what you don't know can hurt you
Showing 1 - 25 of 35 RSS Feed

Files Date: 2012-05-10

Chevereto nb1.91 Denial Of Service
Posted May 10, 2012
Authored by Akastep

Chevereto version nb1.91 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 278eb39a9ec64e5e66364bef33e41f87
Red Hat Security Advisory 2012-0569-01
Posted May 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
MD5 | e7567837bdd1ff344dc07ce19e08acfa
Red Hat Security Advisory 2012-0568-01
Posted May 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
MD5 | efd6d14bc667a4cbc3fd9abaa8b23cb9
Breakpoint 2012 Call For Papers
Posted May 10, 2012
Authored by bpx | Site ruxconbreakpoint.com

The Breakpoint 2012 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia on October 17th through the 18th, 2012. Breakpoint is organized by the Ruxcon conference team and will offer a specialized and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research.

tags | paper, conference
MD5 | f4310b90befaea776fd4a2cc13680591
Mandriva Linux Security Advisory 2012-072
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-072 - The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a login CSRF issue. Various other issues have also been addressed.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-1491, CVE-2011-1492, CVE-2011-2937, CVE-2011-4078
MD5 | 7f7ad031bd4842fda2bce59bb38f463e
Mandriva Linux Security Advisory 2012-071
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268, CVE-2011-3379, CVE-2011-2483, CVE-2011-4566, CVE-2011-4885, CVE-2012-0788, CVE-2012-0807, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
MD5 | f031e64124033b6bfd062d5ee8bdec36
Mandriva Linux Security Advisory 2012-068-1
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php
systems | linux, mandriva
advisories | CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
MD5 | fbd30f892746721e8d3bfa72c142a844
Apple Security Advisory 2012-05-09-2
Posted May 10, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-09-2 - Safari 5.1.7 is now available and addresses multiple WebKit related vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3046, CVE-2011-3056, CVE-2012-0672, CVE-2012-0676
MD5 | e3c8d877a6f6c73bc4f2f1f2ff79350f
Apple Security Advisory 2012-05-09-1
Posted May 10, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-0241, CVE-2011-1004, CVE-2011-1005, CVE-2011-1167, CVE-2011-1777, CVE-2011-1778, CVE-2011-1944, CVE-2011-2692, CVE-2011-2821, CVE-2011-2834, CVE-2011-2895, CVE-2011-3212, CVE-2011-3328, CVE-2011-3389, CVE-2011-3919, CVE-2011-4566, CVE-2011-4815, CVE-2011-4885, CVE-2012-0036, CVE-2012-0642, CVE-2012-0649, CVE-2012-0651, CVE-2012-0652, CVE-2012-0654, CVE-2012-0655, CVE-2012-0656, CVE-2012-0657, CVE-2012-0658
MD5 | 9614673327dc336467f1b3577177a46e
HP Security Bulletin HPSBMU02775 SSRT100853 2
Posted May 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02775 SSRT100853 2 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 2 of this advisory.

tags | advisory, vulnerability, xss, sql injection
systems | linux, windows, solaris, hpux
advisories | CVE-2012-2007, CVE-2012-2008, CVE-2012-2009
MD5 | 5c5d5ce0325843a52f9e2deb0a494299
MD5 MySQL Brute Forcer
Posted May 10, 2012
Authored by baltazar

This is a simple python script for cracking MySQL MD5 passwords.

tags | cracker, python
MD5 | ddb4580bc5f288eb23c3fc01a239324d
Secunia Security Advisory 49041
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - phocean has reported some vulnerabilities in Kerwin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 70b44d9ef3f9680463817a226828f1d1
Secunia Security Advisory 49053
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

tags | advisory
systems | linux, debian
MD5 | 1754b2d3caaff83c2f9f064c20b73277
Secunia Security Advisory 49046
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
MD5 | ee85a5fb437e5ddee8343f7c13d6a3ae
Secunia Security Advisory 49124
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, suse
MD5 | 4a2d1dcd4e9f9907e5bab4c56f165d25
Secunia Security Advisory 49076
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for java-1_5_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, suse
MD5 | 82776c0c068bb4a7c4cb0f15c76d6504
Secunia Security Advisory 49100
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the User Photo plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 9c9389f3c1097e99952c44614a4a45ba
360-FAAR Firewall Analysis Audit And Repair 0.2.3
Posted May 10, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release significantly updates the Cisco ASA reader and adds support for dbedit object, service and group output, as well as directing dbedit output to file instead of the screen.
tags | tool, perl
systems | unix
MD5 | 887c26ebfbabecedfcb0705791b1a24c
Drupal Take Control 6.x Cross Site Request Forgery
Posted May 10, 2012
Authored by Carl Wiedemann | Site drupal.org

Drupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | 57f5111d66d38a6d2b7d14af53e4341c
Drupal Contact Forms 7.x Access Bypass
Posted May 10, 2012
Authored by Vlad D. | Site drupal.org

Drupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | cbd8adcc321fe8336fceb03ba9576d60
Drupal Glossary 6.x Cross Site Scripting
Posted May 10, 2012
Authored by Dylan Wilder-Tack | Site drupal.org

Drupal Glossary third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 10a1879da919ce045d92161e1a8260d8
Adobe Shockwave Player .dir Memory Corruption
Posted May 10, 2012
Authored by Rodrigo Rubira Branco | Site dissect.pe

Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).

tags | advisory, vulnerability
advisories | CVE-2012-2029, CVE-2012-2030, CVE-2012-2031
MD5 | 26c6cfc8175a4721af8f7b9b7ebdb9a9
Windows Kernel ReadLayoutFile Heap Overflow
Posted May 10, 2012
Authored by Core Security Technologies, Fernando Russ | Site coresecurity.com

Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.

tags | advisory, remote, kernel, local
systems | windows
advisories | CVE-2012-0181
MD5 | 83c65d0bc5653bb984812df522bd38ae
HP Security Bulletin HPSBMU02775 SSRT100853
Posted May 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02775 SSRT100853 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 1 of this advisory.

tags | advisory, vulnerability, xss, sql injection
systems | linux, windows, solaris, hpux
advisories | CVE-2011-2007, CVE-2011-2008, CVE-2011-2009, CVE-2012-2007, CVE-2012-2008, CVE-2012-2009
MD5 | 466ceec15674575098ecfa71091207a2
Chevereto Upload Script suffers from cross site scripting and user enumeration vulnerabilities.
Posted May 10, 2012
Authored by Akastep

Chevreto Upload Script suffers from cross site scripting and user enumeration vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e9616519c5dc0895a6f1dbf269ac933d
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close