what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2012-07-03

IBM Rational ClearQuest CQOle Remote Code Execution
Posted Jul 3, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a function prototype mismatch on the CQOle ActiveX control in IBM Rational ClearQuest versions prior to 7.1.1.9, 7.1.2.6 or 8.0.0.2 which allows reliable remote code execution when DEP is not enabled.

tags | exploit, remote, code execution, activex
advisories | CVE-2012-0708, OSVDB-81443
MD5 | dd271a1d2fe6b774198c249d9775242f
CLscript Classified Script 3.0 SQL Injection
Posted Jul 3, 2012
Authored by Daniel Godoy

CLscript Classified Script version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bc67b083ad2790e5ffa8979d458a9471
phpMyBackupPro 2.2 Local File Inclusion
Posted Jul 3, 2012
Authored by dun

phpMyBackupPro versions 2.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | aa8e9c79f09bd7316bd9dced5a67ba68
gp Easy CMS Minishop 1.5 Cross Site Scripting
Posted Jul 3, 2012
Authored by Carlos Mario Penahos Hollmann

gp Easy CMS with Minishop plugin version 1.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 70e7d1f1a4bdd572c3bda7f6e46006a8
Ubuntu Security Notice USN-1497-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1497-1 - Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. Padraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-3360, CVE-2012-3361, CVE-2012-3360, CVE-2012-3361
MD5 | 195975f0fc68aaa9b00d149747afd882
HP Security Bulletin HPSBUX02795 SSRT100878
Posted Jul 3, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02795 SSRT100878 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-1667
MD5 | 5cb448e96590fbd41462b9c3f092e906
phpMyVisites SQL Injection
Posted Jul 3, 2012
Authored by Taurus Omar

phpMyVisites suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b5343b41fe99e908d014b1f0dec2a17d
Hacking IPv6 Networks Training Slides
Posted Jul 3, 2012
Authored by Fernando Gont

These slides are from the Hacking IPv6 Networks Training provided by SI6 networks at Hack In Paris (HIP) 2012.

tags | paper
MD5 | dc7d6ca2466f52e3113effacae564cb3
Microsoft Live Meeting 2007 Client Libraries
Posted Jul 3, 2012
Authored by Stefan Kanthak

Microsoft's Windows Update fails to update libraries in the Microsoft Live Meeting 2007 client, so many are out of date and vulnerable.

tags | advisory
systems | windows
MD5 | 1cb2fba53accd0a446dd0be76e2755a9
Cyberoam DPI Device Shared SSL CA
Posted Jul 3, 2012
Authored by Ben Laurie, Runa A. Sandvik

Cyberoam DPI devices can intercept each other's traffic due to all devices sharing the same CA certificate and private key.

tags | advisory
MD5 | 1327ca77d91e69853333c6cdcd4fe342
Red Hat Security Advisory 2012-1053-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
MD5 | 03087dfd2d237bead6d1efce2dcd9129
Red Hat Security Advisory 2012-1052-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
MD5 | 10a02a93f740842371ff87de90d2d435
Ubuntu Security Notice USN-1495-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1495-1 - Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-1149, CVE-2012-2334, CVE-2012-1149, CVE-2012-2334
MD5 | 6c415a858d791f9d88b66f8bb1895597
Ubuntu Security Notice USN-1496-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1496-1 - A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334, CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334
MD5 | 0217fa869b71abc29f4716f792e2e3f2
Debian Security Advisory 2506-1
Posted Jul 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2506-1 - Qualys Vulnerability and Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.

tags | advisory, web
systems | linux, debian
advisories | CVE-2012-2751
MD5 | 67bc8a94713ca7a4762bfdb257d83e24
Red Hat Security Advisory 2012-1054-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1054-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2088, CVE-2012-2113
MD5 | a5e2342dd9623e97020d33d953d31988
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
MD5 | 1d7bccb50f01020bb04d06e9755e0eec
Secunia Security Advisory 49744
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 5a546f8ed3f4381918385d2e2ff17039
Secunia Security Advisory 49752
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for zendframework. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
systems | linux, debian
MD5 | 33138290f67a214d804a9484caca1313
Secunia Security Advisory 49740
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
MD5 | 8cf3eb6e987e8f3d79f6a0eff088912d
Secunia Security Advisory 49774
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by malicious, local users to cause a DoS (Denial of Service), potentially gain escalated privileges, and compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
MD5 | 52b1dfd63b98203f9c944dcf74ae934a
Secunia Security Advisory 49749
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - NGS Secure has reported a vulnerability in the Graph Explorer component for Nagios XI, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 7e4e80ff45f6e27399d37d7b28142464
Secunia Security Advisory 49794
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Inshell Security has discovered a security issue in Photodex ProShow Producer, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | 444dc4429dadace932015eb3cbfcba5e
Secunia Security Advisory 49738
Posted Jul 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
MD5 | 9f586231dc90a4109047ee3050228eb9
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close