exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

Files Date: 2012-03-16

Ubuntu Security Notice USN-1400-2
Posted Mar 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-2 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.

tags | advisory, remote, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464
SHA-256 | 5b55ea6fffee26c72843021b56e71cfb46a31c56e38ee3b9f75b058db2e502a3
Ubuntu Security Notice USN-1400-1
Posted Mar 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-1 - Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464, CVE-2012-0451, CVE-2012-0455, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 6ec8a17ac5494f22879ac72d2367bc10e24938596bb360d6ddb0c7b09b2668c5
Gentoo Linux Security Advisory 201203-18
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-18 - An insecure temporary file usage has been reported in Minitube, possibly allowing symlink attacks. Versions less than 1.6 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 4aa557eb42c10556e6493ca6c243fafa89d234f04fc2a916923cd9222c767625
Gentoo Linux Security Advisory 201203-17
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-17 - Multiple vulnerabilities have been found in HPLIP, the worst of which may allow execution of arbitrary code. Versions less than 3.11.10 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-4267, CVE-2011-2722
SHA-256 | 1cf360d6a926fd492c93a38d373ac1bdd8f3f1a39245024188f17cc21707bb28
Gentoo Linux Security Advisory 201203-16
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-16 - Multiple vulnerabilities in ModPlug could result in execution of arbitrary code or Denial of Service. Versions less than 0.8.8.4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1574, CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915
SHA-256 | 76a2a3df8bd33cb70e3c22cb995f3166fc734691230e522011e0cc99e5b85f83
Gentoo Linux Security Advisory 201203-15
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-15 - Multiple vulnerabilities have been found in gif2png, the worst of which might allow execution of arbitrary code. Versions less than 2.5.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-4694, CVE-2010-4695
SHA-256 | 8a397fa1e661394cba4da8da2652a15bef30a769ec2508d443be785b80861d88
Gentoo Linux Security Advisory 201203-14
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-14 - Multiple vulnerabilities in Audacious Plugins could result in execution of arbitrary code or Denial of Service. Versions below 3.1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915
SHA-256 | f6076cf29eba79c3ee0f14372a4e07c2f8ffddd7174f4c76e8c208325347c26c
Gentoo Linux Security Advisory 201203-13
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-13 - Multiple vulnerabilities in Openswan may create a Denial of Service condition. Versions less than 2.6.37 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2147, CVE-2011-4073
SHA-256 | f5a0e55e7b9a8299853a525870453ba514b748a569cfbe010a5cf5277cc73d46
Clam Antivirus Toolkit 0.97.4
Posted Mar 16, 2012
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This release includes minor bugfixes, detection improvements, and initial support for on-access scanning under Mac OS X. This update is recommended for all users.
tags | tool, virus
systems | unix
SHA-256 | 958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53
Secunia Security Advisory 48387
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VMware vSphere Client, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 8fde9aae78f4db2bd953968207ca57aad66dedc8f634fb335f02e77150d7889d
Secunia Security Advisory 48419
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | e7f26e2c4b5f57c4debfd08dcdb382198b66c87bc3377ff075df52f311a51c54
Secunia Security Advisory 48388
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Quagga, where some have unknown impacts and others can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 54b6cd76dfec7bbc165c322cd0e9908876ff2d1a463fdf26eaff5a1d64a06b6e
Secunia Security Advisory 48378
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
SHA-256 | deae48d7235bbce9a5f7b5684aac71570271bff60c69fa08217d2ac948299c1e
Secunia Security Advisory 48441
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for hplip. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to manipulate certain data and by malicious people to compromise a vulnerable system.

tags | advisory, local
systems | linux, gentoo
SHA-256 | 82fdd57d57fbc66e6a64283bfce07a593fd4672455fc54cae4b6881c3821564a
Secunia Security Advisory 48444
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in multiple VMware products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | e3b7401e2187aa3ffcc80d33d6d61edf911b2548ab7b2f9cc4558f58d913827a
Secunia Security Advisory 48437
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for gif2png. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
systems | linux, gentoo
SHA-256 | f2825b34ff724334bd12e780e6382105a46083698de91b742c679cce483f9b8c
Secunia Security Advisory 48440
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for minitube. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, gentoo
SHA-256 | 1f12a8a30a7f0af1b1ddc98f4ade69ae19759db16ce694fe32baa436b5abbc0e
Secunia Security Advisory 48439
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for audacious-plugins. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | c6d765f7a238ec6c731f85c42b64fff31e9b28c7927f80f5fc41c9c8ee71cdf4
lshell 0.9.15.1
Posted Mar 16, 2012
Authored by Ignace Mouzannar | Site lshell.ghantoos.org

lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.

Changes: This release corrects a serious bug allowing a user to spawn another shell and get out from the restricted shell.
tags | tool, shell
systems | unix
SHA-256 | 722aef41b53db2df3a5846004d0fc7f7782457a51f15e043cc0000d6f9268148
Asterisk Project Security Advisory - AST-2012-003
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.

tags | advisory, remote, web, overflow
SHA-256 | e2f289b1d1ccc150638cf55526ad03a0ade669586f6824d9491acd1c5b1f3e05
Asterisk Project Security Advisory - AST-2012-002
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.

tags | advisory, overflow
SHA-256 | afe6cdb34e7dea854787ea6f21b9eaf0bb2776d9c897bab9bde9b63eb1091487
Citrix License Server 11.6.1 Build 10007 CSRF
Posted Mar 16, 2012
Authored by Knud, Rune | Site nsense.fi

Citrix License Server version 11.6.1 build 10007 suffers from cross site request forgery and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, csrf
SHA-256 | 2b9104ba28bdb97b62d26b0a430b574efb2a5eae5fd46f35c16cc5d5c118453b
Mobile.free.fr Cross Site Scripting
Posted Mar 16, 2012
Authored by Atmon3r

Mobile.free.fr suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1a2e1e41411e6703b28efd0074d8c126869cc9ebdb5b254b431e0adc670bd84e
JPM Article Script 6 SQL Injection
Posted Mar 16, 2012
Authored by the_storm, Vulnerability Laboratory | Site vulnerability-lab.com

JPM Article Script 6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 145578d740ba90ce511926a99cf32acad7fcd157e63d4077a17c2b07e93a7438
Zero Day Initiative Advisory 12-044
Posted Mar 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.

tags | advisory, remote, arbitrary, code execution, protocol
advisories | CVE-2012-0002
SHA-256 | 10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77e
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close