what you don't know can hurt you
Showing 1 - 25 of 80 RSS Feed

Files Date: 2012-06-20

No Media SQL Injection
Posted Jun 20, 2012
Authored by Taurus Omar

No Media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d8af60ab0c6b38a99ecf863344c88d19
Muinar SQL Injection
Posted Jun 20, 2012
Authored by Taurus Omar

Muinar web design suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | 48b2d58b384a0096baaaf29c0f99eb92
Ubuntu Security Notice USN-1463-3
Posted Jun 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-3 - USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441
MD5 | 1c4c5e3b639e47e8ee7f15965229aa2d
Red Hat Security Advisory 2012-1009-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
MD5 | 49fc678c6fae24406018000297c6ee38
Red Hat Security Advisory 2012-0997-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0997-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2678, CVE-2012-2746
MD5 | 67d7c5b9f9a120b378ebc5f02e4e184c
Red Hat Security Advisory 2012-1019-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1019-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
MD5 | 4e8b93752a01c29046b2b0b03550f417
Red Hat Security Advisory 2012-0973-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0973-04 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory
systems | linux, redhat
MD5 | 806a363a34d660f82648cd922906657f
Red Hat Security Advisory 2012-0987-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0987-04 - The SBLIM CIM Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2012-2328
MD5 | fdfa79a877a2c06ff4ffa36aa3055766
Red Hat Security Advisory 2012-0958-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0958-04 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2012-2664
MD5 | d3d393e5b9bbdd6ddd81e9df818fa859
Red Hat Security Advisory 2012-0939-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0939-04 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-4028, CVE-2011-4029
MD5 | 960725476cdf6e186b95b06971ce3b4e
Red Hat Security Advisory 2012-0862-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0862-04 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. A malicious Network File System version 4 server could return a crafted reply to a GETACL request, causing a denial of service on the client.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1083, CVE-2011-4131
MD5 | 6c20f9a39e668f4aff6ddf8b6d016591
Red Hat Security Advisory 2012-0841-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0841-04 - ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4088, CVE-2012-1106
MD5 | a3c74440d181554b485de7a62e6a62f3
Red Hat Security Advisory 2012-0902-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0902-04 - The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.

tags | advisory, local, protocol
systems | linux, redhat
advisories | CVE-2012-1586
MD5 | 8f04bb5932362bda968c656f9cfaa575
Red Hat Security Advisory 2012-0884-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0884-04 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default.

tags | advisory, remote, denial of service, shell, protocol
systems | linux, redhat, openbsd
advisories | CVE-2011-5000
MD5 | 8811bd17c1d17b374d2c600f17947dfa
Red Hat Security Advisory 2012-0876-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0876-04 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.

tags | advisory, remote, perl, protocol
systems | linux, redhat
advisories | CVE-2012-2141
MD5 | afd882c2c2b70a87b050057cf33d91e8
Source Technology SQL Injection
Posted Jun 20, 2012
Authored by Taurus Omar

Source Technology suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a4e655c31a83fcdf4f125fff1c1ef061
Red Hat Security Advisory 2012-0874-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0874-04 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-2102
MD5 | 94cc89d891a30aee3d02bcf79d3a7d26
Red Hat Security Advisory 2012-0811-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0811-04 - The php-pecl-apc packages contain APC, the framework for caching and optimization of intermediate PHP code. A cross-site scripting flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. Note: The administrative script is not deployed upon package installation. It must manually be copied to the web root .

tags | advisory, remote, web, root, php, xss
systems | linux, redhat
advisories | CVE-2010-3294
MD5 | c1f2e2155f67e7037dd2ce43ca63f41c
Red Hat Security Advisory 2012-0810-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0810-04 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2006-1168, CVE-2011-2716
MD5 | 7adb359ed455b0ff353618de2ca571d7
Red Hat Security Advisory 2012-0813-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0813-04 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-0833
MD5 | 5daaf2a9d26f72ecf494df6a592b336e
Red Hat Security Advisory 2012-0899-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0899-04 - OpenLDAP is an open source suite of LDAP applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure. These updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-1164
MD5 | cc6930164cf8679c98026da4d84f6815
Red Hat Security Advisory 2012-0796-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0796-04 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-4623
MD5 | e1ba53390ee9cbdf932362804a786a14
Red Hat Security Advisory 2012-0880-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-5076, CVE-2011-3922
MD5 | 659dc61af3decae8b5765c3cf1ac546f
Red Hat Security Advisory 2012-0774-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0774-04 - libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state. If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2690
MD5 | 1258ff0a26d2c79237e9115eca82cb8a
Red Hat Security Advisory 2012-0748-05
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0748-05 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device. These updated libvirt packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2012-2693
MD5 | 55a6347009bbe5ccc3bbb178f2ab3381
Page 1 of 4
Back1234Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close