what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2012-03-26

Mandriva Linux Security Advisory 2012-038
Posted Mar 26, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-038 - The implementation of Cryptographic Message Syntax and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack adaptive chosen ciphertext attack. The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, crypto
systems | linux, mandriva
advisories | CVE-2012-0884, CVE-2012-1165
MD5 | f4a72b486a3e05769f6e164ff30c6861
PcwRunAs 0.4 Password Obfuscation Design Flaw
Posted Mar 26, 2012
Authored by otr

The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.

tags | exploit, local
advisories | CVE-2012-1793
MD5 | cccadcae9e833c363605398616a5e1ac
Family CMS 2.9 Cross Site Scripting / Cross Site Request Forgery
Posted Mar 26, 2012
Authored by Ahmed Elhady Mohamed

Family CMS versions 2.9 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | c4f9b066cba3bcb164343efa0294340f
Wolf CMS 0.75 Persistent Cross Site Scripting
Posted Mar 26, 2012
Authored by Ivano Binetti

Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d93e9d6e7ff361004636b062e227ca10
TFTP Fuzzer Script
Posted Mar 26, 2012
Authored by TheXero | Site nullsecurity.net

This is a master TFTP fuzzing script that is part of the ftools series of fuzzers.

tags | tool, fuzzer
MD5 | d3b7780cecd148956c6ef097c75ad678
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow
Posted Mar 26, 2012
Authored by sinn3r, Julien Ahrens | Site metasploit.com

This Metasploit module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP service. By supplying a long string of data to the USER command, it is possible to trigger a stack-based buffer overflow, which allows remote code execution under the context of the user. Please note that in order to trigger the vulnerability, the server must be configured with a log file name (by default, it's disabled).

tags | exploit, remote, overflow, code execution
advisories | OSVDB-79691
MD5 | acb1cb60592fd8ca65bfe9f0d3cb4ed6
UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
Posted Mar 26, 2012
Authored by noperand | Site metasploit.com

This Metasploit module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.

tags | exploit, overflow, tcp, protocol
advisories | CVE-2008-0610, OSVDB-42840
MD5 | 187a1b201d8fc6474c89373387e08e1b
FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
Posted Mar 26, 2012
Authored by muts | Site metasploit.com

This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.

tags | exploit, remote, php, code execution
MD5 | 44e25c24b624d2b2538fc4e1e7c41efc
Debian Security Advisory 2442-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2442-1 - It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service.

tags | advisory, denial of service, udp, spoof
systems | linux, debian
advisories | CVE-2010-5077
MD5 | b0bea3cf0642bc19e0c010490f184312
Red Hat Security Advisory 2012-0422-01
Posted Mar 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0422-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-0045, CVE-2012-0207
MD5 | d630d4c19f3dbbd8c7b6ae828704abe6
Red Hat Security Advisory 2012-0421-01
Posted Mar 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0421-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual machines running Red Hat Enterprise Linux and Microsoft Windows. These packages also include the Red Hat Enterprise Virtualization Manager REST API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker who is able to access the Red Hat Enterprise Virtualization Manager REST API submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.

tags | advisory, remote, xxe
systems | linux, redhat, windows
advisories | CVE-2012-0818
MD5 | 0625e7a4593d0f9525692d899282f927
Secunia Security Advisory 48514
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Forumon RPG module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 6a48d48f2ebc3a90ed1fe262d2671efb
Secunia Security Advisory 48490
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the vbActivity module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | a26226362fd96b8ae99fb7a5bfbe09b2
Secunia Security Advisory 48522
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in vBDownloads module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 4af81d5db5e393c670e6240782d31d7f
Secunia Security Advisory 48521
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in vBQuiz module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 5364aa0fe5d5b42029e1ed21a8666493
Secunia Security Advisory 48555
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi IT Operations Director, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | dd09f1710962d3801e5909ee5577018b
Secunia Security Advisory 48557
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AppSec has reported a vulnerability with an unknown impact in NetFront Life Browser for Android.

tags | advisory
MD5 | 657c1d997e8e629c9c8308b806fcc5c3
Secunia Security Advisory 48561
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

tags | advisory, vulnerability, xss
MD5 | 17848d93bd45a0df01ecd08ef7b2a7d1
Secunia Security Advisory 48519
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the vBShout module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | dbd90e38756b84cf126beda9d930ba76
Secunia Security Advisory 48550
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpFox, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 11ad31818892f73e3060fae46b4f7fc2
Secunia Security Advisory 48556
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi IT Operations Analyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | cc0c7ccf61840a1297fe6445698ed219
Secunia Security Advisory 48506
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | cd4e71b5c11d6c4ade754a5d1116dad5
Zoho Planner Cross Site Scripting
Posted Mar 26, 2012
Authored by Sony, Flexxpoint

Zoho Planner suffers from cross site scripting and frame injection vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 4e71ac5f066ce4e800f0d4e117fd01f4
Debian Security Advisory 2441-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2441-1 - Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1573
MD5 | fa34c6fcce4f02ffb1e2da5749b77c8b
Gentoo Linux Security Advisory 201203-19
Posted Mar 26, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-19 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 17.0.963.83 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3031, CVE-2011-3032, CVE-2011-3033, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3046, CVE-2011-3047, CVE-2011-3049, CVE-2011-3050, CVE-2011-3051, CVE-2011-3052, CVE-2011-3053, CVE-2011-3054, CVE-2011-3055, CVE-2011-3056, CVE-2011-3057
MD5 | 4bf90019dd267bb4e5019c05a8d19b2e
Page 1 of 2
Back12Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    19 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close