seeing is believing
Showing 1 - 17 of 17 RSS Feed

Files Date: 2012-05-06

Mandriva Linux Security Advisory 2012-070
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-070 - A file existence disclosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
MD5 | 640015dbb9e334517799f9c5ccc440ea
Webrelations SQL Injection
Posted May 6, 2012
Authored by Kalashinkov3

Webrelations suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bb8b55c66f8d8b0aaf2bf9ad7ecbf59b
Trombinoscope 3.5 SQL Injection
Posted May 6, 2012
Authored by Ramdan Yantu

Trombinoscope versions 3.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c7e5572009386ba5088ca63848fb2f38
Kerweb / Kerwin Cross Site Scripting
Posted May 6, 2012
Authored by phocean

Kerweb versions prior to 3.0.1 and Kerwin versions prior to 6.0.1 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-1990
MD5 | 524026565981836a50fd20b5f57ea575
PHP CGI Injection
Posted May 6, 2012
Authored by rayh4c

PHP CGI argument injection exploit that executes phpinfo.

tags | exploit, cgi, php
advisories | CVE-2012-1823
MD5 | 862c0243e7b14725d86c9d324d6c7a10
Symantec Web Gateway Cross Site Scripting
Posted May 6, 2012
Authored by B00y@

Symantec Web Gateway suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 95d16b9c1093fb7e4c3860aeee4e9e99
Netzob 0.3.2
Posted May 6, 2012
Site netzob.org

Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).

Changes: This release includes some major changes since the first and latest stable release (0.3.1). It offers better stability and quality while providing multiple major enhancements. Starting from this release, a Gentoo ebuild is available.
tags | tool, web, tcp, protocol
systems | unix
MD5 | 2d129a4680a6d492938635abf7500eea
Mandriva Linux Security Advisory 2012-069
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-069 - A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
MD5 | d69472912b4c9f639f947f72c301f442
iOS Application (In)Security
Posted May 6, 2012
Authored by Dominic Chell | Site mdsec.co.uk

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

tags | paper, vulnerability
systems | cisco, apple, iphone
MD5 | 8527c3e88bfed9bdffcf0bcf1dbd7036
WordPress 3.2.2 Stored Cross Site Scripting
Posted May 6, 2012
Authored by L3b-r1'z

WordPress version 3.2.2 may suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | bdecc55bb3af905169a01b4517725cd0
MYRE Real Estate Mobile 2012|2 Cross Site Scripting / SQL Injection
Posted May 6, 2012
Authored by the_storm | Site vulnerability-lab.com

MYRE Real Estate Mobile 2012|2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 29dcf4fce6a7a497dedbd4d176ab7ff3
VMware Backdoor Response Uninitialized Memory Potential VM Break
Posted May 6, 2012
Authored by Derek Soeder

The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution.

tags | exploit, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2012-1516
MD5 | 2ef8f66ab0e238a9620ce20fe03c5f8f
Solarwinds Storage Manager 5.1.0 SQL Injection
Posted May 6, 2012
Authored by muts, r@b13$, sinn3r | Site metasploit.com

This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.

tags | exploit, web, root, sql injection
advisories | OSVDB-81634
MD5 | 9675737ed83ba23e80c220423bc6b736
PHP CGI Argument Injection
Posted May 6, 2012
Site metasploit.com

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."

tags | exploit, shell, cgi, php, code execution
advisories | CVE-2012-1823, OSVDB-81633
MD5 | 5ca5165adfa6f997cb7925bf7f9ad0e5
Ubuntu Security Notice USN-1430-3
Posted May 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1430-3 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2011-1187, CVE-2012-0479, CVE-2011-1187, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479
MD5 | 44c8432293df264f1afe3ab0b5589293
Debian Security Advisory 2459-2
Posted May 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2459-2 - The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations.

tags | advisory, memory leak
systems | linux, debian
MD5 | 5095afa51d00ac16ccca45fe30b0cebe
Ubuntu Security Notice USN-1437-1
Posted May 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1437-1 - It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable.

tags | advisory, remote, web, arbitrary, cgi, php
systems | linux, ubuntu
advisories | CVE-2012-1823, CVE-2012-2311
MD5 | f95c2470ba2ffaa16a3faf7c8d5255ef
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close