what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2012-04-17

Mandriva Linux Security Advisory 2012-032-1
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed.

tags | advisory, javascript, xss
systems | linux, windows, mandriva, 7
advisories | CVE-2012-0454, CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
MD5 | 1fb57fab41ee6a44aa310f4553584d3d
HP Security Bulletin HPSBOV02762 SSRT100825
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02762 SSRT100825 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2010-1157, CVE-2010-4476, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
MD5 | 92bbc76cd42571f4ab7d96f0c2e36a15
HP Security Bulletin HPSBOV02763 SSRT100826
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02763 SSRT100826 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
advisories | CVE-2006-7243, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2011-0421, CVE-2011-0708, CVE-2011-0752, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1938, CVE-2011-2202, CVE-2011-4885
MD5 | e0ac9fde45049212bb699d5b5c61d6b3
Acuity CMS 2.6.x Cross Site Scripting
Posted Apr 17, 2012
Authored by Aung Khant | Site yehg.net

Acuity CMS version 2.6.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 558c92ff4933285a1cc621fbcf0e5e34
The Source Is A Lie
Posted Apr 17, 2012
Authored by Andreas Nusser | Site sec-consult.com

Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.

tags | paper, java
MD5 | 95c7b6fb02b2acae134655f38d6826c1
HP Security Bulletin HPSBMU02764 SSRT100827
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
MD5 | 230e5876c2c2c77609e110526b8cc06b
Idate.org Cross Site Scripting
Posted Apr 17, 2012
Authored by Atmon3r

Idate.org suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 931fcb2f40ef8cbd274cfe7a1023c23b
Red Hat Security Advisory 2012-0488-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0488-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0864, CVE-2012-1569, CVE-2012-1573
MD5 | f1e17b1405022b76c3461d937ea67009
Red Hat Security Advisory 2012-0481-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0481-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service. A flaw was found in the Linux kernel's cifs_lookup() implementation. POSIX open during lookup should only be supported for regular files. When non-regular files pipe or other special files) are opened on lookup, it could cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat, osx
advisories | CVE-2012-0879, CVE-2012-1090, CVE-2012-1097
MD5 | 61e1fccbc6fda27da4682f62f4be5e78
Red Hat Security Advisory 2012-0480-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0480-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-1583
MD5 | 2391c4986937dafbb1edcdd4caebdd56
Secunia Security Advisory 48872
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 5327d259956ca2f5427421b8c1a6d275
Secunia Security Advisory 48801
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenVMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
MD5 | b50e7953a2cf141e0d50f1b9959c9f4f
Secunia Security Advisory 48802
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Secure Web Server in OpenVMS. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to disclose system and potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, web, denial of service, vulnerability
MD5 | 827ea789762f6149fe57ac9bed9af787
Secunia Security Advisory 48841
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Secure Web Server in OpenVMS. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service), by malicious users to manipulate certain data, and by malicious people to disclose certain system and sensitive information, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, web, denial of service, local, vulnerability
MD5 | 88494f5bfcddcb0da00beaaf890b60a0
Secunia Security Advisory 48862
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ryuzaki Lawlet has reported two vulnerabilities in the Yahoo Answer WordPress Auto Poster plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 10ad7ed7666836e367ba42808924b923
Secunia Security Advisory 48838
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in SocialABC NetworX CMS, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | f76b100bfd420ffb4b099c56f7002cc9
Secunia Security Advisory 48846
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
MD5 | 0de3519e55f73b2648c14d4a6a41c0e5
Secunia Security Advisory 48806
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Phoca Favicon component for Joomla!, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.

tags | advisory, local
MD5 | 42d6f9f2397f62e26ca54f6b51150896
Secunia Security Advisory 48844
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for samba. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, suse
MD5 | 01261297604aa8159358bcf0dc701794
Secunia Security Advisory 48845
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in Ushahidi, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.

tags | advisory, vulnerability, csrf
MD5 | 178ce0fd2a2e0732dbb0814fcece49f5
Secunia Security Advisory 48859
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Munin, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
MD5 | e606f37c1e60a9616654f005ad9041be
Secunia Security Advisory 48848
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Khashayar Fereidani has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 3cca90edeb2ff597371146e55c670fda
ETeamPass 2.1.5 Cross Site Scripting
Posted Apr 17, 2012
Authored by Marcos Garcia

ETeamPass version 2.1.5 suffers from a persistent cross site scripting vulnerability in users.queries.php.

tags | exploit, php, xss
advisories | CVE-2012-2234
MD5 | ba25e668a223f0c1642b47ccd325c072
Mandriva Linux Security Advisory 2012-059
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-059 - It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. The updated packages have been patched to correct this issue.

tags | advisory, sql injection
systems | linux, mandriva
advisories | CVE-2012-0805
MD5 | 108cc463bd3a7084c17f49189d85ea3c
V-CMS PHP File Upload And Execute
Posted Apr 17, 2012
Authored by sinn3r, AutoSec Tools | Site metasploit.com

This Metasploit module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inline_image_upload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script (such as PHP) without authentication, and then execute it with a GET request. The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as one of those extension names, which may still be leveraged in an attack.

tags | exploit, web, php
advisories | CVE-2011-4828
MD5 | 7dc5df6cc48f5dcc39d54d0e93805fdd
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close