what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2012-06-18

Squiz CMS 4.6.3 XXE Injection / Cross Site Scripting
Posted Jun 18, 2012
Authored by Nadeem Salim | Site senseofsecurity.com.au

Squiz CMS version 4.6.3 suffers from cross site scripting and XXE injection vulnerabilities.

tags | exploit, vulnerability, xss, xxe
SHA-256 | a5d045b3aad07ff6c6442d788cf3530feb8b0422a99a5af1dae6dda396024529
Red Hat Security Advisory 2012-0745-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2011-4940, CVE-2011-4944, CVE-2012-1150
SHA-256 | 9b589376b7c9062ad24b4f8af937559408735d4b1c8f000fdf908cd9cd6cd8c1
Red Hat Security Advisory 2012-0744-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150
SHA-256 | 0195e7d2a58a603b9f9e924879d940296b0663a33117c68a1367cbbdbd34a945
Red Hat Security Advisory 2012-0743-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0743-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled, and that also have macvtap configured for at least one guest.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2012-0044, CVE-2012-1179, CVE-2012-2119, CVE-2012-2121, CVE-2012-2123, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373
SHA-256 | 2480f3d6a1b6962283dd9e04ff5f1211daab9bed3388bb442c0b82afde24b21d
Ubuntu Security Notice USN-1478-1
Posted Jun 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1478-1 - Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.10. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3951, CVE-2011-3952, CVE-2011-4031, CVE-2012-0848, CVE-2012-0850, CVE-2012-0851, CVE-2012-0852, CVE-2012-0853, CVE-2012-0858, CVE-2012-0859, CVE-2012-0947, CVE-2011-3929, CVE-2011-3936, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3951, CVE-2011-3952, CVE-2011-4031, CVE-2012-0848, CVE-2012-0850, CVE-2012-0851, CVE-2012-0852, CVE-2012-0853, CVE-2012-0858
SHA-256 | d7b99bf280057e5db81eb321b972e06e69d090946831525816a876f7130e95bf
Ubuntu Security Notice USN-1479-1
Posted Jun 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1479-1 - Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3940, CVE-2011-3947, CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852, CVE-2012-0853, CVE-2012-0858, CVE-2012-0859, CVE-2012-0947, CVE-2011-3929, CVE-2011-3936, CVE-2011-3940, CVE-2011-3947, CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852, CVE-2012-0853, CVE-2012-0858, CVE-2012-0859, CVE-2012-0947
SHA-256 | 0db8a822cdb1caef657dab0c19621d9b20896eb96da2c80b925d472f88f69362
WordPress LB Mixed Slideshow 1.0 Shell Upload
Posted Jun 18, 2012
Authored by Sammy FORGIT

WordPress LB Mixed Slideshow plugin version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 05d1ff86d15d4c018bc701f3b912dbda44ddada39fafab1e62575e473e009971
WordPress Famous 2.0.5 Shell Upload
Posted Jun 18, 2012
Authored by Sammy FORGIT

WordPress Famous theme version 2.0.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5cd23143dda2991fa8b54bad24336fde593bf11003add82671ad05be651816d2
VANA CMS SQL Injection
Posted Jun 18, 2012
Authored by Black Hat Group

VANA CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 06f4bc981b8d0c7290c0f3d2af444d55400dc6e92ccfa1464b27166a7ed92ba7
WordPress Lim4wp 1.1.1 Shell Upload
Posted Jun 18, 2012
Authored by Sammy FORGIT

WordPress Lim4wp plugin version 1.1.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | bdd83eb33020bf673d8c201bed0edee4aea04fd587fad2b42688292c7b805cc7
WordPress Wp-ImageZoom 1.0.3 File Disclosure
Posted Jun 18, 2012
Authored by Sammy FORGIT

WordPress Wp-ImageZoom plugin version 1.03 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 313fae93536b657222df93e542a161ff4e99e670f7fcc788a126bd30970b4474
WordPress Deep-Blue 1.9.2 Shell Upload
Posted Jun 18, 2012
Authored by Sammy FORGIT

WordPress Deep-Blue theme version 1.9.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 655fa08681c7b44b6899577f403fd689e810e5138a16b53311a249704bc54503
Bricolage 1.x SQL Injection / Cross Site Scripting
Posted Jun 18, 2012
Authored by r007k17-w

Bricolage version 1.x suffers from persistent cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 648f270968361f02a75713be4218de41297130fcbab5f3d51e86d905c491399c
MyTickets Blind SQL Injection
Posted Jun 18, 2012
Authored by al-swisre

MyTickets versions 1 through 2.0.8 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 99fc0500b3e38cf669b96c02099379cc481addcdb679c1271958420f61af0d62
Total Video Player 1.31 Proof Of Concept
Posted Jun 18, 2012
Authored by 0dem

Total Video Player version 1.31 crash proof of concept denial of service exploit that creates malicious files.

tags | exploit, denial of service, proof of concept
SHA-256 | 50826852f4723c4697c5342a471db0766e94f72ffba3dc55768b3c1d68c3014d
Secunia Security Advisory 49633
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | 97378af06f0cf1e385cfc94a5e06778f06902d7416420258de2b36d3d88f468d
Secunia Security Advisory 49631
Posted Jun 18, 2012
Site secunia.com

Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

SHA-256 | 8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9
Secunia Security Advisory 49631
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9
Secunia Security Advisory 49654
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | a748071e69f0c13394539efb72f9fd8a1aff8e5d7cc83ba910a05469bbf61900
Secunia Security Advisory 49231
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for python-tornado. This fixes a vulnerability, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.

tags | advisory, web, python
systems | linux, suse
SHA-256 | 5720ce07a1bdffb3c8efd1846ad2b368d1fa0e4ac1c093deadd085e9d81ebc5a
Secunia Security Advisory 49610
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the LB Mixed Slideshow plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 6b375ada64bf270bc9ae64236ff8117b61ebd9db1f5524aec4abab40269cef0a
Secunia Security Advisory 49209
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Samsung AllShare, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 4f612eb687214fbdf12bdd94a10be8345105b8568550bf7d40150d303bb84398
Secunia Security Advisory 49555
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in NOCC, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | b82941c484f724c44b7bd162397403ce2f4cd2e3c7ae9f4b9767af6bcda89ecd
Secunia Security Advisory 49632
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Innominate mGuard, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory
SHA-256 | 57d1346a6989cd1a756303496ad163735ab7beca4f6267024998339485dffd35
Secunia Security Advisory 49573
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Wordpress Automatic Plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 3111bd50158fe737387d74b0b64be53f09443942b6041e1b115c20b5deae5234
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close