what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2012-04-12

Red Hat Security Advisory 2012-0476-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0476-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting flaws were found in the MRG Management Console. An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users.

tags | advisory, local, xss
systems | linux, redhat
advisories | CVE-2012-1575
SHA-256 | d5eab2769660140f969a19cdee386a27d329a8419ba67a06d682313ee33f4a95
Debian Security Advisory 2450-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2012-1182
SHA-256 | e046a9837a078cecc89818dd89c20058b986e8358ee2ed27ad3347a2b66377bc
Ubuntu Security Notice USN-1422-1
Posted Apr 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1422-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
SHA-256 | bf943afabe2b178efa14db2ffd2c372b54a5c09d7ebd314672fb98ad08653599
Ubuntu Security Notice USN-1421-1
Posted Apr 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1421-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
SHA-256 | 8f5ffc23204a00c78465f73eb061c75c15675500d33d72427c6adbb209274eef
Red Hat Security Advisory 2012-0477-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0477-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting flaws were found in the MRG Management Console. An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users.

tags | advisory, local, xss
systems | linux, redhat
advisories | CVE-2012-1575
SHA-256 | 1b63355a9663fd3e79548ef425ffe2f0d6d3bf3197cbe05d7d3ced9af12f8960
Mandriva Linux Security Advisory 2012-057
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-057 - Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144
SHA-256 | c6dbaeb28d98f47816c5648a580b5ce1c3619cc46ce47dcb15e21c9ad4aa4612
Debian Security Advisory 2449-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2449-1 - It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.

tags | advisory, sql injection, python
systems | linux, debian
advisories | CVE-2012-0805
SHA-256 | 3b634c4e6348ffb1a9b2e90c970e4768f1315994bf78cea4adf5af707077012b
Crystal Office Suite 1.43 Buffer Overflow
Posted Apr 12, 2012
Authored by Julien Ahrens, Vulnerability Laboratory | Site vulnerability-lab.com

Crystal Office Suite version 1.43 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 00e9187291df1055fbc476956aad1c96f69a0d2299d6723bf0c988d16d578cdf
Mandriva Linux Security Advisory 2012-056
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-056 - Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0815, CVE-2012-0060, CVE-2012-0061
SHA-256 | 3cce8f594ce82a2d7bc2edb723cc43de307c29149602c95cb21180eb1ae8a462
Oracle Service Applications SQL Injection
Posted Apr 12, 2012
Authored by Mohd. Shadab Siddiqui, Vulnerability Laboratory | Site vulnerability-lab.com

Various Oracle websites appear to suffer from blind SQL injection vulnerabilities. A cross site scripting issue also exists.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | c84df9781055fd52a22321f022e6e8331e5acbf26ea03af8ba9a8d181cd80877
Pastebin.mozilla.org Cross Site Scripting
Posted Apr 12, 2012
Authored by Atmon3r

Pastebin.mozilla.org suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bc8dbbd84e12fba1958623eb29cf7f1b17742a33fdcd9c7e96c98d30892c41d5
Netjuke 1.0 RC1 SQL Injection
Posted Apr 12, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Netjuke version 1.0 RC1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1923b8ce9da9ce0da1df7694b68f18e64f65b651bf8bc5d94dcd1dc4ac512dd6
DHTMLX Suite 3.0 SQL Injection / Cross Site Scripting
Posted Apr 12, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

DHTMLX Suite version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 368268eb4af1dc32228e81f52b2a59ea1e8e6861fad8de12bceb27019a86dc12
Secunia Security Advisory 48793
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | ce6ecc1d1fef148d0b852fd7e04a9acc03a694ccadb1b31975bcca8966568e3d
Secunia Security Advisory 48774
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
systems | linux, suse
SHA-256 | ca21619d87fe821a4d5c90fe44505795af13875ccc587e6cdc2aaaf4a4576c4f
Scrutinizer 8.6.2 Bypass / Cross Site Scripting / SQL Injection
Posted Apr 12, 2012
Authored by Tanya Secker | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-1258, CVE-2012-1259, CVE-2012-1260, CVE-2012-1261
SHA-256 | 86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643
Drupal Autosave 6.x / 7.x Cross Site Request Forgery
Posted Apr 12, 2012
Authored by Ryan Jud Hughes | Site drupal.org

The Drupal Autosave module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | a5010955517768867cfa38f156ec8127f1676c81935ed688afd452e6df38d04e
Drupal Fivestar 6.x Input Validation
Posted Apr 12, 2012
Authored by Ezra Barnett Gildesgame | Site drupal.org

The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.

tags | advisory
SHA-256 | 5e603b28ddbe1a91965a76ce7952b5d0185b5857eec6494e0a37c3d54ff9dd84
Microsoft SQL Server Privilege Escalation / SQL Injection
Posted Apr 12, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.

tags | advisory, sql injection
SHA-256 | b64d5300f1a7ad77731e4342eabd0820c75171ca63e4b9ccb158653ee331263e
WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
Posted Apr 12, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress All-In-One Event Calendar plugin version 1.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-1835
SHA-256 | 3b8eb9270c97fc28a5f090d8f058e8ba0ded6b47444c01a84d736f3dc2552b3e
HP Security Bulletin HPSBPV02754 SSRT100803
Posted Apr 12, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02754 SSRT100803 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. Revision 1 of this advisory.

tags | advisory, virus
advisories | CVE-2012-0133
SHA-256 | aa894cef3a0c2ea1f2d4d52dda2a5961a24ed2dc9729d8ce131a84f0c7de1ae2
SchoolCenter Web Tools 11.0.27 Cross Site Scripting
Posted Apr 12, 2012
Authored by Sony, Flexxpoint

SchoolCenter Web Tools version 11.0.27 suffers from a cross site scripting vulnerability. This is an old issue that was never fixed by the vendor in earlier releases.

tags | exploit, web, xss
SHA-256 | 9c557412d22448c819499d4a9671df660ca09aac0b5f82b040390b919fbe324c
Red Hat Security Advisory 2012-0475-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
SHA-256 | c5af0b87c0d07cfe6780ed6a76d4bce133b1d1406b01562b9076a80e82021b72
Red Hat Security Advisory 2012-0474-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
SHA-256 | dbddb067eea6285ae03840af13f5b96e3c76ac98669cc499d09536c755bea07d
Secunia Security Advisory 48773
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for postgresql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.

tags | advisory, spoof, vulnerability
systems | linux, suse
SHA-256 | ab3ed411529e06370b8e1684e2b6e96cd425a3b96a46fe05460e7a252cb13209
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close