all things security
Showing 1 - 25 of 79 RSS Feed

Files Date: 2012-03-29

SMF 2.0.2 Cross Site Scripting
Posted Mar 29, 2012
Authored by Am!r | Site irist.ir

SMF version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c5e0ecb49aa8d8d8a578adb5b4e8f4d3
OWASP Global AppSec Research (EU) Conference 2012 Call For Papers
Posted Mar 29, 2012
Site easychair.org

In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.

tags | paper, conference
MD5 | 9f4f3e7085f1f95be5fb04a6aa126f36
McAfee Email And Web Security Appliance Session Hijacking
Posted Mar 29, 2012
Authored by Ben Williams | Site ngssoftware.com

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.

tags | advisory, web
MD5 | cb3230483fa1f8d464cc26f666268888
McAfee Email And Web Security Appliance Cross Site Scripting
Posted Mar 29, 2012
Authored by Ben Williams | Site ngssoftware.com

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.

tags | advisory, web, xss
MD5 | e9c4a3579c8bb63b059f6bf6a45bb81a
Gentoo Linux Security Advisory 201203-23
Posted Mar 29, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-23 - Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. Versions less than 0.10.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1162, CVE-2012-1163
MD5 | 403320c6cb1d2be79705bd8016bf8213
Red Hat Security Advisory 2012-0434-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-0773
MD5 | 3d459d774e2e04cdf3242495f3e8338b
Red Hat Security Advisory 2012-0436-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-1145
MD5 | 7bc2c38df6bd4b0e21e1eb8854ab2072
Ubuntu Security Notice USN-1197-8
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
MD5 | d4179aa5a93ad1267412cb0c28036b46
Ubuntu Security Notice USN-1413-1
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-1585
MD5 | 3a639f05ce5dab7a05d651f9bb74a3fc
Ubuntu Security Notice USN-1412-1
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1412-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-3347
MD5 | bfd591fcc4b3f7eea6dfb02fe5b1d4d1
Debian Security Advisory 2444-1
Posted Mar 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.

tags | advisory, python
systems | linux, debian
advisories | CVE-2012-0215
MD5 | ca45296b7fff002f14dc0d731aa481ce
GNU Privacy Guard 2.0.19
Posted Mar 29, 2012
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A space-separated fingerprint is now accepted as a user ID, to ease copying and pasting. The longest key ID available is now used by default. Support for the original HKP keyserver has been dropped. The trustdb is now rebuilt after changing the option "--min-cert-level". The option "--cert-digest-algo" is now honored when creating a cert. Detection of JPEG files has been improved.
tags | tool, encryption
MD5 | 6a8589381ca1b0c1a921e9955f42b016
Quest InTrust 10.4.x File Overwrite
Posted Mar 29, 2012
Authored by rgod | Site retrogod.altervista.org

Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.

tags | exploit, remote, vulnerability, activex, proof of concept
systems | linux
MD5 | 84489670abd3064d7d471a694834f77b
Cisco Security Advisory 20120328-pai
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.

tags | advisory, remote, web, vulnerability
systems | cisco
advisories | CVE-2012-0384
MD5 | 14c30dee7a8969e871b42c1b1d14b890
Cisco Security Advisory 20120328-ssh
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
advisories | CVE-2012-0386
MD5 | a91d87508705fbbed4ab6cf5e057b000
HP Security Bulletin HPSBMU02756 SSRT100596
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02756 SSRT100596 - A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | linux, windows, solaris, hpux
advisories | CVE-2012-0127
MD5 | 949536a4fc366095bf6d8ff6c88fb162
Cisco Security Advisory 20120328-nat
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.

tags | advisory, denial of service, protocol
systems | cisco
advisories | CVE-2012-0383
MD5 | 920c60096f97c3c32d7c7e718116a777
Drupal Activity 6.x XSS Proof Of Concept
Posted Mar 29, 2012
Authored by Justin C. Klein Keane | Site drupal.org

This file documents a proof of concept to demonstrate the cross site scripting vulnerability in the Drupal Activity module version 6.x.

tags | exploit, xss, proof of concept
MD5 | 06f0f6c9900b8d2e1c30702167cfbae9
Drupal Fusion 6.x Cross Site Scripting
Posted Mar 29, 2012
Authored by Justin Emond, Rick Manelius, Abhishek Nagar, Jakub Suchy, Chris Lee | Site drupal.org

The Drupal Fusion module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 675db41d67ee019062147d16786d7f36
Drupal Chaos Tool Suite 7.x Cross Site Scripting
Posted Mar 29, 2012
Authored by Kristof De Jaeger | Site drupal.org

The Drupal Chaos Tool Suite module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 135c8772cfe509459f25952d0d99c8d4
Drupal Organic Groups 6.x Access Bypass
Posted Mar 29, 2012
Authored by John F Galvin | Site drupal.org

The Drupal Organic Groups module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 5181545f707dbaad8cabe1a599726bf5
Seditio Build 161 Cross Site Scripting / Information Disclosure
Posted Mar 29, 2012
Authored by Akastep

Seditio Build 161 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 692d136665369601d145b390f1679b9f
WordPress Deans With Pwwangs Code Shell Upload
Posted Mar 29, 2012
Authored by T0xic

WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 1844a109d8d13c0c80157bc6adaabcf5
Cisco Security Advisory 20120328-mace
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
advisories | CVE-2012-1312, CVE-2012-1314
MD5 | 572bf3bd1463d3f5f39c3e7cb3451a2d
D-Link SecuriCam DCS-5605 Network Surveillance Buffer Overflow
Posted Mar 29, 2012
Authored by rgod | Site retrogod.altervista.org

The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, activex, proof of concept
systems | linux
MD5 | 186fc27b271ab8fae99dc2b6c7e73403
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close