exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2012-05-22

Ubuntu Security Notice USN-1449-1
Posted May 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1449-1 - It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2921
SHA-256 | 6a3a1b00e46dc08727ec76015083bbe2e5e84e541d19baf4809755132656980b
Secunia Security Advisory 49184
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 84ad631eaad8e93aa01ed016f4bf8ebc1339698b604f9179ccbc79daa2ff13a4
Secunia Security Advisory 49273
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for postgresql and postgresql84. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.

tags | advisory, spoof, vulnerability
systems | linux, redhat
SHA-256 | 7058494f56898b57ca07ab66e400d0b65013338fc9b181ff46100fe8883c47e6
Secunia Security Advisory 49272
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for postgresql. This fixes two vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to manipulate certain data.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 4f8f0b568be7999936c2a92aca35054d5886d5b32b080621a58ca6219d011a3c
Secunia Security Advisory 49270
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Web Server. This fixes multiple weakness, two security issues, and multiple vulnerabilities, which can be exploited by malicious, local users and malicious people to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service).

tags | advisory, web, denial of service, local, vulnerability
systems | linux, redhat
SHA-256 | e9e5e0e75c58e86968b38ab83fbdd35ef6194688be6b3386b9c063dbda5d72dd
PHP CGI Argument Injection
Posted May 22, 2012
Authored by Mostafa Azizi

PHP CGI argument injection remote exploit version 0.3. Works on versions up to 5.3.12 and 5.4.2.

tags | exploit, remote, cgi, php
advisories | CVE-2012-1823
SHA-256 | c1ea06d9cffa10420a9d1187939611b8d7ae8fbca94540c697ed77e8bcca021e
Secunia Security Advisory 49258
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, ubuntu
SHA-256 | de81efc353cc1d81580a4cc54586d7dbfa61e4075a5065ec3387124dcc535db7
Secunia Security Advisory 49214
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Astaro has issued an update for openssl. This fixes some vulnerabilities, which have unknown impacts.

tags | advisory, vulnerability
SHA-256 | d74361c510b7e90e0c2644ec604784e99b4fcadff4e89ad2a6a8224d8dd2e215
Secunia Security Advisory 49215
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Henry Hoggard has discovered two vulnerabilities in the FirstLastNames plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | fe16c5441ce5847fe1298a294977bad6550638d56c644f24d316763ae60dcdfa
Secunia Security Advisory 49261
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HAProxy, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
SHA-256 | 2d8aeab6f64e417a22b9135863162f97104c207e66fd443e77b98ab24b02ed70
Secunia Security Advisory 49260
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mosh, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 776236892d7028235c66c87189f21389dd1d1df019bf6936e4858e68a810acf8
Secunia Security Advisory 49269
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for bind-dyndb-ldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 8b50f01398b9d683c729ae407de2d0ec528787aa5ce0517235a8fd070255498e
Nmap Port Scanner 6.00
Posted May 22, 2012
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: NSE has been enhanced, there is better web scanning, full IPv6 support added, a new nping tool, better zenmap gui, and faster scans. First major release since 2009.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
SHA-256 | 54a6978fdaae8c9a83798016669aebaf82c92f549478b0be940844cd0189258e
Mandriva Linux Security Advisory 2012-079
Posted May 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-079 - A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2337
SHA-256 | aa97ab426de40e17d32a9ab4b7f3c51d0d0f09c2b398834825656f46d2a75c7f
Yandex.Server 2010 9.0 Enterprise Cross Site Scripting
Posted May 22, 2012
Authored by MustLive

Yandex.Server version 2010 9.0 Enterprise suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7be25af2c11de6d35265a9dbf7c47a1f05b8735eb5b46f23a2623887426bfcfd
FlexNet License Server Manager lmgrd Buffer Overflow
Posted May 22, 2012
Authored by Luigi Auriemma, sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.

tags | exploit, overflow
advisories | OSVDB-81899
SHA-256 | 2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669
Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
Posted May 22, 2012
Authored by bannedit, Francisco Falcon | Site metasploit.com

This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-55614
SHA-256 | 009165bbb7f39c130705ca1779b5bf21f2c3fd6f324d13329ecce60c590e0dcc
HP StorageWorks P4000 Virtual SAN Appliance Command Execution
Posted May 22, 2012
Authored by Nicolas Gregoire, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 9.5. By using a default account credential, it is possible to inject arbitrary commands as part of a ping request via port 13838.

tags | exploit, arbitrary
SHA-256 | 1f354fd80321e3a8c75c32db994ccf7fbd51de54814d94d9641e5bfccae9d6f6
Active Collab "chat module" 2.3.8 Remote PHP Code Injection
Posted May 22, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab by abusing a preg_replace() using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in activecollab/application/modules/chat/functions/html_to_text.php.

tags | exploit, arbitrary, php
advisories | OSVDB-81966
SHA-256 | dc407149c6ca0f8de287ff88144c5d975efe9da8376d1ec83d0a3d2bd4d18f90
Debian Security Advisory 2476-1
Posted May 22, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2476-1 - intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2369
SHA-256 | e57ae6aa0760a5f43cc903ff3100cee9013a4fa2821d2834ae9efeb3bd7cf380
Ubuntu Security Notice USN-1448-1
Posted May 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1448-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-1601, CVE-2012-2123, CVE-2012-1601, CVE-2012-2123
SHA-256 | 9eb4c8e14c0b23d7f2e789a0cc933a87ebbf7d4b85cda35ca1ad7bcc543dadf3
Ubuntu Security Notice USN-1447-1
Posted May 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3102
SHA-256 | ff75da73d756437f5b6ffa8976743570d87fd97f5dd934cc2d3190340c09d3dc
Red Hat Security Advisory 2012-0683-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0683-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN. This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-2134
SHA-256 | a0bb807657aa4121778e2cad43904858659ee8efe0bbd651d2a059e6b4d9c116
Red Hat Security Advisory 2012-0681-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0681-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | 476d8682a9dc81de542af39a135df9462d83db56715407ea95d50226c75892c0
Red Hat Security Advisory 2012-0679-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0679-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | 69361321d1bf1682c0efc1e8e0c3abaf9cf424352789563207afb0732798160f
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close