what you don't know can hurt you
Showing 1 - 25 of 39 RSS Feed

Files Date: 2012-04-25

Drupal Linkit 7.x Access Bypass
Posted Apr 25, 2012
Authored by PAULAP | Site drupal.org

Drupal Linkit module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 9bbe145ed7491ca1fc1927ed288e72ab
Drupal Spaces 6.x Access Bypass
Posted Apr 25, 2012
Authored by hefox | Site drupal.org

Drupal Spaces module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | a0e65323a6feb362a5dea6546cb783cd
Drupal Site Documentation 6.x Information Disclosure
Posted Apr 25, 2012
Authored by Jakub Suchy | Site drupal.org

Drupal Site Documentation version 6.x suffers from an information disclosure vulnerability.

tags | advisory, info disclosure
MD5 | 0bac11feb0fcbe0ae73e84fba799428a
Drupal Ubercart 6.x / 7.x XSS / PHP Code Execution
Posted Apr 25, 2012
Authored by Shaun Dychko, Dave Long, Lee Rowlands | Site drupal.org

Drupal Ubercart module versions 6.x and 7.x suffers from code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
MD5 | ff71eb672aef49a486d2c1f2b3788e20
Drupal RealName 6.x Cross Site Scripting
Posted Apr 25, 2012
Authored by Gabor Szanto, Dave Reid | Site drupal.org

Drupal RealName module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | c57521846ae2dd9b4cead90007c8aea1
Drupal Creative Commons 6.x Cross Site Scripting
Posted Apr 25, 2012
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Creative Commons module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 28d56aed51f5d8906b3905e4099f478c
Shadow Stream Recorder 3.0.1.7 Buffer Overflow
Posted Apr 25, 2012
Authored by AlpHaNiX, b0telh0 | Site metasploit.com

This Metasploit module exploits a buffer overflow in Shadow Stream Recorder 3.0.1.7. Using the application to open a specially crafted asx file, a buffer overflow may occur to allow arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
MD5 | c4438630e52e139293816f065664b142
MS12-027 MSCOMCTL ActiveX Buffer Overflow
Posted Apr 25, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.

tags | exploit, overflow
advisories | CVE-2012-0158, OSVDB-81125
MD5 | b4c5c91b4736a35e1d97f9898c17abb8
WordPress Organizer 1.2.1 XSS / CSRF / Shell Upload
Posted Apr 25, 2012
Authored by MustLive

WordPress Organizer version 1.2.1 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss, csrf
MD5 | 1636787d421ecc86016d375344c31402
MoroccoTel Default Password
Posted Apr 25, 2012
Authored by Jerome Athias

MoroccoTel boxes suffer from an issue where there is a default password that can be used on the telnet server.

tags | exploit
MD5 | ea72ca9ae12fae7f54519bfaaf0b4c1e
Piwigo 2.3.3 Cross Site Scripting / Directory Traversal
Posted Apr 25, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
advisories | CVE-2012-2208, CVE-2012-2209
MD5 | 9c20eaca5aa405e2516de83c3f7ce43f
mount.cifs chdir() File Identification
Posted Apr 25, 2012
Authored by Jesus Olmos Gonzalez

mount.cifs chdir() allows for arbitrary file identification as root. All versions prior to 5.4 are affected.

tags | exploit, arbitrary, root
MD5 | 41c9373a80e2bccfd96a9841362dc921
Debian Security Advisory 2454-2
Posted Apr 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2454-2 - Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.

tags | advisory
systems | linux, redhat, debian
advisories | CVE-2012-2131
MD5 | 43d97cd52523a968ff8bcfbf62e39090
Red Hat Security Advisory 2012-0523-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0523-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3048
MD5 | 70f43d6c6d94a4924fbca04c53e61a41
Debian Security Advisory 2460-1
Posted Apr 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2460-1 - Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1183, CVE-2012-2414, CVE-2012-2415
MD5 | fef83526e792fcfdd238e452eba66d2e
Red Hat Security Advisory 2012-0522-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0522-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2012-2110
MD5 | 98c16c3c2e454f3241e2ecaf04156f6f
Secunia Security Advisory 48903
Posted Apr 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered some vulnerabilities in Piwigo, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | be8766e3dff8420b4b61b7af823e2fd5
Secunia Security Advisory 48952
Posted Apr 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain sensitive information, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
MD5 | d2dfff2e35bca38d2f51b330a612b681
Secunia Security Advisory 48967
Posted Apr 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities are reported in multiple IBM Rational products, which can be exploited by malicious users to disclose sensitive information and conduct session fixation and script insertion attacks and by malicious people to disclose sensitive information, overwrite arbitrary files, conduct cross-site request forgery and spoofing attacks, and compromise a vulnerable system.

tags | advisory, arbitrary, spoof, vulnerability, csrf
MD5 | b4eb1d1f89abef10c5145e8648f69bae
Secunia Security Advisory 48920
Posted Apr 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for iceape. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | linux, debian
MD5 | e77837fcd011566bee9351c197f8eefb
Debian Security Advisory 2458-1
Posted Apr 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2458-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461, CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479
MD5 | 2467a978550ebb647f3e57a2d5984046
Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
MD5 | 189d8ae1b672374f456cbd82bbd8e382
Mandriva Linux Security Advisory 2012-064
Posted Apr 25, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-064 - It was discovered that the fix for was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-2131
MD5 | e5ea319cb53ccf046b7c53c93f07e5b1
Secunia Security Advisory 48950
Posted Apr 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
MD5 | 8d7891730eaa54cbbf3b3c875f68e11b
Secunia Security Advisory 48968
Posted Apr 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities are reported in multiple IBM Rational products, which can be exploited by malicious users to disclose sensitive information and conduct session fixation and script insertion attacks and by malicious people to disclose sensitive information, overwrite arbitrary files, conduct cross-site request forgery and spoofing attacks, and compromise a vulnerable system.

tags | advisory, arbitrary, spoof, vulnerability, csrf
MD5 | 79ec863119bdfcabfc5a22c8aa2e9c99
Page 1 of 2
Back12Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close