what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2012-05-29

Asterisk Project Security Advisory - AST-2012-008
Posted May 29, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.

tags | advisory, remote, denial of service
advisories | CVE-2012-2948
MD5 | e5bbb9c38534065f766274d2c055497d
Asterisk Project Security Advisory - AST-2012-007
Posted May 29, 2012
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class.

tags | advisory
advisories | CVE-2012-2947
MD5 | b42ab63005025daa63e9cb6fd1a5db15
VAMCart-InternetShop 0.9 File Upload Code Execution
Posted May 29, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 0.9 of VAMCart and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit, remote
MD5 | 712471955c8549eb8b347b1f11910b35
VAMCart-InternetShop 0.9 Cross Site Request Forgery / Shell Upload
Posted May 29, 2012
Authored by KedAns-Dz

VANCart-InternetShop version 0.9 suffers from cross site request forgery and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, csrf
MD5 | 44d0afad4e124cd8d4727d10945f04b9
PBBoard 2.1.4 Cross Site Request Forgery
Posted May 29, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits multiple cross site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 to allow for arbitrary file upload / command execution.

tags | exploit, arbitrary, php, vulnerability, file upload, csrf
advisories | CVE-2012-1216, OSVDB-79218
MD5 | 624b2eb3fa1a5923ea797f192a74fe87
SCLIntra Enterprise SQL Injection / Authentication Bypass
Posted May 29, 2012
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

Multiple SQL injection vectors and an authentication bypass were discovered in SCLIntra Enterprise. An attacker can leverage this flaw to bypass authentication to the application or to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. SCLogic SCLIntra Enterprise version 5.5.2 on Windows 2003 is affected.

tags | advisory, arbitrary, sql injection
systems | windows
MD5 | 32a3c18ed6a6020ac4fba84296394069
MPlayer SAMI Subtitle File Buffer Overflow
Posted May 29, 2012
Authored by juan vazquez, Jacques Louw | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.

tags | exploit, overflow
advisories | OSVDB-74604
MD5 | f0b1098a17d77ade6837c0e5682add3f
Debian Security Advisory 2480-2
Posted May 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2480-2 - It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl.

tags | advisory
systems | linux, debian
MD5 | e4aa2478fbf7e764244023d072013d17
Red Hat Security Advisory 2012-0699-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0699-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2333
MD5 | b5042fff90ca1be47e86def5eb3f6a5c
Red Hat Security Advisory 2012-0690-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0690-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2012-2136
MD5 | 0eafb51e78df3c7eedebd68b3e6d01da
Mandriva Linux Security Advisory 2012-084
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-084 - ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-1679, CVE-2011-1680
MD5 | 0d86316871228077dc9f06fac7f939ae
Mandriva Linux Security Advisory 2012-083
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-083 - Multiple vulnerabilities have been discovered and corrected in util-linux. mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1675, CVE-2011-1677
MD5 | 807f5eabab62268adf6dce47aa1fb275
PBBoard 2.1.4 SQL Injection
Posted May 29, 2012
Authored by loneferret

PBBoard version 2.1.4 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | a261dac4ff07c081764718b12cfb45fc
OpenDNSSEC 1.4.0a2
Posted May 29, 2012
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: This alpha release features a new signer with AXFR and IXFR for both the input and output adapters.
tags | tool
systems | unix
MD5 | a64d96c29f96e515b07eb0056e6bda41
GNU SASL 1.8.0
Posted May 29, 2012
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: This is a new major stable release. SAML20 support following RFC 6595. OPENID20 support following RFC 6616. SMTP server examples (e.g. for SCRAM, SAML20, and OPENID20). Various cleanups, portability fixes, and other bugfixes. The API and ABI are fully backwards compatible with version 1.6.x.
tags | imap, library
systems | unix
MD5 | 982fe54a20016aa46a871c084c990c36
Secunia Security Advisory 49291
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, suse
MD5 | ff34f1ab36c5a1c14d74bc64c303fcc0
Secunia Security Advisory 49296
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in TopicsViewer, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 2c67574055d13a8b4b479aa750743ffd
Secunia Security Advisory 49292
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for jakarta-poi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, suse
MD5 | 8affdd705109bff1a890db1a6d761703
Secunia Security Advisory 46841
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, python
systems | linux, suse
MD5 | 46125902f1fdf5102baa4c03c8d5b739
Secunia Security Advisory 49298
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in Yamamah, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 1bfef6519bc30472bb9f5fd09f4fdbaa
Secunia Security Advisory 49301
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in TFTPD32, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 76e0f39ac74ba25b5a7d3699d39b296f
Secunia Security Advisory 49299
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in WinRadius, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 45c103c384c0a5a78db7d3ffe81cef60
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close