all things security
Showing 1 - 25 of 829 RSS Feed

Files Date: 2011-12-01 to 2011-12-31

Microsoft ASP.NET Forms Authentication Bypass
Posted Dec 30, 2011
Authored by K. Gudinavicius | Site sec-consult.com

Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.

tags | advisory, asp, bypass
advisories | CVE-2011-3416
MD5 | 63981257663cd145e7371de1db9fbfbe
Mandriva Linux Security Advisory 2011-197
Posted Dec 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-4566, CVE-2011-4885
MD5 | 5179d8a626ca4088fe479cf3b48be141
Debian Security Advisory 2263-2
Posted Dec 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2263-2 - Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package.

tags | advisory
systems | linux, debian
MD5 | a0bbab53f114dafaae68a795a8a7fcdd
Debian Security Advisory 2376-1
Posted Dec 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2376-1 - It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2011-4339
MD5 | eea94fc0a18aacd063e5aa41244a2d8d
Reaver-WPS 1.1
Posted Dec 30, 2011
Authored by Craig Heffner | Site code.google.com

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Changes: Fixed getopt bug in x64. Fixed association failure bug.
tags | tool, wireless
systems | unix
MD5 | e073021df56b2e6499f8c894564805eb
Dede CMS SQL Injection
Posted Dec 30, 2011
Authored by Cyber White Hats

Dede CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c7b3ab5e0fe1700f1fba6f1cd1f482ab
Rapidleech Cross Site Scripting
Posted Dec 30, 2011
Authored by Farbod Mahini, H4ckCity Security Team | Site h4ckcity.org

Rapidleech suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 67f3c0ecf7c4805ff2c7cd3d5ba90e9e
WordPress Facebook Page Promoter Lightbox Cross Site Scripting
Posted Dec 30, 2011
Authored by Am!r, H4ckCity Security Team | Site irist.ir

The WordPress Facebook-Page-Promoter-Lightbox plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d343f4ea4071b5f7ea5611cab1fbed77
Secunia Security Advisory 47337
Posted Dec 30, 2011
Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Blog module for DiY-CMS, which can be exploited by malicious people to conduct SQL injection attacks.

MD5 | 39f1d3fc31217898dae3c365cf011d83
Secunia Security Advisory 47368
Posted Dec 30, 2011
Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

MD5 | faa220a2bb8e07ab81d18067338167ba
Secunia Security Advisory 47406
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 5e36d4ef4885d6c60ea99777521ff235
Secunia Security Advisory 47390
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with unknown impact has been reported in the Connections plugin for WordPress.

tags | advisory
MD5 | 1c7a4492884e9816e78c4be088f72b6f
Secunia Security Advisory 47344
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in op5 Monitor, where one has an unknown impact and the other can be exploited by malicious users to disclose certain sensitive information.

tags | advisory, vulnerability
MD5 | 66563c083e6550a4ecba92f45cc702c2
Secunia Security Advisory 47365
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 623350a25eac56ca059c088f7e784c86
Secunia Security Advisory 47417
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in op5 Appliance, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | b14940ab7e3299125550c4045c415783
Secunia Security Advisory 47358
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a weakness in Oracle iPlanet Web Server, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.

tags | advisory, web
MD5 | 2981548a9f1f11849a992480cdf4de86
Secunia Security Advisory 47354
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Neturf eCommerce Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 6e5b21804fea99aedcc113ff4f216a3f
Secunia Security Advisory 47318
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alexander Fuchs has reported a vulnerability in Akiva WebBoard, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | f4da28a78d39e8c6e5ac5b7c58d5f708
Secunia Security Advisory 47391
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Winn Guestbook, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 851e981fdcdd3434832188510b2e71c7
Secunia Security Advisory 47337
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Blog module for DiY-CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 39f1d3fc31217898dae3c365cf011d83
Secunia Security Advisory 47368
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | faa220a2bb8e07ab81d18067338167ba
Open Source CERT Security Advisory 2011.003
Posted Dec 29, 2011
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.

tags | advisory
advisories | CVE-2011-4461, CVE-2011-4838, CVE-2011-4885, CVE-2011-4462, CVE-2011-4815
MD5 | 22dd5e111e5c4f6aa908cc54c3e0e83a
HP Security Bulletin HPSBMU02731 SSRT100518
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02731 SSRT100518 - Potential security vulnerabilities have been identified with HP Database Archiving Software. These vulnerabilities could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-4163, CVE-2011-4164, CVE-2011-4165
MD5 | 5ff8db5eab8775d565444c5b2863a725
Register Plus Redux 3.7.3.1 XSS / SQL Injection / Code Execution
Posted Dec 29, 2011
Authored by MustLive

Register Plus Redux versions 3.7.3.1 and below suffer from cross site scripting, remote SQL injection and code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
MD5 | 5854f76518ef7422568805884e91a5f4
Microsoft Security Bulletin Summary For December, 2011
Posted Dec 29, 2011
Site microsoft.com

This bulletin summary lists a Microsoft security bulletin released for December, 2011.

tags | advisory
MD5 | 2d722e7fb08ffd50618692aa92fc2add
Page 1 of 34
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close