all things security
Showing 1 - 25 of 25 RSS Feed

Files Date: 2012-07-27

Slackware Security Advisory - bind Updates
Posted Jul 27, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 6958ebd7f700de989f5be494b747aeb9
rdtax.myeg.com.my Cross Site Scripting
Posted Jul 27, 2012
Authored by Ryuzaki Lawlet

rdtax.myeg.com.my suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e498ea583155dd2727da6b9a682f4b38
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
MD5 | 6db1963cdf4c5a50a1d78eaf7ea6ef43
Cisco Linksys PlayerPT ActiveX Control Buffer Overflow
Posted Jul 27, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, overflow, code execution
systems | cisco
advisories | OSVDB-80297
MD5 | acdba609d7271195f26d8234afdc02d7
CuteFlow 2.11.2 Arbitrary File Upload
Posted Jul 27, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.

tags | exploit, arbitrary
MD5 | 22b6219aee828f29e8809b75f2c45aa5
Social Engine 4 Cross Site Scripting
Posted Jul 27, 2012
Authored by X-Cisadane

Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9067246ff1f464a671bdeb79fb2144f0
NETASQ Firewall UTM Bypass
Posted Jul 27, 2012
Authored by coolkaveh

POSTs sent to the NETASQ Firewall UTM bypass the metacharacter filtering.

tags | advisory, bypass
MD5 | 6e698e98ce789a0ef4bc3b28bdf4b4a0
Secunia Security Advisory 50065
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Gallery formatter module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 934b5e023bdb3129df28f3bf8a51c925
Secunia Security Advisory 50066
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Subuser module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | a22036a9eca34eff0060cd93df36b38b
Secunia Security Advisory 50058
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari for Mac OS X, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
systems | apple, osx
MD5 | 179d3ea315ad683171611aafb76a6949
Secunia Security Advisory 50068
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and a vulnerability have been reported in Apple Xcode, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, and bypass certain security restrictions.

tags | advisory
systems | apple
MD5 | 0e1cf0963bc5294ca56b9d1bbb59f2e3
Secunia Security Advisory 50055
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for perl-DBD-Pg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the module.

tags | advisory, perl, vulnerability
systems | linux, redhat
MD5 | 508ab64e60817e4e8c96b22273371401
Secunia Security Advisory 50046
Posted Jul 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for mono. This fixes a weakness and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
MD5 | c0c48709c16d4888e7da87525bda6c0f
iOS SSL Kill Switch
Posted Jul 27, 2012
Authored by Alban Diquet | Site github.com

This is a MobileSubstrate extension to disable certificate validation within NSURLConnection in order to facilitate black-box testing of iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches NSURLConnection to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against Twitter, Card.io and Square; all of them implement certificate pinning.

tags | tool, encryption
systems | apple
MD5 | 6652144267902b859b5c6e2a92b9e95a
Apple Security Advisory 2012-07-25-2
Posted Jul 27, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-07-25-2 - Xcode 4.4 is now available and addresses SSL and keychain access vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3389, CVE-2012-3698
MD5 | 342802618f17d83c20c098e8ac1958eb
Thelia 1.5.1 Cross Site Scripting
Posted Jul 27, 2012
Authored by HTTPCS

Thelia version 1.5.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 690ea7aa9e06cc04aedd5fdcc8a92fbe
Mandriva Linux Security Advisory 2012-116
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-116 - An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been patched to correct these issues.

tags | advisory, memory leak
systems | linux, mandriva
advisories | CVE-2012-3571, CVE-2012-3954
MD5 | 8b3cbe9c81ae315761885e0079613fc8
Mandriva Linux Security Advisory 2012-115
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-115 - An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been upgraded to the latest version which is not affected by these issues.

tags | advisory, denial of service, memory leak
systems | linux, mandriva
advisories | CVE-2012-3570, CVE-2012-3571, CVE-2012-3954
MD5 | b8bec5432648e11ee761ae836102755b
Mandriva Linux Security Advisory 2012-114
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-114 - A vulnerability has been discovered and corrected in mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. The updated packages have been upgraded to the latest version which is not affected by this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2760
MD5 | d21f08e366e91c5d69f7e730cae6762b
Mandriva Linux Security Advisory 2012-113
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-113 - arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. The updated packages have been patched to correct this issue.

tags | advisory, root, vulnerability
systems | linux, redhat, debian, fedora, mandriva
advisories | CVE-2012-2653
MD5 | 897c6d4c9624c036d664493c68370a3b
Mandriva Linux Security Advisory 2012-112
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2012-1151
MD5 | e9cca23e020a063d0d01e81d2672d7fc
HP Security Bulletin HPSBUX02795 SSRT100878 2
Posted Jul 27, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02795 SSRT100878 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-1667
MD5 | 2ac63459c4954ac66532eae3d73e4c09
Ubuntu Security Notice USN-1519-1
Posted Jul 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1519-1 - Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3571, CVE-2012-3954, CVE-2012-3571, CVE-2012-3954
MD5 | 63b6d994154e23aa406b1747f3227794
Debian Security Advisory 2516-1
Posted Jul 27, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3571, CVE-2012-3954
MD5 | b5069f4092d4a796bec29a2f0d40d4cb
Ubuntu Security Notice USN-1518-1
Posted Jul 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1518-1 - Einar Lonn discovered that Bind incorrectly initialized the failing-query cache. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3817
MD5 | 8481d843d9b8349825b178bdb9e86f57
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close