exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2012-07-27

Slackware Security Advisory - bind Updates
Posted Jul 27, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 1ba2e94bb1e5401f71c58f1dd3f7ace6e580f5c9b79933a21cb76fba9c37e34d
rdtax.myeg.com.my Cross Site Scripting
Posted Jul 27, 2012
Authored by Ryuzaki Lawlet

rdtax.myeg.com.my suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c2fc1cd70037cca8df2b3733c820778cf56f07e5af2d9f51862f9ebb904b6e77
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
SHA-256 | 0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Cisco Linksys PlayerPT ActiveX Control Buffer Overflow
Posted Jul 27, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, overflow, code execution
systems | cisco
advisories | OSVDB-80297
SHA-256 | 2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9
CuteFlow 2.11.2 Arbitrary File Upload
Posted Jul 27, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.

tags | exploit, arbitrary
SHA-256 | 7e52dec1e5036e52df909f5beaef31339c50c613b21624d2406a52176b941892
Social Engine 4 Cross Site Scripting
Posted Jul 27, 2012
Authored by X-Cisadane

Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9cb66f52c5d1f11ad81ff910c9c102602740a914f20a0ffd26f00dea52754f32
NETASQ Firewall UTM Bypass
Posted Jul 27, 2012
Authored by coolkaveh

POSTs sent to the NETASQ Firewall UTM bypass the metacharacter filtering.

tags | advisory, bypass
SHA-256 | ef3dfcfe1ec79466e80072f5a662802ba3a6f5c5b73e253876aec8cf8ec8410d
Secunia Security Advisory 50065
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Gallery formatter module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 366d337e0ad32e051d0bb63ab0c798ca65a376bf2fe4026d9fe405b11437c01e
Secunia Security Advisory 50066
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Subuser module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | a37a24176ef8c0c54929099f668e4e78d448b30350f5718de62049afc104ff0d
Secunia Security Advisory 50058
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | apple, osx
SHA-256 | 5fab61344b0d10ed52d5c228d7d8d9ec5c2230e956f13ba8414c09c26255f5e5
Secunia Security Advisory 50068
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and a vulnerability have been reported in Apple Xcode, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, and bypass certain security restrictions.

tags | advisory
systems | apple
SHA-256 | 5a2cb504c8dadaa3d7954c6d3d63c114b7e93df67f81d45e7ba1142c2b351999
Secunia Security Advisory 50055
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for perl-DBD-Pg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the module.

tags | advisory, perl, vulnerability
systems | linux, redhat
SHA-256 | 76987ea6aa324b45021184bc8680f5b030fae09ebce3d2727c30a847c53866cb
Secunia Security Advisory 50046
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for mono. This fixes a weakness and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
SHA-256 | 36f6b1f469b0cc2687ddce63dcfcc2813b79d8e3d8bdc0cd9217a05f1d4db349
iOS SSL Kill Switch
Posted Jul 27, 2012
Authored by Alban Diquet | Site github.com

This is a MobileSubstrate extension to disable certificate validation within NSURLConnection in order to facilitate black-box testing of iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches NSURLConnection to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against Twitter, Card.io and Square; all of them implement certificate pinning.

tags | tool, encryption
systems | apple
SHA-256 | 016ff5115ca0297edb536e716d760f3e930e000322e864984fcef533462a846b
Apple Security Advisory 2012-07-25-2
Posted Jul 27, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-07-25-2 - Xcode 4.4 is now available and addresses SSL and keychain access vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3389, CVE-2012-3698
SHA-256 | c2cc026f3b7923d4cf0e195439b0177e2a4b32fdb0a5e1cf52d8081dc25b788d
Thelia 1.5.1 Cross Site Scripting
Posted Jul 27, 2012
Authored by HTTPCS

Thelia version 1.5.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 71f0cfbffd7fcba6a76de33cac3d72bc47893ce798f1cb2064c4f1c6369ae33a
Mandriva Linux Security Advisory 2012-116
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-116 - An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been patched to correct these issues.

tags | advisory, memory leak
systems | linux, mandriva
advisories | CVE-2012-3571, CVE-2012-3954
SHA-256 | 7c7457010e58268c50229d55072e4bb9e57280b85c47418c4fa50b728f6834c8
Mandriva Linux Security Advisory 2012-115
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-115 - An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been upgraded to the latest version which is not affected by these issues.

tags | advisory, denial of service, memory leak
systems | linux, mandriva
advisories | CVE-2012-3570, CVE-2012-3571, CVE-2012-3954
SHA-256 | a3724f3805b0b02ba67820a614a721acf82fab981a7946ece56835acdc445a6d
Mandriva Linux Security Advisory 2012-114
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-114 - A vulnerability has been discovered and corrected in mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. The updated packages have been upgraded to the latest version which is not affected by this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2760
SHA-256 | 852743b91a6fc19a2da608cfbc287d316b2388514eed739efdd5105fe90c10d4
Mandriva Linux Security Advisory 2012-113
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-113 - arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. The updated packages have been patched to correct this issue.

tags | advisory, root, vulnerability
systems | linux, redhat, debian, fedora, mandriva
advisories | CVE-2012-2653
SHA-256 | 54724c7b111ef27734b56d1a5f8971d757f7fe257860c3945fd53521709f1a18
Mandriva Linux Security Advisory 2012-112
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2012-1151
SHA-256 | cfc570df0e44378ae630c6244564f9a1b62cf1d12fda6e443031004d32e127eb
HP Security Bulletin HPSBUX02795 SSRT100878 2
Posted Jul 27, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02795 SSRT100878 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-1667
SHA-256 | d9d9ffe39ca5db8e3c67fdc538e88e4302d4bb94a33df8285d7d0cc0ecd3178a
Ubuntu Security Notice USN-1519-1
Posted Jul 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1519-1 - Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3571, CVE-2012-3954, CVE-2012-3571, CVE-2012-3954
SHA-256 | c72b8e80450c3e9e34484ae7fd0643ad157493cf28d7fca26110d4ee52010399
Debian Security Advisory 2516-1
Posted Jul 27, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3571, CVE-2012-3954
SHA-256 | 074f53e4757eadf5549b496a0e1a2f3052b4631cb7e6cc36d0f0d9d7d8165ad8
Ubuntu Security Notice USN-1518-1
Posted Jul 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1518-1 - Einar Lonn discovered that Bind incorrectly initialized the failing-query cache. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3817
SHA-256 | 3d0ddb3b9dfdfce53ffb5fa8e80b39f4750379ce56031234612f3165b79c9331
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close