what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2011-12-08

Red Hat Security Advisory 2011-1801-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1801-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4111
SHA-256 | f08148ae167c0768b601225b0105f767e9cb21cde5993cc3bc42b1cd64876d00
Red Hat Security Advisory 2011-1800-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1800-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | f41e0e59862059ec69d282b7aabd6a45c7f8e0c893c2c998ac588c29510865d2
Red Hat Security Advisory 2011-1799-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1799-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | 75815dbfc47896a7ab8f8d971a9c619785c6b757663a1cb4e4651a5180788493
Red Hat Security Advisory 2011-1798-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | exploit, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | a2a81f8c718a7723612e5ed9c9366747cb68843e8a1c571e228cd26c12fbd2db
Red Hat Security Advisory 2011-1797-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1797-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.

tags | advisory, remote, web, arbitrary, cgi, perl
systems | linux, redhat
advisories | CVE-2010-2761, CVE-2010-4410, CVE-2011-3597
SHA-256 | 4dd2ff62109698b9d1de32696e2c6a19a08749ab01aacf35058867ffd8177aab
JavaScript Switcharoo Proof Of Concept
Posted Dec 8, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.

tags | exploit, javascript
SHA-256 | fcf6a2f8bd756f73ae0cea59488d296084adcdadeda5ca6d9e401595b8736f42
Joomla QContacts 1.0.6 SQL Injection
Posted Dec 8, 2011
Authored by Don from BalcanCrew

Joomla QContacts component version 1.0.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2569f0bcc18ee13254ee6c1564181305188fbcd5aa06ff1df1df3d84c31e385b
SantriaCMS SQL Injection
Posted Dec 8, 2011
Authored by Troy

SantriaCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | cda4a7c570884ac6ded284217d84ecc0ba065bf1daddd3f7af5e82709dfb2efc
HP Application Lifestyle Management Platform 11 Code Execution
Posted Dec 8, 2011
Authored by 0a2940

HP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
SHA-256 | ef932a54ded081a7757e2161d0584d1237286a7a50c4b0fad05bed5e152badce
Ubuntu Security Notice USN-1294-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1294-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2494, CVE-2011-2942, CVE-2011-3209, CVE-2011-3638, CVE-2011-4081, CVE-2011-4087, CVE-2011-4326
SHA-256 | acab8d51e69e89ac69916bfde79578d48d20a5c740ed8334923ba6a32afe7023
Ubuntu Security Notice USN-1293-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1293-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
SHA-256 | 7fc196aedda92fd82f8306f34f53fdcc76d7e2380188eab9863908f25206edd3
Ubuntu Security Notice USN-1292-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1292-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
SHA-256 | e56bd530ab01e0d28606cc55207499939d90e747e47252a8abe8e9591ba531f5
Ubuntu Security Notice USN-1291-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1291-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4132, CVE-2011-4330
SHA-256 | 2898c81e08aa59f58b87d94dae03200e92b3371465b43e371d4113f24da945fd
Restorepoint 3.2-Evaluation Remote Root Command Execution
Posted Dec 8, 2011
Authored by Tavaris Desamito | Site trustmatta.com

The 3.2 evaluation image of Restorepoint is vulnerable to a remote command execution vulnerability in the remote_support.cgi script prior to license activation.

tags | exploit, remote, cgi
advisories | CVE-2011-4201, CVE-2011-4202
SHA-256 | 2ba071b3366e0b276ade67905a48b2cefde4a0fc3b57bab0aa5fac1af8e646c1
Download.com Adding Malware To Nmap
Posted Dec 8, 2011
Authored by Fyodor | Site insecure.org

This is Fyodor's latest update on the CNET Download.com fiasco where they are packaging third party software with their own additions.

tags | advisory
SHA-256 | d94fdfbf33d2407700b9b12567eb0441217bb70e233ba79e1554d89b8efda071
Secunia Security Advisory 47052
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mojarra. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, debian
SHA-256 | c7cca8538dcd5d23ce13434658ea06f3f3db1bcdaed31c4bbc7ff6f133a47c0e
Secunia Security Advisory 47110
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FreeIPA, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 1a52afda06882f7909e55122ed96742fbb04fa869ccc4f388edf608d3eef1b42
Secunia Security Advisory 47144
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php-pear. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local, php
systems | linux, redhat
SHA-256 | 831891d2a7c57d61357c62174dd10408dbb0c23a234ac4e502de119dcd09a01d
Secunia Security Advisory 47154
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, redhat
SHA-256 | 28e8115b986ff555bf446aad6afb3c7667da42ccb4ff454f4f6be571203df6a7
Secunia Security Advisory 47130
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | 7f574ddbdd2afa912efd2f0387a4082e936361da864f4b7b87fc7cdbbfe54898
Secunia Security Advisory 47159
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | f8fca53de8e30f4679734338d668e761a7ff3ce3d34816a6366fa2d6923b54f9
Secunia Security Advisory 47161
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 4ae98d22b4622a250bdd67b724b669ad298fd6e2aad02e8fc1c669ed4581cd9b
Secunia Security Advisory 47135
Posted Dec 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for chasen. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, debian
SHA-256 | dee48d0f6beac96d134f34d0b4453c129171ae8dfa7fefc42ee71a35b72f0da1
Debian Security Advisory 2361-1
Posted Dec 8, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2361-1 - It was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2011-4000
SHA-256 | 7bd88d3bec591faa2224cb4e58f7d47583f558d811f90af3b4afa1750e1694c0
Zero Day Initiative Advisory 11-345
Posted Dec 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user

tags | advisory, remote, arbitrary, tcp
SHA-256 | 2f0b0bef4c75980c94c4ba1550763495aa8d02b888a699d46ae959adb180fc1b
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close