exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2012-03-26

Mandriva Linux Security Advisory 2012-038
Posted Mar 26, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-038 - The implementation of Cryptographic Message Syntax and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack adaptive chosen ciphertext attack. The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cryptography
systems | linux, mandriva
advisories | CVE-2012-0884, CVE-2012-1165
SHA-256 | 39adc297298f941be7a71d3df5bf4130fda4950b19b1987d86909215135fc84e
PcwRunAs 0.4 Password Obfuscation Design Flaw
Posted Mar 26, 2012
Authored by otr

The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.

tags | exploit, local
advisories | CVE-2012-1793
SHA-256 | 811b545d5083c227c56986dbdeeac60ef0a1b6690230618e3d3b76f311c4ab12
Family CMS 2.9 Cross Site Scripting / Cross Site Request Forgery
Posted Mar 26, 2012
Authored by Ahmed Elhady Mohamed

Family CMS versions 2.9 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 1ec7f405de63ef5f7838d32c96dbfa4b6d6603c64200b6d6fa5153eb534bef34
Wolf CMS 0.75 Persistent Cross Site Scripting
Posted Mar 26, 2012
Authored by Ivano Binetti

Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bf5531ebf0d1f42a147d86f362d0405a209a4ad6e8e3ce3b8be40adb10d4cde7
TFTP Fuzzer Script
Posted Mar 26, 2012
Authored by TheXero | Site nullsecurity.net

This is a master TFTP fuzzing script that is part of the ftools series of fuzzers.

tags | tool, fuzzer
SHA-256 | 755340a7bf126ffa85a75b665f2ab8d8bbce4423a7d9465e50f20688867b3732
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow
Posted Mar 26, 2012
Authored by sinn3r, Julien Ahrens | Site metasploit.com

This Metasploit module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP service. By supplying a long string of data to the USER command, it is possible to trigger a stack-based buffer overflow, which allows remote code execution under the context of the user. Please note that in order to trigger the vulnerability, the server must be configured with a log file name (by default, it's disabled).

tags | exploit, remote, overflow, code execution
advisories | OSVDB-79691
SHA-256 | 2e39652db0079e5ca51125d0179fc236f418207928058994109116189eadb542
UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
Posted Mar 26, 2012
Authored by noperand | Site metasploit.com

This Metasploit module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.

tags | exploit, overflow, tcp, protocol
advisories | CVE-2008-0610, OSVDB-42840
SHA-256 | b357e9030ba561108d1415577377c438445c6d1ccdf5a6b60eef2ab3f927b9c6
FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
Posted Mar 26, 2012
Authored by muts | Site metasploit.com

This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.

tags | exploit, remote, php, code execution
SHA-256 | 732f9a89390a847e9a30d1b733961bd71e76e38457ac805770011388b929d0cc
Debian Security Advisory 2442-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2442-1 - It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the attackers, causing a denial of service.

tags | advisory, denial of service, udp, spoof
systems | linux, debian
advisories | CVE-2010-5077
SHA-256 | 166405c343a62447054887b514c7422c9276487f77785e57c1acff05c5a547af
Red Hat Security Advisory 2012-0422-01
Posted Mar 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0422-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-0045, CVE-2012-0207
SHA-256 | e7c086b0a89043ce5cf76161bb765ad57ed42473aa9dd693872c06322bb113dc
Red Hat Security Advisory 2012-0421-01
Posted Mar 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0421-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual machines running Red Hat Enterprise Linux and Microsoft Windows. These packages also include the Red Hat Enterprise Virtualization Manager REST API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker who is able to access the Red Hat Enterprise Virtualization Manager REST API submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.

tags | advisory, remote, xxe
systems | linux, redhat, windows
advisories | CVE-2012-0818
SHA-256 | d2a9d377caafb6815fcd666dfd9df10b3dff9a2401747a63f81e7690560814dd
Secunia Security Advisory 48514
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Forumon RPG module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | d34a4d87607f1cf2a8e2a9dec65cf2e623fa53d546b9cb7b5e7eba5a072e83bd
Secunia Security Advisory 48490
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the vbActivity module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 452f7af43dde598400e8e88bcbb142b6777031c9e5395045a4c70fd6fdccd43b
Secunia Security Advisory 48522
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in vBDownloads module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | e4a4d7ae09e9f7c2694101bde84a27ccc58b30e0093c4c0cb6ea001711c44290
Secunia Security Advisory 48521
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in vBQuiz module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | fa2b15f3579a9ff0c32932007c9abc76f37e58f9e1b5a418290ee753a202d5d2
Secunia Security Advisory 48555
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi IT Operations Director, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 972e7484c494340fe5074d0f2f918fc163f8f06c3d3320b9533c24cbbefbe179
Secunia Security Advisory 48557
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AppSec has reported a vulnerability with an unknown impact in NetFront Life Browser for Android.

tags | advisory
SHA-256 | 0e60f6d3c1a2b503a2b1a37acce97f3d87efa8e24e2e04a6e3b9410fb46f891f
Secunia Security Advisory 48561
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 0410941d9d633185bda972492b9182b52205ddf54c93490c64bbf999a678392f
Secunia Security Advisory 48519
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the vBShout module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 53d3a58e6deaf7f9a2a3879a53f2fb5735e9b8d35d6376292284087b33251272
Secunia Security Advisory 48550
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpFox, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 54cb7899c90588b079f2cdee96b4c9bf889bf809489c12c0baf2f956d870851a
Secunia Security Advisory 48556
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi IT Operations Analyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 055f9f461ce2e8132158b40bf968074da5b54b27e62b0b0c7038f723404570d3
Secunia Security Advisory 48506
Posted Mar 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | f8cc21cb5b4eefd8c458a9b853bd117fd2c3b6d8f7cb23e78b738eed4070fb66
Zoho Planner Cross Site Scripting
Posted Mar 26, 2012
Authored by Sony, Flexxpoint

Zoho Planner suffers from cross site scripting and frame injection vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | ebec7c05f7c94155b4b5e0444c1f1b110c3b8fd5737d4d82613b4821e0b15118
Debian Security Advisory 2441-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2441-1 - Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1573
SHA-256 | 690f867c71731206fff72ab4bafa9f0529944655d907dd39409cf4b4d883bf9b
Gentoo Linux Security Advisory 201203-19
Posted Mar 26, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-19 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 17.0.963.83 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3031, CVE-2011-3032, CVE-2011-3033, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3046, CVE-2011-3047, CVE-2011-3049, CVE-2011-3050, CVE-2011-3051, CVE-2011-3052, CVE-2011-3053, CVE-2011-3054, CVE-2011-3055, CVE-2011-3056, CVE-2011-3057
SHA-256 | 440cdfa12706ebebbec2b59646911b2b2907dbbb3827c81284d3833c1ed0021a
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close