what you don't know can hurt you
Showing 1 - 25 of 39 RSS Feed

Files Date: 2012-10-02

Mandriva Linux Security Advisory 2012-153-1
Posted Oct 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-153 - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-3955
SHA-256 | 4f56142c97f654375514ad63bec348cf7fcda3463f1302a10bbd3b3b4d0e920b
phpFreeChat 1.4 Cross Site Scripting
Posted Oct 2, 2012
Authored by Mesut Timur | Site netsparker.com

phpFreeChat version 1.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 1b82a33a3e1e68375da09a67b32f8842cbefe9c87c225ad7a5b1c2ad22258452
PayPal Cross Site Scripting
Posted Oct 2, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

It appears that multiple cross site scripting vulnerabilities were discovered in PayPal.com.

tags | exploit, vulnerability, xss
SHA-256 | f5239e9a4f5906c6ed51aa1c2f017f03fb91b576f0133a33b8ab8219f2ba8a70
HP Security Bulletin HPSBUX02814 SSRT100930
Posted Oct 2, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02814 SSRT100930 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-2333
SHA-256 | daea6262b35ede00cc6ea4afff92b3016cca3de4edbdea737563cd870dfaf98d
Mandriva Linux Security Advisory 2012-155-1
Posted Oct 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-155 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been patched to correct this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-0862
SHA-256 | 5333e966d5561d2f6d4f4fb9e29e14c3c973d25ae843e13ad80971d6adca9f61
Mandriva Linux Security Advisory 2012-156
Posted Oct 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-156 - The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411. The updated packages have been upgraded to inn 2.5.3 which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-3523
SHA-256 | 7b717cf5b8b12f1a506884f1d256dfa24c8600abecd7922df8fd47ef4ba351cf
ProjectPier 0.8.8 Shell Upload
Posted Oct 2, 2012
Authored by BlackHawk

ProjectPier versions 0.8.8 and below suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | d1e036a79a1b141620ded93726111ef41fa82aa390f1904f6586e24f31fa9180
TP-LINK TD-W8151N Cross Site Request Forgery
Posted Oct 2, 2012
Authored by Akastep

TP-LINK TD-W8151N 150Mbps wireless N ADSL+2 modem router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 427ec14298c7ccdd86476a0829cf8b76602d498105b951c45aba638947ed5cb6
Zenphoto 1.4.3.2 Cross Site Scripting
Posted Oct 2, 2012
Authored by Scott Herbert

Zenphoto version 1.4.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c313654cf06a5459638e4cb26e414198c80c70942da3bd786c488538808104e7
PhpTax 0.8 Remote Code Execution
Posted Oct 2, 2012
Authored by Jean Pascal Pereira

PhpTax version 0.8 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | d0d6e0e1685582da24a6399ab9398b69b943a0fb2d14f8839ddf5d959307e3d4
Handshakes Professional 4.1 SQL Injection
Posted Oct 2, 2012
Authored by HTTPCS

Handshakes Professional version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 35b955a7d870227ad43152ccc8657154fedddb89d144cf08d642e76d7ee49ada
Mandriva Linux Security Advisory 2012-152-1
Posted Oct 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-152 - A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record. The updated packages have been upgraded to bind 9.7.6-P3 which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4244
SHA-256 | 2cf9b6c302121d09799cfca10fd3daa0848066166bab005970866bfc05c36ee9
HP Security Bulletin HPSBST02818 SSRT100960
Posted Oct 2, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02818 SSRT100960 - A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-3266
SHA-256 | b7b3d0ad2afa96c5b7579c9669be83c47320e22350efbc480cf52991159750be
Dart Communications Stack Overflow
Posted Oct 2, 2012
Authored by catatonicprime

DartWebserver.Dll, an HTTP server by Dart Communications, suffers from a stack overflow vulnerability. Versions 1.9 and below are affected. Proof of concept code included.

tags | exploit, web, overflow, proof of concept
advisories | CVE-2012-3819
SHA-256 | 305223063ea1f05d0ded3e552a5555e23607589feed9ca8044b36a03554ae90f
Ubuntu Security Notice USN-1593-1
Posted Oct 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242, CVE-2012-3500, CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242, CVE-2012-3500
SHA-256 | ec651cf782fb4bbbdfc9b355b2fecd968076fd80a2673975c5f2b01a87ae7680
Ubuntu Security Notice USN-1592-1
Posted Oct 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1592-1 - Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150
SHA-256 | 165afa6d34f225319c4c04de9f89e067f082131a627aa45b978829b0872fee6a
Ubuntu Security Notice USN-1591-1
Posted Oct 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1591-1 - Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.

tags | advisory
systems | linux, ubuntu
SHA-256 | 3eabd5363fef22c6c11e2984bf6e0c15834748751d39ecf5983b6c261c1aee04
Red Hat Security Advisory 2012-1325-01
Posted Oct 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1325-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3480, CVE-2012-3515
SHA-256 | 944168e949627ab2a24f35e55778352642902fc4e44ebfab3c03a60103a92ae1
Red Hat Security Advisory 2012-1326-01
Posted Oct 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1326-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2012-3547
SHA-256 | 70a19dbabc6d30e54441d66d15c19693d64c004fb8a4a6f9dd6727ebbc4c84f9
Red Hat Security Advisory 2012-1323-01
Posted Oct 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1323-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2012-2319, CVE-2012-3412, CVE-2012-3430, CVE-2012-3510
SHA-256 | 138689503f54b2b703c6ddcfa9fc632b12e89775867a7c41ea37be710e7773a4
Red Hat Security Advisory 2012-1327-01
Posted Oct 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1327-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2012-3547
SHA-256 | 454c976a62ef2a4670826aba9370b1a8b1e174fddc48b951051e98adbcca9689
Red Hat Security Advisory 2012-1324-01
Posted Oct 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1324-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2012-3412
SHA-256 | da77b0226da5f8fad9bc5d61c7d33660a436daf8ef35f2d553f433e2cd073e28
Ubuntu Security Notice USN-1589-1
Posted Oct 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1589-1 - It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3480, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
SHA-256 | 73731eada13fddfe11578fc5d8c3b527a24161804876367868406d482b646990
Ubuntu Security Notice USN-1590-1
Posted Oct 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3515
SHA-256 | 2f4a48df39c34c1e17c872a0649f0c680158ab4cbab47d1918aa15775146a20f
Small-CMS 1.0 SQL Injection
Posted Oct 2, 2012
Authored by Phizo

Small-CMS version 1.0 suffers from authentication bypass and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
SHA-256 | f6e3e1d365a67112d375c748e978fe5cdcb63a6a8abc5ccbe6ebc04c6d00c265
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close