seeing is believing
Showing 1 - 25 of 32 RSS Feed

Files Date: 2012-10-12

EMC NMM Arbitrary Code Execution
Posted Oct 12, 2012
Site emc.com

Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-2290, CVE-2012-2284
MD5 | d4a93747b9701bcd9464a4b1cc75c78d
Mandriva Linux Security Advisory 2012-166
Posted Oct 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-166 - The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. The updated packages have been patched to correct this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-4430
MD5 | 710cca252cfa175d4fc1747049fc70c7
Metasploit pcap_log Local Privilege Escalation
Posted Oct 12, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com

Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.

tags | exploit
MD5 | 5f8b49eeafacbc3f2f64aaf52bec3094
BigPond 3G21WB Hardcoded Credentials / Command Injection
Posted Oct 12, 2012
Authored by Roberto Paleari

BigPond version 3G21WB suffers from hard-coded credentials and command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 9cbd70f601cd8300741d880cede1fe6d
Mandriva Linux Security Advisory 2012-165
Posted Oct 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-165 - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-3438
MD5 | 6d6debaed053270128c6e1cb24e71089
WordPress Abtest Directory Traversal
Posted Oct 12, 2012
Authored by Scott Herbert

The WordPress Abtest plugin suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | bfb87f451d49e316320c6318da8a3bb5
Fast And Furious DNS Security
Posted Oct 12, 2012
Authored by Shubham Mittal

This is a brief whitepaper that discusses an overview of DNS and security implications surrounding the model.

tags | paper
MD5 | 8e29a598761cc1c70eb84b812861145c
Slackware Security Advisory - bind Updates
Posted Oct 12, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
MD5 | b0c87d3a2f977afe8e0e6650fc638745
Red Hat Security Advisory 2012-1364-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1364-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-5166
MD5 | cbf81d503a6e9a237b12d3bdaf3040e4
Red Hat Security Advisory 2012-1362-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1362-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-4193
MD5 | 0ff3c47b821dbef5903433f085784073
Red Hat Security Advisory 2012-1363-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1363-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-5166
MD5 | d9743ab1f5278aa3dd52fb65865518ed
Red Hat Security Advisory 2012-1361-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1361-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the privileges of the user running the application.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-4193
MD5 | 3469fe71ff665da584ddb71f53878daf
Red Hat Security Advisory 2012-1365-01
Posted Oct 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1365-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-4244, CVE-2012-5166
MD5 | 9e5f039ac1e7f2aabd9c630a8325998d
Ubuntu Security Notice USN-1611-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the <select> element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.

tags | advisory, remote, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2012-4191, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3991, CVE-2012-3992, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188, CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180
MD5 | 551fa3229fb9b29d3907a3c6f2a0b2c6
Ubuntu Security Notice USN-1610-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1610-1 - Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2012-3520
MD5 | 43e849cd12ddc633b4ce715dd19e9914
Ubuntu Security Notice USN-1609-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2137
MD5 | a343a9b8b9bfdeb2459f2f1f07ecbbf5
Adobe Flash Player Integer Overflow Analysis
Posted Oct 12, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.

tags | paper, overflow
advisories | CVE-2012-1535
MD5 | 2f7b202a79782317c94735df44d55943
Atarim SQL Injection
Posted Oct 12, 2012
Authored by TUNISIAN CYBER

Sites designed by Atarim suffer from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
MD5 | 049b8bfb8cf0d4a00a9788623947a90a
Project Pier Arbitrary File Upload
Posted Oct 12, 2012
Authored by BlackHawk, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Project Pier. The application's uploading tool does not require any authentication, which allows a malicious user to upload an arbitrary file onto the web server, and then cause remote code execution by simply requesting it. This Metasploit module is known to work against Apache servers due to the way it handles an extension name, but the vulnerability may not be exploitable on others.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-85881
MD5 | 01e3503737951dd2701001ba7f862b15
Ubuntu Security Notice USN-1608-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1608-1 - It was discovered that the browser engine used in Firefox contained a memory corruption flaw. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. It was discovered that Firefox allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4191, CVE-2012-4192, CVE-2012-4191, CVE-2012-4192
MD5 | 303530bd9d73c5e590c2012e76a4dba7
Ubuntu Security Notice USN-1607-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1607-1 - Vadim Ponomarev discovered a flaw in the Linux kernel causing a reference leak when PID namespaces are used. A remote attacker could exploit this flaw causing a denial of service. A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2127, CVE-2012-2137, CVE-2012-2127, CVE-2012-2137
MD5 | 4c3230e25a1c8103b79760b313149ac4
Ubuntu Security Notice USN-1606-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1606-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2137, CVE-2012-2745, CVE-2012-2137, CVE-2012-2745
MD5 | eb98fc6d5b71106e0be89c0dd78a0d09
Ubuntu Security Notice USN-1605-1
Posted Oct 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1605-1 - It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-1820
MD5 | 9bae41097403a56de7334ab9eab2489e
Secunia Security Advisory 50952
Posted Oct 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
MD5 | 6a28d6fc2b1ad9b462d220fe1fbdd0f0
Secunia Security Advisory 50951
Posted Oct 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Roberto Paleari has reported two security issues in BigPond Wireless Broadband Gateway 3G21WB, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable device.

tags | advisory
MD5 | dfb4d5949abd5db24e1878d96f5ecc98
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close