what you don't know can hurt you
Showing 1 - 25 of 44 RSS Feed

Files Date: 2011-12-13

RSA Adaptive Authentication Security Fix
Posted Dec 13, 2011
Site emc.com

An issue with RSA Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the Device Recovery capability and Device Identification used by the defined policy.

tags | advisory
advisories | CVE-2011-2741, CVE-2011-2742
SHA-256 | 6ff0906cd0a9a6a6154410f613b726bbb204a06a00455e14ef18b111baa522f6
Zero Day Initiative Advisory 11-346
Posted Dec 13, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3413
SHA-256 | e70a0b6b137b62f85620a58469fdf28c264299614af24c86f139d85673534a41
Microsoft Security Bulletin Summary For December, 2011
Posted Dec 13, 2011
Site microsoft.com

This bulletin summary lists 13 Microsoft security bulletins released for December, 2011.

tags | advisory
SHA-256 | 18ad451024fea8e2036982e74af239ca16bc99787de18705168bc1182e6c63ea
Pulse Pro CMS 1.7.2 Cross Site Scripting
Posted Dec 13, 2011
Authored by d3v1l, RandomStorm

Pulse Pro CMS version 1.7.2 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7ac8b17da44b732b9b90bd09f91ffc20f29f62b91f7658435d9276d8d927ea3d
Ubuntu Security Notice USN-1305-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1305-1 - David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2011-4596
SHA-256 | f84f44b31aadbdecd709f8bf9fc1bd56df308540113ec0f59b7e4946f5bb2641
Faculte SQL Injection
Posted Dec 13, 2011
Authored by Th4 MasK

Faculte suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b1f51062912e66889bce1041634f968380ede406aedf5e9975d55ab092099082
Google Open Redirects
Posted Dec 13, 2011
Authored by Riyaz Walikar

Two additional open redirects have been discovered under google.com.

tags | exploit
SHA-256 | bbfc0a480b7dc05e10c1976807a555b3da5b314d4ad5afc42fb6f791b6f5330d
Exploiting glibc __tzfile_read Part II
Posted Dec 13, 2011
Authored by Ramon de C Valle

This is a follow-up document that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.

tags | paper, overflow
SHA-256 | 9fa157a07080306dfb186dfc7d65fae1fe12c4ff8c7beeb94a90bd9698026603
Exploiting glibc __tzfile_read Integer Overflow To Buffer Overflow And Vsftpd
Posted Dec 13, 2011
Authored by Ramon de C Valle | Site rcvalle.com

This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.

tags | paper, overflow
SHA-256 | aa2f52177ccb0dba0def1cbf1e6bb31a25c445b615e0289658b51067f794493e
Ubuntu Security Notice USN-1304-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1304-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4087, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
SHA-256 | 6d2a20967eadf3aba427c6e36f59f62b119e6c705633091d9326357f7fb00aec
Ubuntu Security Notice USN-1303-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1303-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
SHA-256 | 12c1953500d71f26c59ebcdc9a73ed35de3b2b65402d19d430823d934b100a8e
CoDeSys SCADA 2.3 Webserver Stack Buffer Overflow
Posted Dec 13, 2011
Authored by sinn3r, TecR0c, Celil Unuver | Site metasploit.com

This Metasploit module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.

tags | exploit, remote, web, overflow
SHA-256 | 9380ae1d770450dec8ad28bbf0b92b9e420e8cda38119169c69b13c41f6b845a
Traq 2.3 Authentication Bypass / Remote Code Execution
Posted Dec 13, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.

tags | exploit, arbitrary, php
SHA-256 | dffc7356e911b26d771f5011bfe215352e628f842cedc4e8945c25cf29569ed8
An Analysis Of Facebook Spam Through Browser Extensions
Posted Dec 13, 2011
Authored by Prajwal Panchmahalkar

This whitepaper is an analysis of Facebook spam exploited through browser add-ons and extensions.

tags | paper
SHA-256 | 91576af3134da07c2321d8ec9dd4396eead6ebe286c6b3d979382854cf8fb814
Ubuntu Security Notice USN-1302-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1302-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
SHA-256 | c12d1ac14c6a1deacb430f530bad9934b8dd23b2ac72d692da1422fe585dfd31
Fork CMS 3.1.5 Cross Site Scripting
Posted Dec 13, 2011
Authored by d3v1l, RandomStorm

Fork CMS version 3.1.5 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ce9a1264ed0a258fa8e69b7087ad7b548a63a7017062b50ae45a1bde1d9dbc79
Unprotecting The Crypter - A Generic Approach
Posted Dec 13, 2011
Authored by Arunpreet Singh

Whitepaper called Unprotecting the Crypter, a Generic Approach. It discusses how crypters work and unpacking malware.

tags | paper
SHA-256 | 937196e8fab2e4560c58ff7b754f08781822ad6da74fc0f1e72386234ca1d6ef
Sterling Trader Data Processing Buffer Overflow
Posted Dec 13, 2011
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Sterling Trader, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in Base.exe when processing network requests (code 176). This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to a certain TCP port. Successful exploitation allows execution of arbitrary code, but requires guessing the TCP port, which is dynamically assigned. Version 7.0.2 is affected.

tags | advisory, overflow, arbitrary, tcp
advisories | CVE-2011-3842
SHA-256 | 4bba5165e1e1a29e14507788d3f4a83164273e1104b6b0be79ccc37695952d76
Ubuntu Security Notice USN-1299-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1299-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326, CVE-2011-4330
SHA-256 | dd49738f3b31a161fdf267ef2d52086ca3d699a28a01af294cf1352dcb5d5daa
Ubuntu Security Notice USN-1301-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1301-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4330
SHA-256 | df053b32fc395fc3b94d1f22ffaff0def1d3243827b64674a61ed5aae30b4d53
Ubuntu Security Notice USN-1300-1
Posted Dec 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1300-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2011-4077, CVE-2011-4132, CVE-2011-4330
SHA-256 | 1fc7f990b9172fbe0e94f350e2a02fb9c5aeb94ca6f4c4f5af3fb373b94fee5a
Secunia Security Advisory 47098
Posted Dec 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 5275138bef0d3b310d70091bc19119dab7e26922df7ce952bdf31404b4cbff35
Secunia Security Advisory 47126
Posted Dec 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | c5343b3d5a14c559b97c0562b6521c9952eaf490dc1a5c60f879a3ef53923042
Secunia Security Advisory 47189
Posted Dec 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-fsl-imx51. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | a63a41e8f14147c666b7b67f33d7f9032775bd2b0e396a28b3a23e93ec9630d3
Secunia Security Advisory 47194
Posted Dec 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-natty. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | 0e72ca798c8a0e7bdb723135fdb5aa24ab3aebc9c1f2168166dba4cde3a8dd9e
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close