what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2012-09-05

Ubuntu Security Notice USN-1555-1
Posted Sep 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1555-1 - Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-0044, CVE-2012-2372, CVE-2012-0044, CVE-2012-2372
SHA-256 | c7f820ef558c291242f797a29db3c66ced673b347c670f76cf8d6550232264dd
Ubuntu Security Notice USN-1554-1
Posted Sep 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1554-1 - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-2372
SHA-256 | eb969b20b2fcb4058da23a1495727724e88c3ab922f264b252e4e45c0974121f
Debian Security Advisory 2538-1
Posted Sep 5, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2538-1 - It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.

tags | advisory, python
systems | linux, debian
advisories | CVE-2012-4404
SHA-256 | b49bdde2d2c3682af30f6bcd08ac545749987d366c9d780dfe603a1a686302ef
Red Hat Security Advisory 2012-1235-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1235-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3515
SHA-256 | 2e72404216c3ee627824dd4a583eb5f74d5968989dd2fb3e58110197360a194d
Red Hat Security Advisory 2012-1234-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1234-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3515
SHA-256 | 6a384c1a9ccd0779f022edf973bed9cfca61a4984ea14e178600b74973b2f749
Red Hat Security Advisory 2012-1236-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1236-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3515
SHA-256 | 5a437dc88e25e547dd5a7f8d93690e54170211af6651faf9d1b63726921ed829
Red Hat Security Advisory 2012-1232-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1232-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.2 serves as a replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2011-2908, CVE-2011-4605, CVE-2012-0213, CVE-2012-1167, CVE-2012-2377
SHA-256 | bfe1fd78f8e8200d810ee7a288e9dc1353758cb7ece9cd3e7b7a530ff76c782b
Red Hat Security Advisory 2012-1233-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1233-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. When using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed by Red Hat Enterprise Virtualization:

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3515
SHA-256 | e3a4ad3b13850d26853b138ed415d5a6fb1f4177d92964ebb3a55a1b66817641
How To Use PyDbg As A Powerful Multitasking Debugger
Posted Sep 5, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

Since its introduction in 2006, PyDbg has become an essential tool for security researchers and reverse engineers. It is mainly used to discover various software vulnerabilities and weaknesses, as well to analyze malware and perform computer forensics. The present publication is aimed to provide a reader with an introduction to the Python based debugger and deliver practical and real examples of this powerful security tool usage.

tags | paper, vulnerability, python
SHA-256 | fe6ebddfdd8a95029596ddb6ff5ad30b306c35a3bb7552b5ec2d24ca4413b8b2
Kiwicon Six Call For Papers
Posted Sep 5, 2012
Site kiwicon.org

Kiwicon Six Call For Papers - This year Kiwicon will be held from November 17th through 18th, 2012 in Wellington, New Zealand.

tags | paper, conference
SHA-256 | d5314c7019b219a28162f700d81f7d5014ec5bdbaf962ca08a5d746a47bd5e9f
2xpress CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

2xpress CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 25be48e62ff0dfc86f603f600e50c9b7615c015e14b17d0f622b567d1c8bd8ca
Drop CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Drop CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 552194a462846d3db192d1445350565813e72cf8784fdf80e0179a8cea5712d7
WEBSKINZ CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

WEBSKINZ CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 75bae800d514224f82a832070bc74c18ec07aa12a50161b4b60e34a49d0c69ac
Syracus CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Syracuse CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 87e2b615adc6d0c503232a80105dd0bf9b51fef607da26b7a88067c604ca964d
Thoughtmedia CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Thoughtmedia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | e02f8532feb88bdbb0109ca09317381e18ea7bfed14c3eae7e499f3ae5a5cfb2
Ask.com Cross Site Scripting
Posted Sep 5, 2012
Authored by TayfunBasoglu

mws.ask.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4f06466ef9591b8fe9a3ffc5cdac48c0c2f753a65c155ffa02769712f2eadcec
Symbion Productions CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Symbion Productions CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 76853ac21cecd37206312b7c54d97ea8d5cace7541d04357303730d826f4d99c
ExtCalendar 2 SQL Injection / Cross Site Scripting
Posted Sep 5, 2012
Authored by Ashiyane Digital Security Team

ExtCalendar 2 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 6b5f29099e2db9b381424196371bf2687a5a04c7ab036f78b8450aa121b8e0d7
VMWare Tools Binary Planting
Posted Sep 5, 2012
Authored by Moshe Zioni

VMWare Tools is susceptible to binary planting / DLL hijacking.

tags | exploit
systems | windows
advisories | CVE-2012-1666
SHA-256 | a5afa2cae5897fae7262a3d6b11dc9f82588dd140249726ec6121a847aca0b9a
Gentoo Linux Security Advisory 201209-01
Posted Sep 5, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-1 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Versions less than 11.2.202.238 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
SHA-256 | ab8afaa2bcaee1d350255c5850fdd15d753ba3d3c2bafa092addf1b1237d6d86
JBoss DeploymentFileRepository WAR Deployment
Posted Sep 5, 2012
Authored by Patrick Hof, Jens Liebchen, h0ng10 | Site metasploit.com

This Metasploit module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The DeploymentFileRepository methods are only available on Jboss 4.x and 5.x.

tags | exploit
advisories | CVE-2007-1036, OSVDB-33744
SHA-256 | c6b0010812e226801e4d081ec2319bf266148f85a99286b7a0ea268acccbcd45
MobileCartly 1.0 Arbitrary File Creation
Posted Sep 5, 2012
Authored by sinn3r, Yakir Wizman | Site metasploit.com

This Metasploit module exploits a vulnerability in MobileCartly. The savepage.php file does not do any permission checks before using file_put_contents(), which allows any user to have direct control of that function to create files under the 'pages' directory by default, or anywhere else as long as the user has WRITE permission.

tags | exploit, php
SHA-256 | d2b93bba6358674606a2931cdca65cfb7a3dc0f305c1159a3307f8e62152044e
Barracuda Web Filter 910 5.0.015 Cross Site Scripting
Posted Sep 5, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Web Filter 910 version 5.0.015 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 7498fa1ce74bf395463fc3696964a9228f48aa70b038d30e5cb38864689ef937
eFront Enterprise 3.6.11 Cross Site Scripting
Posted Sep 5, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

eFront Enterprise version 3.6.11 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4a21ace72a5221d1b0ddb0fc174f1fbe3aaf1ef1e0ed063b8a30273446d7d3eb
360-FAAR Firewall Analysis Audit And Repair 0.2.5
Posted Sep 5, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds 'end.' comments to rr mode "enter search INC EX string" instructions and an 'exit' menu option. This release also resolves netscreen MIP(ipaddr) objects from interface mip statements and adds them to the NATs tables. Various other fixes and additions.
tags | tool, perl
systems | unix
SHA-256 | a8af9a4806465b18cd3cb04ff8798af3257fd0cfdb61642e04c8cd8f73566b47
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close