the original cloud security
Showing 1 - 25 of 36 RSS Feed

Files Date: 2012-04-13

Quest InTrust Annotation Objects Uninitialized Pointer
Posted Apr 13, 2012
Authored by rgod, mr_me | Site metasploit.com

This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.

tags | exploit, activex
systems | windows, vista, 7
advisories | OSVDB-80662
MD5 | a673fc29a3cf976653bc571ec7e98a0f
Ushahidi 2.2 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 13, 2012
Authored by shpendk

Ushahidi version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6d1a4e928cdbf034573555d1915e4be9
Mandriva Linux Security Advisory 2012-058
Posted Apr 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.

tags | advisory, protocol
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2012-0036
MD5 | 34beae45285f6850ee0d22f9391e3383
Apple Security Advisory 2012-04-12-1
Posted Apr 13, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.

tags | advisory, java, web
systems | apple, osx
MD5 | c28f98e570ead87f09589c1d97bcf2f9
ACC PHP eMail 1.1 SQL Injection / Cross Site Scripting
Posted Apr 13, 2012
Authored by the_storm | Site vulnerability-lab.com

AC PHP eMail version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
MD5 | d540a0f627bb07d7606e3d6f66b6d51e
C4kurdGroup CMS SQL Injection
Posted Apr 13, 2012
Authored by Net.Edit0r, BHG Security Center, Tak.fanar

C4kurdGroup CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a7763192e85bb06f1ac882018dfc38ee
Bioly 1.3 Cross Site Scripting / SQL Injection
Posted Apr 13, 2012
Authored by T0xic

Bioly version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | c9ada52d14fd6cb81821b4581a99c4f7
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
Posted Apr 13, 2012
Authored by Gabriel Menezes Nunes

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.

tags | exploit, web, proof of concept, bypass
systems | unix
advisories | CVE-2012-2212, CVE-2012-2213
MD5 | 2a72aa39ac2270394d6cad78bd6d074a
Telco SMTP To SMS/MMS Crypto
Posted Apr 13, 2012
Authored by Champ Clark III

Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.

tags | paper
MD5 | c29898edd3a98bd1b649f060126d2bfe
Building Wireless IDS Systems Using Open Source
Posted Apr 13, 2012
Authored by Champ Clark III

This is a detailed paper on building your own WAP and Wireless IDS system from scratch using open source tools like Kismet, Snort and Sagan.

tags | paper
MD5 | 85d955b3b52de4557858a2105b2e4614
Ubuntu Security Notice USN-1423-1
Posted Apr 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-1182, CVE-2012-1182
MD5 | 7815408a7ea9a2ce91b51f9320e491cf
Debian Security Advisory 2451-1
Posted Apr 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988
MD5 | 2c9a80b47d58210b03775dc110ae6eec
Red Hat Security Advisory 2012-0478-01
Posted Apr 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.

tags | advisory, remote, overflow, arbitrary, root, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
MD5 | 4de037de21a7b4ca59a2da53dfa2ecee
Secunia Security Advisory 48823
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

tags | advisory, vulnerability, xss
MD5 | 591bd470ebc5a6e7f17a2c0162404508
Secunia Security Advisory 48808
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in IP.Board and the IP.Gallery module for IP.Board.

tags | advisory, vulnerability
MD5 | 3a2b4491fe256a7ce881ca91cf2b98c6
Secunia Security Advisory 48781
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
MD5 | 47df27541f19bdd52fb6f59a500ea1ee
Secunia Security Advisory 48759
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Wicd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
MD5 | baceeae39bac8096e6e93ed016e3b2f0
Secunia Security Advisory 48768
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in CGIProxy.

tags | advisory, vulnerability
MD5 | e3f1fee152c9fa9b48c1f33b472c97b6
Secunia Security Advisory 48788
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Fivestar module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 0e364f3710d7b331b2bed67477451202
Secunia Security Advisory 48803
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Minerva Infotech CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 1030137e19d9606e66dd22cdb66c60e7
Secunia Security Advisory 48727
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ewerson Guimaraes has reported some vulnerabilities in Tufin SecureTrack, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 5961391a89ea870de2d37454c094b586
Secunia Security Advisory 48805
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory, vulnerability
systems | linux, suse
MD5 | 4a0c4bf845aa7137ae59cc8508a08d9b
Secunia Security Advisory 48814
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | e8ce96129b3ccf9eac811533e2968927
Secunia Security Advisory 48791
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for tomcat6. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
MD5 | 7d83bee44335c301119e472aa245e3a9
Secunia Security Advisory 48771
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for sqlalchemy. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
systems | linux, debian
MD5 | 7d2dfbe520ecacc09a98d009ac9e68d4
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close