what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2012-03-02

Debian Security Advisory 2423-1
Posted Mar 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2423-1 - Several vulnerabilities were discovered in Movable Type, a blogging system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | f0e9814be0331a938f40f63ac3c4857159dcbb1fe3cbbc05caa3abd88bbac186
SourceForge.net Cross Site Scripting
Posted Mar 2, 2012
Authored by Sony

SourceForge suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c521268603c35e9a59106a24fbac1ed6b0e2fe6943ca5d5ba91a87e9735454b9
Refinery CMS Cross Site Scripting
Posted Mar 2, 2012
Authored by d4g4

Refinery CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 80d6f61550681b6f3435e8e4e3dd82b0c7338fdfebf403a319b613c6e1a8ef08
Drupal CMS 7.12 Cross Site Request Forgery
Posted Mar 2, 2012
Authored by Ivano Binetti

Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | ae9467e5b266b5bab05bcb858e59b252750650d5a297eb119fea3d398a9ed415
Photobucket Cross Site Scripting
Posted Mar 2, 2012
Authored by Sony

Photobucket suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0e35e97015de926e364a868feedd4b6f1602bdd5e1c10088e355eafab2bc2c5d
KoolUploader Shell Upload
Posted Mar 2, 2012
Authored by Daniel Godoy

KoolUploader suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | a4180579d6c1325723ed5a88719959901cf064a7fc3fb5581c4f0816a85571ec
09so Cross Site Scripting
Posted Mar 2, 2012
Authored by Th4 MasK

09so suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | eb7eb9aa515cd9e0bd489631c3776b9dc145e31198d3f96fa2482a0078784915
2Creation SQL Injection
Posted Mar 2, 2012
Authored by Th4 MasK

2Creation suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e1cb8aaa5195677fba7273e6ce2da91cb83516a3485f835484d026347c08bbee
Secunia Security Advisory 47382
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Russ McRee has discovered a vulnerability in Redaxscript, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | ce3cac6d72487aaf3144b4ad8133a511903542d65951d1df00877bb4e167521e
Secunia Security Advisory 48216
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system.

tags | advisory, vulnerability, sql injection
SHA-256 | dc855187183e8855d7daf377672788d6c7f9eec92312cd56f9afe2e4f0ee8f43
Secunia Security Advisory 48243
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libvorbis. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, suse
SHA-256 | 64ddae6a0565bbb00ceebdddc65a49fe07b794320df0e4f0aa177e497b2da9a2
Secunia Security Advisory 48227
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in CMS Builder, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 100a6a792a3895f07dc848c5da2c5af486d3230689bfcc7922731cca1ee0e880
Secunia Security Advisory 48221
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Benjamin Kunz Mejri has discovered multiple vulnerabilities in LDAP Account Manager Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 4e86c8763e3488a7db9f0fef1f9ce003e6322af78fcd6d566e950aa396f66be0
Secunia Security Advisory 48241
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, ruby
SHA-256 | e32c8678ee4a88dea1d37438a438c9f6cf84eb87d5692a4374486c3217ebd3bc
Secunia Security Advisory 48242
Posted Mar 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for ubuntuone-couch. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, ubuntu
SHA-256 | bc1fe7b5a2e7962f72bda7be178855370475e66f71a09a79f5715c6483c517e1
DJ Studio Pro 5.1 .pls Stack Buffer Overflow
Posted Mar 2, 2012
Authored by Sebastien Duquette | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.

tags | exploit, overflow, code execution
advisories | CVE-2009-4656, OSVDB-58159
SHA-256 | 736d166b489b4e31605e79a4de3a5f53718ad11ade2ceb44edb651fb05d2a8dd
Endian UTM Firewall 2.4.x / 2.5.0 CSRF / XSS
Posted Mar 2, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Endian UTM Firewall versions 2.4.x and 2.5.0 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 2034bab8895a54593428c97585032c9590023b375bad65670a46fda01b6396c6
LDAP Account Manager Pro 3.6 Cross Site Scripting
Posted Mar 2, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

LDAP Account Manager Pro version 3.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fa7127c457603662f00c08ba30a681352825cb8ca6e4d69c355d703707cec2eb
httpry Specialized HTTP Packet Sniffer 0.1.7
Posted Mar 2, 2012
Authored by Dumpster Keeper | Site dumpsterventures.com

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.

Changes: This release brings substantial improvements to some existing features. First, IPv6 parsing can now follow extension headers that are present in the captured packets. Second, the rate statistics code has been substantially overhauled to handle an arbitrary number of hosts, along with a couple of additional switches for controlling behavior. Additionally, this release fixes compiling on Mac OS X and adds an optional switch to specify the PID filename.
tags | tool, web, sniffer
systems | unix
SHA-256 | 00debb88f90f79d65dcbcc590c2a1172411f70f9134a9367f29c113594d7b9fa
FlashFXP 4.1.8.1701 Buffer Overflow
Posted Mar 2, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

FlashFXP version 4.1.8.1701 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | c7133acc22d3b090b427cba075d2519b57e0b202a125e163162154bac90fd758
phxEventManager 2.0 Beta 5 SQL Injection
Posted Mar 2, 2012
Authored by skys

phxEventManager version 2.0 beta 5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6ad7d38cfeb4e1e5de32c062417e982cb2b1c0e061735419cc1e6d5826869f6e
Mandriva Linux Security Advisory 2012-028
Posted Mar 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-028 - libxslt allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-3970
SHA-256 | 5e5cd4e181fa0d96d3d9737dbbd2cf7f5ebad0e6ac5483cae947e2da1fd8580f
Ubuntu Security Notice USN-1373-2
Posted Mar 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1373-2 - USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-5035, CVE-2011-3563, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SHA-256 | d63f63cce13067e86594d7b41cc4fcfc48a0a4fe97f8a49fdbb9d9b6da4a1a42
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
SHA-256 | 5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
Ubuntu Security Notice USN-1381-1
Posted Mar 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

tags | advisory, remote, web
systems | linux, ubuntu
SHA-256 | 9e1f9ce73652962531417f98775bc07be0ec25fabd7b9799da1b949109f33276
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close