accept no compromises
Showing 1 - 25 of 35 RSS Feed

Files Date: 2012-04-12

Red Hat Security Advisory 2012-0476-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0476-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting flaws were found in the MRG Management Console. An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users.

tags | advisory, local, xss
systems | linux, redhat
advisories | CVE-2012-1575
MD5 | ada85046e9e7acc12b8273312ac56e7e
Debian Security Advisory 2450-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2012-1182
MD5 | 0232dbfbe2509b6299efda8f897c809f
Ubuntu Security Notice USN-1422-1
Posted Apr 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1422-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
MD5 | 80a625bd61690065e71da1f38dee391b
Ubuntu Security Notice USN-1421-1
Posted Apr 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1421-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
MD5 | 092b4b3c453c5618f99a5620594fb119
Red Hat Security Advisory 2012-0477-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0477-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting flaws were found in the MRG Management Console. An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users.

tags | advisory, local, xss
systems | linux, redhat
advisories | CVE-2012-1575
MD5 | 120bb7a37abdd3c283860374b7457fd9
Mandriva Linux Security Advisory 2012-057
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-057 - Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144
MD5 | 8b4f8b11f1d1636e9203539b3f167b0a
Debian Security Advisory 2449-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2449-1 - It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.

tags | advisory, sql injection, python
systems | linux, debian
advisories | CVE-2012-0805
MD5 | a83a1aa2b745a16d260a54006620a73a
Crystal Office Suite 1.43 Buffer Overflow
Posted Apr 12, 2012
Authored by Julien Ahrens | Site vulnerability-lab.com

Crystal Office Suite version 1.43 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 7d883567a56b639b0c85176c16850cb4
Mandriva Linux Security Advisory 2012-056
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-056 - Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0815, CVE-2012-0060, CVE-2012-0061
MD5 | ad33ca9bd77986b59308207e24a1cb5e
Oracle Service Applications SQL Injection
Posted Apr 12, 2012
Authored by Mohd. Shadab Siddiqui | Site vulnerability-lab.com

Various Oracle websites appear to suffer from blind SQL injection vulnerabilities. A cross site scripting issue also exists.

tags | exploit, vulnerability, xss, sql injection
MD5 | 4d1eab972b0b3b4dc3380f3493e8c0b1
Pastebin.mozilla.org Cross Site Scripting
Posted Apr 12, 2012
Authored by Atmon3r

Pastebin.mozilla.org suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 587e4515ffaa9610ab73dc571bb1c84c
Netjuke 1.0 RC1 SQL Injection
Posted Apr 12, 2012
Authored by snup | Site vulnerability-lab.com

Netjuke version 1.0 RC1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fd5b4fe3a088c8679066124024694177
DHTMLX Suite 3.0 SQL Injection / Cross Site Scripting
Posted Apr 12, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

DHTMLX Suite version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 55e35475d1067771621825b92d36662b
Secunia Security Advisory 48793
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
MD5 | aba5bd7e5ab71aa90f4296d2a570b979
Secunia Security Advisory 48774
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
systems | linux, suse
MD5 | fa863aadc40c47565a6a0a8c2d9ae8de
Scrutinizer 8.6.2 Bypass / Cross Site Scripting / SQL Injection
Posted Apr 12, 2012
Authored by Tanya Secker | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-1258, CVE-2012-1259, CVE-2012-1260, CVE-2012-1261
MD5 | 139e0d78c8ca14b9d0067df0efbd1350
Drupal Autosave 6.x / 7.x Cross Site Request Forgery
Posted Apr 12, 2012
Authored by Ryan Jud Hughes | Site drupal.org

The Drupal Autosave module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | cc650f5b9c3d2ea1394025719b28493c
Drupal Fivestar 6.x Input Validation
Posted Apr 12, 2012
Authored by Ezra Barnett Gildesgame | Site drupal.org

The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.

tags | advisory
MD5 | 5f4b7e2e1b30de0ebd209fbe0c410dbb
Microsoft SQL Server Privilege Escalation / SQL Injection
Posted Apr 12, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.

tags | advisory, sql injection
MD5 | 649496660753cbb0f1e8ffa0315af12c
WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
Posted Apr 12, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress All-In-One Event Calendar plugin version 1.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-1835
MD5 | 2c285ca3725b11c88f7bef67b5f27d43
HP Security Bulletin HPSBPV02754 SSRT100803
Posted Apr 12, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02754 SSRT100803 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. Revision 1 of this advisory.

tags | advisory, virus
advisories | CVE-2012-0133
MD5 | dcafa6323275cc35c68640a488f88d47
SchoolCenter Web Tools 11.0.27 Cross Site Scripting
Posted Apr 12, 2012
Authored by Sony, Flexxpoint

SchoolCenter Web Tools version 11.0.27 suffers from a cross site scripting vulnerability. This is an old issue that was never fixed by the vendor in earlier releases.

tags | exploit, web, xss
MD5 | c34de9ab467cb480904f687bb5a6807d
Red Hat Security Advisory 2012-0475-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
MD5 | fcf121c17be50729e55738cd4bbed4db
Red Hat Security Advisory 2012-0474-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
MD5 | 48e9e692c6b6e106f2b2b06b7cf75437
Secunia Security Advisory 48773
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for postgresql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.

tags | advisory, spoof, vulnerability
systems | linux, suse
MD5 | b67cba7a58368628f34560812f274345
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close