what you don't know can hurt you
Showing 1 - 25 of 55 RSS Feed

Files Date: 2012-03-07

Drupal Block Class 7.x Cross Site Scripting
Posted Mar 7, 2012
Authored by Katherine Senzee | Site drupal.org

The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.

tags | advisory, java
MD5 | 92bb61df738055b8e89c3a2cee251eea
Drupal UC PayDutchGroup / WeDeal Payment / Multisite Search Disclosure
Posted Mar 7, 2012
Authored by Justin C. Klein Keane, Rolf Meijer | Site drupal.org

UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.

tags | advisory, arbitrary, sql injection
MD5 | f4ba0336fff0cf8347f4d9492ceebf9d
Drupal Data 6.x-1.x Cross Site Scripting
Posted Mar 7, 2012
Authored by Justin C. Klein Keane | Site drupal.org

The Drupal Data module 6.x-1.x versions prior to 6.x-1.0 suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 571b60cce70fceb377c51462788e551c
HP Security Bulletin HPSBMU02744 SSRT100776
Posted Mar 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02744 SSRT100776 - A potential security vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, hpux
advisories | CVE-2007-1858
MD5 | 6d7af75dcc45a346bff603e545f7735c
HP Security Bulletin HPSBUX02741 SSRT100728 2
Posted Mar 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02741 SSRT100728 2 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2006-7243, CVE-2011-4858, CVE-2011-4885, CVE-2012-0022
MD5 | 9b5a2a8b52f327e43c06f530ea0037af
Fork CMS 3.2.5 Cross Site Scripting
Posted Mar 7, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Fork CMS version 3.2.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-1188
MD5 | a793fe38abe77a92c5a811426f126717
XCon 2012 XFocus Call For Papers
Posted Mar 7, 2012
Site xcon.xfocus.net

Call For Papers for XCon 2012. This conference will take place from August 14th through the 16th, 2012 in Beijing, China.

tags | paper, conference
MD5 | 3aa4b60ccf5d4f405b3415024ab63027
Iciniti Store 4.3.3683.31484 SQL Injection
Posted Mar 7, 2012
Site senseofsecurity.com.au

Iciniti Store version 4.3.3683.31484 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 678cfbacbc9e8bf50e47b22754f7843f
Ubuntu Security Notice USN-1394-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1394-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1927, CVE-2010-4250, CVE-2010-4650, CVE-2011-0006, CVE-2011-0716, CVE-2011-1476, CVE-2011-1477, CVE-2011-1759, CVE-2011-2182, CVE-2011-3619, CVE-2011-4621, CVE-2012-0038, CVE-2012-0044, CVE-2010-4250, CVE-2010-4650, CVE-2011-0006, CVE-2011-0716, CVE-2011-1476, CVE-2011-1477, CVE-2011-1759, CVE-2011-1927, CVE-2011-2182, CVE-2011-3619, CVE-2011-4621, CVE-2012-0038, CVE-2012-0044
MD5 | 949df2a21262fb8d6a914e7f3f1087e3
Debian Security Advisory 2429-1
Posted Mar 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2429-1 - Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492
MD5 | 4b79b8f15eba56b6dbba49f270c8587e
LeKommerce Online Shop SQL Injection
Posted Mar 7, 2012
Authored by Mazt0r

LeKommerce Online Shop suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f7e0ccf7885c65be4fa99dc29e367bcc
Webfolio CMS 1.1.4 Cross Site Scripting
Posted Mar 7, 2012
Authored by Ivano Binetti

Webfolio CMS versions 1.1.4 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5517546d71d97374cc46fbcf9e0f58b1
Ubuntu Security Notice USN-1392-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1392-1 - Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-2182
MD5 | 32907932bae028b4413657850b436711
Ubuntu Security Notice USN-1391-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-0038
MD5 | c2b530d3efba735611e52f2698e95e85
Red Hat Security Advisory 2012-0370-01
Posted Mar 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0370-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2012-0029
MD5 | 1078699cf9fcc11cbf3f4db99c0f93d6
Red Hat Security Advisory 2012-0369-01
Posted Mar 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0369-01 - SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. All users of python-sqlalchemy are advised to upgrade to this updated package, which contains a patch to correct this issue. All running applications using SQLAlchemy must be restarted for this update to take effect.

tags | advisory, sql injection, python
systems | linux, redhat
advisories | CVE-2012-0805
MD5 | d4b47ab8d735c12c9617543f81484b81
Saman Portal Local File Inclusion
Posted Mar 7, 2012
Authored by TMT

Saman Portal suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | eb1eb50e503476ac39e4f12da19a4c43
Introduction To Reverse Engineering x86
Posted Mar 7, 2012
Authored by Daniel Romero Perez

This whitepaper is titled Introduction to Reverse Engineering x86. Written in Spanish.

tags | paper, x86
MD5 | dc8a55e3826610f226c80f90d07e9a5d
Zorp Proxy Firewall Suite 3.9.5
Posted Mar 7, 2012
Authored by Balazs Scheidler | Site balabit.com

Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.

Changes: Various updates.
tags | tool, firewall
systems | unix
MD5 | c6a7bc094788d36938a5707a7dadb19e
ImageFetcher.com SQL Injection
Posted Mar 7, 2012
Authored by AMC

ImageFetcher.com suffers from a remote SQL injection vulnerability. The researcher contacted the site with no luck in getting a response.

tags | exploit, remote, sql injection
MD5 | dca070310d154184f6063396dbd65288
Jobrapido.com Cross Site Scripting
Posted Mar 7, 2012
Authored by Ivano Binetti

Jobrapido.com suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4ad4110fb0512bb336a6e978de8d43e2
Secunia Security Advisory 48257
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for spamdyke. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, gentoo
MD5 | c186fd9f5e7c706785ba490f8d6f1724
Secunia Security Advisory 48251
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, gentoo
MD5 | 9a65f92be85f3ca7afac56d36cb78835
Secunia Security Advisory 48256
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for curl. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, hijack a user's session, manipulate certain data, and can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, gentoo
MD5 | 75abac2503ee0521f7292b4205c3b614
Secunia Security Advisory 48281
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system.

tags | advisory, vulnerability
MD5 | 7b65fb2a43918291d997bca98203a3a6
Page 1 of 3
Back123Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    9 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close