what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 66 RSS Feed

Files Date: 2012-01-24

Red Hat Security Advisory 2012-0061-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0061-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-0056
SHA-256 | e40b8b8aaddc8e2fe581d83de354223aa3949157644b6f2661a2d8f354618f40
Red Hat Security Advisory 2012-0062-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | a926a8831f5e655d16df1e35d4dd911ee1b2e36511144fac9a380ee7434eb26a
Red Hat Security Advisory 2012-0060-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0060-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
SHA-256 | 626386dc502d12fc29e4780f91473a6509e4ce82830fd07413d30317383f9ba0
Red Hat Security Advisory 2012-0058-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0058-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2011-4609
SHA-256 | d4d1780461ee1cfaa9d79baa47a009d2377c5860a1e2cf3da7318da99a2c5585
Red Hat Security Advisory 2012-0059-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619
SHA-256 | 637d4b3792e367e77118dadf6e654fba56f63a5136cbc78f5b4bd3c1b6efa812
Ubuntu Security Notice USN-1346-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0036
SHA-256 | 0b171085fe24790e993a5cb1a612f7517c2b818e647d6a61a9fbb85732a32b7d
Joomla Jesubmit Shell Upload
Posted Jan 24, 2012
Authored by Robert Cooper

The Joomla Jesubmit component suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 29af3fc4b0a2b9a9d16ad59beb1c5c43ec83ab4061b5971281917734046c5f7a
A Backdoor In The Next Generation Active Directory
Posted Jan 24, 2012
Authored by Dmitriy Evteev

This is a brief whitepaper called A Backdoor in the Next Generation Active Directory.

tags | paper
SHA-256 | dd040be0d2bdc00e6d0cbeedaaf496611de0e99e0335d67ebeebc9aaca01a674
Stoneware WebNetwork6 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 24, 2012
Authored by Jacob Holcomb

Stoneware WebNetwork6 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-0285, CVE-2012-0286
SHA-256 | ac0ef67138ba1a287f0c436322ad782d25a6ed168c6ee0e5da1cae3818db9078
Linux 64-Bit Stack Pointer Underflow
Posted Jan 24, 2012
Authored by teach

Local root exploit for Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms that leverages a flaw in the compat_alloc_user_space functions.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2010-3081
SHA-256 | 52fc8b565f2f099df29e7cd463956b7151a8c113162ee3862f5988242751213f
Linux 2.6.18 udp_sendmsg Local Root
Posted Jan 24, 2012
Authored by teach

Local root exploit that affects Linux kernel versions up to 2.6.18. It takes advantage of a flaw in the udp_sendmsg function.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2009-2698
SHA-256 | 5f8fab9df021ada7f06193064a65502d568ab2c8b92783556af8c144bc279b53
Ultimate Locator SQL Injection
Posted Jan 24, 2012
Authored by Robert Cooper

Ultimate Locator suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 429137160b75a3f7b44e26a49eca96e4b881cd161ab809fadbc9afb392402d56
Alkon Consulting Group SQL Injection
Posted Jan 24, 2012
Authored by Skote Vahshat

Alkon Consulting Group suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a551f13148cf96a084c9c8bebc5a521b641d35550dd9f4e83a519b39ca931098
DataArmor / DriveArmor Privilege Escalation
Posted Jan 24, 2012
Authored by Stuart Passe | Site ngssoftware.com

DataArmor versions 3.0.10 and above and DriveArmor versions 3.0.0 and above suffer from restricted environment breakout, privilege escalation and full disk encryption vulnerabilities.

tags | advisory, vulnerability
SHA-256 | b41ef1f168f30852ea4d0d4812fadcaa0d376c38f648c6c50c2dac11f4b25ebe
UltraPlayer 2.112 Buffer Overflow
Posted Jan 24, 2012
Authored by KedAns-Dz

UltraPlayer version 2.112 stack buffer overflow exploit that creates a malicious .m3u file that will trigger a reverse shell.

tags | exploit, overflow, shell
SHA-256 | 96294503f8bfddc167c2244a8894cb4cb8d4325bf34e9db7b30dd6d1cc1a5420
UltraPlayer 2.112 Denial Of Service
Posted Jan 24, 2012
Authored by KedAns-Dz

UltraPlayer version 2.112 local crash exploit that creates a malicious .avi file.

tags | exploit, local
SHA-256 | 9f43265703ad1b56d80101b2fa1124c6d41e5f3b00ba5fb5e1b81d34b128b091
Nuit Du Hack 2012 Call For Papers
Posted Jan 24, 2012
Authored by Nuit Du Hack CFP

The Nuit Du Hack Call For Papers has been announced. It will be held June 23rd, 2012 at the Disneyland Paris Conference Centre.

tags | paper, conference
SHA-256 | a0f919adae1a937df9ef4d9001bdfa8f3d03517f6313946efff965263f7b0f8a
Ubuntu Security Notice USN-1343-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
SHA-256 | b320552fd3ebcdce074815e44c55cd3a05de20c7d4838165adb6112d9accbbbf
Ubuntu Security Notice USN-1345-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1345-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2203, CVE-2011-4110
SHA-256 | c5e2c5ccabf794f03dfb9229198594f7253ed79ba331f08d1ef2aa77b46bb0dd
Ubuntu Security Notice USN-1344-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1344-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-2203, CVE-2011-4110
SHA-256 | b59d95f9f986e002c805f641ed404a6ad915b27e325adde2cf5cd116b992ac73
glFusion CMS 1.2.2 Shell Upload / SQL Injection
Posted Jan 24, 2012
Authored by KedAns-Dz

glFusion CMS version 1.2.2 suffers from shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | ad6bb126a05811ea0372f50995944d0c7147bd0aaab64e41a724c0997e704a2d
Dark D0rk3r 0.4
Posted Jan 24, 2012
Authored by baltazar

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.

Changes: Various updates.
tags | tool, local, scanner, sql injection, python, file inclusion
systems | unix
SHA-256 | 2cd563268ad9d548cc3b7f95e276dc7556b79d410ef730c9500bb9188a4e6032
Joomla Advert SQL Injection
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Advert component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 81cab28625f0eb9d311e7f4d3861afb736dfd548b50019d0ac273dc6b5ad4e1d
Joomla Welcome Local File Inclusion
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Welcome component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 0590bb0049f025aaa2b5ea192496b02b6887354ffada0aba32cad18400dd4e11
Joomla Funny News Local File Inclusion
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Funny News component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 74e908aafa50d33d30058118b6764f1dbb9ba0264712adca05a55644718eaf10
Page 1 of 3
Back123Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close