what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2012-07-03

IBM Rational ClearQuest CQOle Remote Code Execution
Posted Jul 3, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a function prototype mismatch on the CQOle ActiveX control in IBM Rational ClearQuest versions prior to 7.1.1.9, 7.1.2.6 or 8.0.0.2 which allows reliable remote code execution when DEP is not enabled.

tags | exploit, remote, code execution, activex
advisories | CVE-2012-0708, OSVDB-81443
SHA-256 | 387ecb02a357ac85525e1e50243fe56012c1987ea3f8ba4a3ee336ab0fb98ed5
CLscript Classified Script 3.0 SQL Injection
Posted Jul 3, 2012
Authored by Daniel Godoy

CLscript Classified Script version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c2fd644e3ef800cf4226f1d0a0bdab9109b18171934e553c49c53c74ad7068da
phpMyBackupPro 2.2 Local File Inclusion
Posted Jul 3, 2012
Authored by dun

phpMyBackupPro versions 2.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 166b21bdc9185f708bd036262f1a876d4441fdd2ba9d32aff7948aae343ed8f3
gp Easy CMS Minishop 1.5 Cross Site Scripting
Posted Jul 3, 2012
Authored by Carlos Mario Penahos Hollmann

gp Easy CMS with Minishop plugin version 1.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6d4b62f9487a164867af96f8d469b70aabc6091f5ecec316b4a62639a6cb766b
Ubuntu Security Notice USN-1497-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1497-1 - Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. Padraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-3360, CVE-2012-3361, CVE-2012-3360, CVE-2012-3361
SHA-256 | 6e12798a2feb912d78105cce29f97f758bf35dbc4d8aa8f5c10843511e3f1435
HP Security Bulletin HPSBUX02795 SSRT100878
Posted Jul 3, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02795 SSRT100878 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-1667
SHA-256 | 2bc00a1d4f7b7a8ff1008f02f3b03cffcd18b4c8bbce60774e1e9b0a98a4ca2c
phpMyVisites SQL Injection
Posted Jul 3, 2012
Authored by Taurus Omar

phpMyVisites suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5df86e0c6913beedd8faf52f0a711fd67bc0208ada6faf79f959047cd5cae353
Hacking IPv6 Networks Training Slides
Posted Jul 3, 2012
Authored by Fernando Gont

These slides are from the Hacking IPv6 Networks Training provided by SI6 networks at Hack In Paris (HIP) 2012.

tags | paper
SHA-256 | 0d3955844c228dbbf45829f49ad626b6544eca4022e513a8b948d884d64297e1
Microsoft Live Meeting 2007 Client Libraries
Posted Jul 3, 2012
Authored by Stefan Kanthak

Microsoft's Windows Update fails to update libraries in the Microsoft Live Meeting 2007 client, so many are out of date and vulnerable.

tags | advisory
systems | windows
SHA-256 | 20cdaa55225d9a1284a62c60d2000688b80d3f5784602f760b0d2237c8264521
Cyberoam DPI Device Shared SSL CA
Posted Jul 3, 2012
Authored by Ben Laurie, Runa A. Sandvik

Cyberoam DPI devices can intercept each other's traffic due to all devices sharing the same CA certificate and private key.

tags | advisory
SHA-256 | 95588c718b17b8b219efc39901118f0ff688f1b6fdbda52a9ca28f4317ac73e4
Red Hat Security Advisory 2012-1053-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | be342307962d2a0aba931e86cb2c6c1accf14360770bfcdedc4165480978b07d
Red Hat Security Advisory 2012-1052-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | ee17c0226e885f70c197193cd8587c7e1e7303d76510efafd7f64a7c8aa78b8b
Ubuntu Security Notice USN-1495-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1495-1 - Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-1149, CVE-2012-2334, CVE-2012-1149, CVE-2012-2334
SHA-256 | 617a6c43b47fc945fe320c3985b9aff5125c701754e92f77d4b51afa4f2dda8a
Ubuntu Security Notice USN-1496-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1496-1 - A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334, CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334
SHA-256 | 6d337c7be5b6468659a8a20b6abfe0b12aceb6daf7137e5e7fc42af784c51ab0
Debian Security Advisory 2506-1
Posted Jul 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2506-1 - Qualys Vulnerability and Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.

tags | advisory, web
systems | linux, debian
advisories | CVE-2012-2751
SHA-256 | 268fa7526f03a156888745c47b7f004f546de02d75ff3065034b7484a643b7e5
Red Hat Security Advisory 2012-1054-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1054-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2088, CVE-2012-2113
SHA-256 | aa7091faf66f19c024f40bef276e0d72c10f88b0a3f2bd15a274362485c96a2d
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
SHA-256 | 1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
Secunia Security Advisory 49744
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 058c5f9a6a3c48d1b98b0b13e8519cbcea0414e8bd9a2d7bc1cac7167b583dc7
Secunia Security Advisory 49752
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for zendframework. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
systems | linux, debian
SHA-256 | a3ff6abaec41ee066a9fa4589898056e2c6707a9de02d580a7857c259e1cb8ac
Secunia Security Advisory 49740
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | a04b8c926008665a80d8cb41d2fe1f2aa399735d550acf40d023c6a2b6b085d3
Secunia Security Advisory 49774
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by malicious, local users to cause a DoS (Denial of Service), potentially gain escalated privileges, and compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
SHA-256 | 25feb92581c134a4047490d8fe6c0b88905bea3a939cbac58c98327d5ddd7bb3
Secunia Security Advisory 49749
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - NGS Secure has reported a vulnerability in the Graph Explorer component for Nagios XI, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 70e8658f900010652d1c9da0f93f05d34f46f45329aab9b9eb20bfa9eb4f5bc2
Secunia Security Advisory 49794
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Inshell Security has discovered a security issue in Photodex ProShow Producer, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 946329db04ea37ba354559d452ae170d957a7bfd66c2a6dca58ce7d3cfb66a77
Secunia Security Advisory 49738
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 9a3e7f0b1f86b68f255a6218937eee1a435c3eca0e8e3b48621b9b4f5a30a03b
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close