what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2012-07-26

europ INNET Web Studio Administration Program 2.0 XSS / CSRF / LFI
Posted Jul 26, 2012
Authored by Akastep

europ INNET Web Studio Administration Program version 2.0 suffers from cross site request forgery, cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, web, local, vulnerability, xss, sql injection, file inclusion, csrf
SHA-256 | 8b945b66041046c68f9608814b1da5af72c0a32cca28ec9997b10974d6f42623
Linux x86 ASLR Deactivation Shellcode
Posted Jul 26, 2012
Authored by Jean Pascal Pereira

83 bytes small Linux/x86 ASLR deactivation shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 3c4799dd92e003e39ce50560912dd05104d6cce8bc4f1ce4a42be3063c322af2
Mini-Stream RM-MP3 Converter 3.1.2.1.2010.03.30 Buffer Overflow
Posted Jul 26, 2012
Authored by Gianni Gnesa

Mini-Stream RM-MP3 Converter version 3.1.2.1.2010.03.30 buffer overflow exploit with ASLR and DEP bypass.

tags | exploit, overflow
advisories | CVE-2009-1328
SHA-256 | edfd394763830724256e7884bbcdffd800bc4481aa275a07d6e9009bb6093555
PHP UnZIP 0.1 File Disclosure
Posted Jul 26, 2012
Authored by Taurus Omar

PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, php, info disclosure
SHA-256 | 23a6b6805759f0b8d0a1867fb3e155e4357ccfc59fdb6f110096ef1b359dadac
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
Secunia Security Advisory 50052
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - muts has reported a vulnerability in Dell SonicWALL Scrutinizer, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | f0ccb5e2b55c245c40ea03dc1aecbb75726164ee9f5337b0ea7f906740a46718
Secunia Security Advisory 50054
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | netbsd
SHA-256 | fc2ab73f81d9b37fd7f479a3237004f5c305cadc5ed26b487ef654e65b2fa37c
Secunia Security Advisory 49973
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Location module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 454541b7a58fc771d7673b623827bb759fe2c702b466c14b246f379f5aa68b04
Secunia Security Advisory 50064
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Thelia, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | c4b63ea336474287f043f95019e6cd64e843eff7a1f301eb38289f8875c0f047
Secunia Security Advisory 50048
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adaptive Server Enterprise, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | efb8365869e395dfc8adf202e5f9dafea448cca331bd66abc450b9c2081675b0
Secunia Security Advisory 50056
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions in an application using the library.

tags | advisory
systems | linux, ubuntu
SHA-256 | 437136c2b6d4c58de22a78afe4d04237a3da9a57a59713b7363d6b3f84dd6fb3
Secunia Security Advisory 50067
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Secure Login module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 6a5dcea1138907bac81b8d38c6dc8b0ace4938837cf2debd399056437fb8f8f0
Secunia Security Advisory 50037
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in multiple Sybase products.

tags | advisory
SHA-256 | b3b7de1ffcf8045bdc6355426edaf09b1bad8236ebf768a2a6c8c2ed5274f70b
Secunia Security Advisory 50060
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Authen::ExternalAuth extension for RT, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | d3a746eb41a3b0acd05d875969f2d7e618d666f75397e20bab9a14f39a98a595
Secunia Security Advisory 50024
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some Vulnerabilities have been reported in the RTFM extension for RT, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 70b1f89b1a0ef7f025ea8bc1bab05b8194bfcff04e4bc0ef2ee9025ff2c39d24
Secunia Security Advisory 50010
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Extension::MobileUI for RT, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | ab2e8b6413fe7d80930238df5428ddab75f4e3c2f88f803a8cec8ee50e90deaa
Entropy Broker RNG 0.9
Posted Jul 26, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: video4linux server is now compatible with video4linux2. It will now dump and restore the pool-contents.
tags | tool, encryption
systems | linux
SHA-256 | 1256b9eabb591bfe6735cfcd5b31fafece6cca0028f6df1894bd805070ba6d45
Libcap-NG Library 0.7
Posted Jul 26, 2012
Site people.redhat.com

The libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.

Changes: This release adds support for a new Linux kernel capability, closes potentially leaked file descriptors, fixes a potential segfault, and solves a problem which resulted in reduced capabilities in pscap to cause fewer processes to be reported on.
tags | library
systems | unix
SHA-256 | 369682b2e5a5716a6271a6c5db9a43e3809e91acfb08438c0d3de2fec1284a35
Botan C++ Crypto Algorithms Library 1.10.3
Posted Jul 26, 2012
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: Several bugs in the TLS implementation related to session renegotiation have been fixed. The SRP password-based key agreement scheme and the Camellia block cipher have been added. Support for the Ivy Bridge hardware random number generator has also been added. Various minor bugs affecting OpenBSD and MinGW users have been fixed.
tags | library
systems | linux
SHA-256 | b76fc3118d8fe93230f8544a6507609fe103e65bd131ddd246af1ee88c30a1ab
Another File Integrity Checker 3.1
Posted Jul 26, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: This is the first public (stable) release of new 3.x branch. It is a rewrite (partial for now) of afick in object oriented programming, to allow better code and better support. It matches the 2.21 release for features. The two afick branches (2.x and 3.x) will be maintained in parallel for a few versions, to allow users to migrate when they want.
tags | tool, integrity
systems | linux, windows, unix
SHA-256 | 933d4fffd3ddffb6eeb8972b47caf3bce6a24d709209a488ab2ddec8e716842c
Red Hat Security Advisory 2012-1114-01
Posted Jul 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1114-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744
SHA-256 | 737ca44d3c22f02002125758603606b3bf1912e7077558158feefff2fb692236
Ubuntu Security Notice USN-1517-1
Posted Jul 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1517-1 - It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, web, xss
systems | linux, ubuntu
advisories | CVE-2012-3382, CVE-2010-1459, CVE-2010-1459, CVE-2012-3382
SHA-256 | be0532b5d29f4ce5ef9813a17a2367a5ec386f67370f51d9825d90b7a5f27ec2
Red Hat Security Advisory 2012-1116-01
Posted Jul 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.

tags | advisory, arbitrary, perl
systems | linux, redhat
advisories | CVE-2012-1151
SHA-256 | 6b9911606556711f6d311f9701a306c24b1afc6085dfd1dde7ad91431c552f38
Ubuntu Security Notice USN-1516-1
Posted Jul 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1516-1 - It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.

tags | advisory
systems | linux, ubuntu
SHA-256 | f2262e55a41ba5619c60cd6ba0d89acc3919c82392ab15e2dd986d7c27563ab8
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close