the original cloud security
Showing 1 - 25 of 33 RSS Feed

Files Date: 2012-05-03

Ubuntu Security Notice USN-1438-1
Posted May 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1438-1 - Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2101
MD5 | d199185a7a415cf104440e353bad1743
Microsoft Security Bulletin Advance Notification For May, 2012
Posted May 3, 2012
Site microsoft.com

This is an advance notification of 7 security bulletins that Microsoft is intending to release on May 8, 2012.

tags | advisory
MD5 | b3f3babb7e0a8086b464d020ebb8203e
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
MD5 | 7bb6fa53ebc04c577e47228a696aaba5
Joomla 2.5.4 Cross Site Scripting
Posted May 3, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

Joomla version 2.5.4 suffers from a cross site scripting vulnerability in the administrative sysinfo page.

tags | exploit, xss
advisories | CVE-2012-2412
MD5 | 17a3b6890babbd1c67d14005a7cd4e11
Ransack Post Exploitation Tool
Posted May 3, 2012
Authored by Jesus Oquendo

Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.

tags | tool, root, forensics
MD5 | 0962e2345c1f5dbab439c0b85f04748f
iNeat SQL Injection
Posted May 3, 2012
Authored by the_cyber_nuxbie

iNeat suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9c811a9209bcca6c9dc06c595c315982
Android 2.3.7 SQLite Disclosure
Posted May 3, 2012
Authored by Roee Hay

SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.

tags | advisory, info disclosure
MD5 | 64654c20829d05716e2aff1208cffd22
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
MD5 | 2a1b0bca846a966a56f662f855ced9fb
VMware Security Advisory 2012-0009
Posted May 3, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0009 - VMware Workstation, Player, ESXi and ESX patches address critical security issues.

tags | advisory
advisories | CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450
MD5 | cac128bd45014db931256ea9576965ed
AnvSoft Any Video Converter 4.3.6 Stack Overflow
Posted May 3, 2012
Authored by cikumel, y0k

AnvSoft Any Video Converter version 4.3.6 suffers from a stack overflow vulnerability.

tags | exploit, overflow
MD5 | a6631c0580f81378935cad46510f0989
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Posted May 3, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.

tags | exploit, remote, shell, code execution, activex
MD5 | bbac038f59ff5043622883a24f875349
VLC MMS Stream Handling Buffer Overflow
Posted May 3, 2012
Authored by sinn3r, juan vazquez, Florent Hochwelker | Site metasploit.com

This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.

tags | exploit, overflow
advisories | CVE-2012-1775, OSVDB-80188
MD5 | a970745bd46aead19ab89a07e5992369
Joomla 1.5.26 ja_purity Cross Site Scripting
Posted May 3, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template.

tags | exploit, xss
advisories | CVE-2012-2413
MD5 | 27da82ecd8ff206a83c29d3f06faeb11
Lynx Message Server 7.11.10.2 Cross Site Scripting / SQL Injection
Posted May 3, 2012
Authored by Mark Lachniet, David Reflexia | Site foofus.net

Lynx Message Server version 7.11.10.2 and/or LynxTCPService version 1.1.62 suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6d803bf0e07f5d68065ad43a449da3a7
Tor Proxy Bypass Via Firefox
Posted May 3, 2012
Authored by Robert Ransom

A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do.

tags | advisory, local, bypass
MD5 | 3d0dc16b806e4802155630b7b630bde1
Fortinet FortiWeb WAF Policy Bypass
Posted May 3, 2012
Authored by Geffrey Velasquez

Fortinet FortiWeb Web Application Firewall suffers from a policy bypass vulnerability.

tags | exploit, web, bypass
MD5 | 61dfdcde6b9e51b01885b9c667f603ab
Drupal Core 7.x Denial Of Service / Access Bypass
Posted May 3, 2012
Site drupal.org

Core functionality of Drupal 7.x suffers from denial of service and access bypass vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2012-1588, CVE-2012-1589, CVE-2012-1590, CVE-2012-1591
MD5 | 3415ff0111c0f267a36bbbfdaedcd904
Debian Security Advisory 2464-1
Posted May 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479
MD5 | c9607dfd8172997168aae3a5d82cd4b2
Debian Security Advisory 2462-2
Posted May 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2462-2 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. The initial update introduced a regression, which could lead to errors when processing some JPEG files.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-0259, CVE-2012-0260, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798
MD5 | 82d2058d89a2839d7ca2021af788cd8f
Secunia Security Advisory 48931
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - RedTeam Pentesting has discovered a vulnerability in Decoda, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 6cbf720824df9e201c7ccec58f9882e8
Secunia Security Advisory 49017
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
MD5 | 9206fd2a5dc336204c7761f7a6c82fed
Secunia Security Advisory 48990
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local, perl
MD5 | c698b47b7d3243b12da4776460edf7ff
Secunia Security Advisory 49023
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 90be679741b8f7c1a2351988a5afaee1
Secunia Security Advisory 49052
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 0da0d8db85ab6a5754f93b0e74629e63
Secunia Security Advisory 49021
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | windows
MD5 | 98bed3cdb5841b25b107a2de7b33e66a
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close