what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2012-05-29

Asterisk Project Security Advisory - AST-2012-008
Posted May 29, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.

tags | advisory, remote, denial of service
advisories | CVE-2012-2948
SHA-256 | 0ffad12f4ee7638c64029cbf2387da33862ed3926680288d1303b12b6023069e
Asterisk Project Security Advisory - AST-2012-007
Posted May 29, 2012
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class.

tags | advisory
advisories | CVE-2012-2947
SHA-256 | 58df312830538efb7064340b0ec5a2811f9dbc943e1ac2e4e461efa35a6bc391
VAMCart-InternetShop 0.9 File Upload Code Execution
Posted May 29, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 0.9 of VAMCart and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit, remote
SHA-256 | 2f631d7a476c9b413ae2de8686ab1f98d4e0e9c4ff4f224e34949b05e6bbf3c0
VAMCart-InternetShop 0.9 Cross Site Request Forgery / Shell Upload
Posted May 29, 2012
Authored by KedAns-Dz

VANCart-InternetShop version 0.9 suffers from cross site request forgery and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, csrf
SHA-256 | a3d1a0eb4bb484d54b974426fd346ef862dfc26b4788bc1577f86886d324b2b8
PBBoard 2.1.4 Cross Site Request Forgery
Posted May 29, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits multiple cross site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 to allow for arbitrary file upload / command execution.

tags | exploit, arbitrary, php, vulnerability, file upload, csrf
advisories | CVE-2012-1216, OSVDB-79218
SHA-256 | f39d87cd2d0ecdc33b13e8ce46c0cbdb325accad08219c2178ea9f86295312c7
SCLIntra Enterprise SQL Injection / Authentication Bypass
Posted May 29, 2012
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

Multiple SQL injection vectors and an authentication bypass were discovered in SCLIntra Enterprise. An attacker can leverage this flaw to bypass authentication to the application or to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. SCLogic SCLIntra Enterprise version 5.5.2 on Windows 2003 is affected.

tags | advisory, arbitrary, sql injection
systems | windows
SHA-256 | c7954229b9ce16aaf5f3c60a61787040cfee262c67b973d25aca89a39defc883
MPlayer SAMI Subtitle File Buffer Overflow
Posted May 29, 2012
Authored by juan vazquez, Jacques Louw | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.

tags | exploit, overflow
advisories | OSVDB-74604
SHA-256 | ff773c1737c09b314a58cb07dab372f6b99f077dc26dbd42fd59a36e56c907a7
Debian Security Advisory 2480-2
Posted May 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2480-2 - It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl.

tags | advisory
systems | linux, debian
SHA-256 | e07b2f00d518d311c1eeb0eea530260835e3164ea995c4f29764a08ebe15c712
Red Hat Security Advisory 2012-0699-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0699-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2333
SHA-256 | c06ac1424785317703c7aa22ceb6c44b036fc510567d485d7bf8e44c5ffb7b08
Red Hat Security Advisory 2012-0690-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0690-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2012-2136
SHA-256 | 42f48969c33d14b422067a511d25a3ed7b2209d984bf368ba28a35ce8df3755b
Mandriva Linux Security Advisory 2012-084
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-084 - ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-1679, CVE-2011-1680
SHA-256 | fbbe98313708f44403759851b9e9a64ecf87770fa03e46e7a245e2ac52cf9e1e
Mandriva Linux Security Advisory 2012-083
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-083 - Multiple vulnerabilities have been discovered and corrected in util-linux. mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1675, CVE-2011-1677
SHA-256 | 9f2d5ece52fc0a4e6ef741dd56347d53587505feec92ac9c027216e42692a92e
PBBoard 2.1.4 SQL Injection
Posted May 29, 2012
Authored by loneferret

PBBoard version 2.1.4 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 7fe5b20927aaffae29776bb564eeb8a96670bea62bb6fcb45a4fd730c7f8b817
OpenDNSSEC 1.4.0a2
Posted May 29, 2012
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: This alpha release features a new signer with AXFR and IXFR for both the input and output adapters.
tags | tool
systems | unix
SHA-256 | 861fdebde307031be539289f54b2408220b8332179ea9458686a3786d19eb8fd
GNU SASL 1.8.0
Posted May 29, 2012
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: This is a new major stable release. SAML20 support following RFC 6595. OPENID20 support following RFC 6616. SMTP server examples (e.g. for SCRAM, SAML20, and OPENID20). Various cleanups, portability fixes, and other bugfixes. The API and ABI are fully backwards compatible with version 1.6.x.
tags | imap, library
systems | unix
SHA-256 | 310262d1ded082d1ceefc52d6dad265c1decae8d84e12b5947d9b1dd193191e5
Secunia Security Advisory 49291
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, suse
SHA-256 | d6faa20c6fe4e8e318fda883b939064501a92647dbfc33016d528a261e89c0a4
Secunia Security Advisory 49296
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in TopicsViewer, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 666f2e73e93190b7aba8403149d57b407f3ff9098cd705cef8beadd772706b16
Secunia Security Advisory 49292
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for jakarta-poi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, suse
SHA-256 | f57d38a77ba2884713ddf85e182f5311d9f90ac05d3d12e8cdcf92089bfc9bdf
Secunia Security Advisory 46841
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, python
systems | linux, suse
SHA-256 | 44269d4ebcbc135496b8b32591cec5e1edf6e67f42a94b85adcc158d2c8da5bb
Secunia Security Advisory 49298
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in Yamamah, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | e8fadfdcc3be0d9bb4298cf346de650cf1e567db63593b63a5657fcbb34f9258
Secunia Security Advisory 49301
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in TFTPD32, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | e177b01c48069524db7066c2d2cf236b4432303c18f4ec81d7633a4910b20f9a
Secunia Security Advisory 49299
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in WinRadius, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 351d0d4b9b32ff224e0d36ebaf67b551542648744a0723327a578d4db97396e0
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close