8, 2011
Authored by Fyodor | Site insecure.org

This is Fyodor's latest update on the CNET Download.com fiasco where they are packaging third party software with their own additions.

tags | advisory
MD5 | d1d8c8da3f3dec0fa2e0de2c2aee70f6
Secunia Security Advisory 47052
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mojarra. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, debian
MD5 | e7e62eacb0a6d2814f83d1987b0ece23
Secunia Security Advisory 47110
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FreeIPA, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 9025226e9e42ad93f182a0267a713f67
Secunia Security Advisory 47144
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php-pear. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local, php
systems | linux, redhat
MD5 | 87947ac0f3e21e8d6e211f003b39f3b9
Secunia Security Advisory 47154
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, redhat
MD5 | 81d8ab1329cd3722e84c70654cb1488d
Secunia Security Advisory 47130
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
MD5 | 6bdd60ead9e77c7fbd9552d8a30a251e
Secunia Security Advisory 47159
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
MD5 | 19ab3c56b35c8cf52ad97b7534d5222f
Secunia Security Advisory 47161
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | eaeabc6f0f3562edd64f67d2be44b584
Secunia Security Advisory 47135
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for chasen. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, debian
MD5 | fd7951207311096e3db7792ac8608ea0
Debian Security Advisory 2361-1
Posted Dec 8, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2361-1 - It was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2011-4000
MD5 | b67bd8e072d617cb9de16d82b17fb970
Zero Day Initiative Advisory 11-345
Posted Dec 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user

tags | advisory, remote, arbitrary, tcp
MD5 | a94d56edf29b12fb1ec8aaf626a9e64e
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close