what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 58 RSS Feed

Files Date: 2012-05-15

Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting
Posted May 15, 2012
Authored by Ivano Binetti

Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-2629
SHA-256 | daa8d0259edfa6917251458ec8feee6e73ca1be25f190863aaad8ff8d1d9f8ad
Apple Quicktime .pct Parsing Memory Corruption
Posted May 15, 2012
Authored by Rodrigo Rubira Branco

Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.

tags | advisory
systems | windows, apple
advisories | CVE-2012-0671
SHA-256 | 177743c04df027711accb6be0442f662c763f68ae3e958ab54e44b32c5cdd929
Liferay 6.1 Cross Site Request Forgery
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.

tags | exploit, proof of concept, csrf
systems | linux
SHA-256 | f0c48ee96cb75fd2a8d5d59f4b09ac01709712a9b3fbfe5a377400b30d006239
Mandriva Linux Security Advisory 2012-076
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3973, CVE-2011-3974, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579, CVE-2012-0853, CVE-2012-0858
SHA-256 | cbe20e763ddb60533e4aa2c0372e6d26d0fcf0e0faa767ddc8c8e5d69b7d5216
Apple Security Advisory 2012-05-14-2
Posted May 15, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

tags | advisory
systems | apple
SHA-256 | a18bf4afd49f0790a7800f00c7179cc923a3890a42c7c396c63645d35c123d0d
SVG Java Execution Trigger
Posted May 15, 2012
Authored by Nicolas Gregoire

Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.

tags | exploit, java, code execution, proof of concept
systems | linux
SHA-256 | d11b15fccafdf18190f23d0b7a7f20f25dfc6fada15ef8cba05227b1c2721da0
Liferay 6.1 Name / Email Address Disclosure
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.

tags | exploit, proof of concept, info disclosure
systems | linux
SHA-256 | ffa34db28244865608548350015903d37722b844554e14ccaf7d8347188e784a
Apple Security Advisory 2012-05-14-1
Posted May 15, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.

tags | advisory
systems | apple
SHA-256 | ff2f94e0d38ea69f36970a1ad604758214b956d4b4c5ef71810c7ef1ed9fd7ef
Mandriva Linux Security Advisory 2012-075
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
SHA-256 | a0a8eba7465a48df476d1df9722497c093dac6a589b1c042b115c0aad4fae55b
Liferay 5.x / 6.x Cross Site Scripting
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 34af56ed2e0c1df197bdb004a38aeb7ac850fd1cbd8725029cf4808908941dcb
TunInfo SQL Injection
Posted May 15, 2012
Authored by the_cyber_nuxbie

TunInfo suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4a59fc93674e2ccf46017e9be39bf95524691b89ff019df71f9f1a7efca4130c
Liferay 6.1 No Account Access Bypass
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.

tags | exploit, proof of concept, bypass
systems | linux
SHA-256 | 6619bfbbf1dbfa7eb563e65bcabfac916b63c4ac1431da326cb548fddb4f5fdd
Multimedia Builder 4.9.8 Denial Of Service
Posted May 15, 2012
Authored by Ahmed Elhady Mohamed

Multimedia Builder version 4.9.8 denial of service exploit that creates a malicious .mef file.

tags | exploit, denial of service
SHA-256 | 63a67975d994e1f50ae5d8977e3410cb4b3b122a865bbea9840fb034cf5d4fb0
OpenDNSSEC 1.3.8
Posted May 15, 2012
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: 'ods-signer update' now reloads signconfs even if the zonelist has not changed. The Signer Engine now allow for classless IN-ADDR.ARPA names (RFC 2317). Enforcer now has indexes for foreign keys in the kasp DB (SQLite only, MySQL already has them) Signer Engine warns if it is in signer configuration but ods-auditor is not installed. If key export in ods-ksmutil finds nothing to do, it now says so rather than displaying nothing, which might be misinterpreted. A problem in Signer Engine where TTL on NSEC(3) was not updated on SOA Minimum change was fixed, as was a problem with "ods-ksmutil zone delete --all".
tags | tool
systems | unix
SHA-256 | 9b795e382fcc6135553f5f2c96f60aac2d76ce101e018dfe5d3bc9bc771975d9
Ubuntu Security Notice USN-1441-1
Posted May 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0250, CVE-2012-0255, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
SHA-256 | 5d00061ebbf37190e2a234ed2e926b9591981ccaf98e5bc04f27356da0113e72
Red Hat Security Advisory 2012-0670-01
Posted May 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-4086, CVE-2012-2123
SHA-256 | c88db0a1f1b7343e27cc22e518f7258062840aebeea6f425936d381a312cd433
Red Hat Security Advisory 2012-0571-01
Posted May 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0571-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A local, unprivileged user on a KVM host could use this flaw to crash the host.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-4086, CVE-2012-1601
SHA-256 | 1410f3b7136c37ec0494b578f722198e2419cd69f0b58f7948f10dba37dc0d35
Gentoo Linux Security Advisory 201205-01
Posted May 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201205-1 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 18.0.1025.168 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3078, CVE-2011-3081, CVE-2012-1521
SHA-256 | db0550b1dade0d9a98afaf2ac750b0ae9a7a263dc2df65218f71b0b47bb9c75d
WordPress Track That Stat 1.0.8 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress Track That Stat plugin version 1.0.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5a6daeb646f993bbddc6cecbab8b06964dbc93311c048a41703ec53244a0e630
Bluelog Bluetooth Scanner/Logger 1.0.3
Posted May 15, 2012
Authored by Tom Nardi | Site digifail.com

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.

Changes: This release focuses on improving support for non-PC targets, including initial support for the Pwnie Express Pwn Plug. Other improvements include syslog-only mode and timestamped log filenames.
tags | tool, web, wireless
systems | unix
SHA-256 | 6a40fae819245a8180ecb0d36ba689948dbcd9d8dab2d60158accd6401f51f1c
SoftHSM 1.3.3
Posted May 15, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: This release increases performance by adding more indexes to the database, describes the usage of SO and the user PIN in the README, and detects whether a C++ compiler is missing.
tags | library
systems | unix
SHA-256 | da49d971f971ef35f420da7ccf4f3213c7266f61b1fcdf41e09d8886cfb7804c
Mandriva Linux Security Advisory 2012-074
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-074 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
SHA-256 | 84d6c91018ca31f8f470c32ca860e11e8ebe2e0ced01c5cd91935701ad5dcc51
WordPress 2 Click Social Media Buttons 0.32.2 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress 2 Click Social Media Buttons plugin version 0.32.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6c7ccc1383af1cf29f09a39587e09fe7a5a977588d37b1c70f135d5e4d828a54
WordPress CataBlog 1.6 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress CataBlog plugin version 1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | eebcfe5853a6a0d2dc6e18646b5ea9d74a1a3b3c13f654b3d64737d5c8c4fb31
WordPress CodeStyling Localization 1.99.16 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress CodeStyling Localization plugin version 1.99.16 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7fbf33ce44b247637fd88fe38ab57d6bb8824fce18edf5215a5cdfa80fc5a26f
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close