what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2012-10-25

Ubuntu Security Notice USN-1617-1
Posted Oct 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076, CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652
SHA-256 | 9535b72b28c87a09126bf9f6a5e5371f2b85f0c2a84f7ff222d496b9694461e5
Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion
Posted Oct 25, 2012
Authored by Jonathan Claudius, David Aaron | Site trustwave.com

Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2012-5192, CVE-2012-5193
SHA-256 | 47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bc
OATH Toolkit 2.0.1
Posted Oct 25, 2012
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Signing and verifying PSKC data using XML Digital Signatures and X.509 certificates are now supported by the library and commandline tool. Validation of PSKC data according to the XML Schema is now complete (previously, the XMLDsig+XMLEncryption parts did not work). The --check parameter to pskctool has been renamed to --info.
tags | tool
systems | unix
SHA-256 | d267055979a3d41e36fb36f193aa9e43832d64e1555b4d2efc6d28083ac40988
Drupal MailChimp 7.x Cross Site Scripting
Posted Oct 25, 2012
Authored by Klaus Purer | Site drupal.org

Drupal MailChimp third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | f3f278c3015df5f15e0cb152e82650a5ee9497958bd4a900e7edc2e66be4dfda
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
Posted Oct 25, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 8eac246e079c2e20610ea5b3fb4b19023d217d4774055a243a7bbe5f34191b0c
WAF-FLE ModSecurity Console 0.6.0rc1
Posted Oct 25, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This is a major release, with many new features, improvements, and bugfixes. You can now use filters in the dashboard. All charts and tables are clickable for drilling down into data. Compression of full events was implemented, saving around 60% of space. A setup script helps with dependency checking and database creation/migration. mlog2waffle was included - a daemon that works as a replacement to mlogc.
tags | tool
systems | unix
SHA-256 | 122813253c79cd040ff61afd735813c66e290c911fabf78025fc7d9446b1ab7d
Oracle Java Font Processing Glyph Element Memory Corruption
Posted Oct 25, 2012
Authored by Matthieu Bonetti, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web
SHA-256 | 66dc6819b2fe3e487c6074ac50782425eb1e8e4d69820a4cb144ef9adcd00ea1
HP Security Bulletin HPSBUX02824 SSRT100970
Posted Oct 25, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
advisories | CVE-2012-0574, CVE-2012-1682, CVE-2012-3136, CVE-2012-4681
SHA-256 | 78f272422d048e4e353a3f120e9e9677eea2dbf0861182ca760963e7f7893d0e
Wysiwyg Imagelibrary Traversal
Posted Oct 25, 2012
Authored by Geek

The Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.

tags | exploit, php, file inclusion
SHA-256 | f95d8cfa9bbf990cef1d2f8027dcd10b67902dbbb539bb26ac86b28d980af3a3
Drupal Time Spent 6.x / 7.x XSS / CSRF / SQL Injection
Posted Oct 25, 2012
Authored by Greg Knaddison, Dylan Riordan | Site drupal.org

Drupal Time Spent third party module versions 6.x and 7.x suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 2df973f2a15a6e618c72e67e0bd048acde9269ee5bdef3678b3179a29ed6aeb6
Oracle Java Font Processing "maxPointCount" Heap Overflow
Posted Oct 25, 2012
Authored by VUPEN, Florent Hochwelker | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web, overflow
SHA-256 | d9af8230d41a685d5e7bb40755a541e997054f9dc783a564ea76685d82b0f2cd
Inout Article Base Ultimate SQL Injection / CSRF
Posted Oct 25, 2012
Authored by Akastep

Inout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | 831d1c4d5bb5f52d532ddd88097b54985d05095d7c28b49e19626e680e99fa2a
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution
Posted Oct 25, 2012
Authored by blkhtc0rp

ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.

tags | exploit, shell, local, file inclusion
SHA-256 | 50280bcb8c3b2e6ce87a096338f3c12375645758f8f387468802187432e5f378
Ubuntu Security Notice USN-1616-1
Posted Oct 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135
SHA-256 | 1931d6208c03b7c6be3e7c9a1e3f736d6f4ffc3c455852a5625822b4d83fefbe
Secunia Security Advisory 50910
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have discovered in the Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 455fccc89e3040b1c235441dbde5aa98a6de2b96e00f7a2a02d6f90e8a35a4f2
Secunia Security Advisory 50829
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in phpMyBitTorrent, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 53fa64da5dd0648e308ea955ab652574925e5f3e36273aaf934d88bd94d27f9f
Secunia Security Advisory 50928
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2a3b28993512806dc4f54fb2381ba2b7940312a3421e945e36442567a24e7a75
Secunia Security Advisory 51091
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | cb57afab30e60d42d505ad49991abdd79dd346a49e0ab029f4c557f07d141ae3
Secunia Security Advisory 51095
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | 2e22d562ee582ca39eed1bfd2791c7ab77388599ea15ccd64e29cdc14f131cf2
Secunia Security Advisory 51078
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | solaris
SHA-256 | 377fcec8ccb5d3afaa3b2a0c5da9fff73b7a783db9ac69d7f3074cd1a64e4adc
Secunia Security Advisory 51096
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | hpux
SHA-256 | 159b13700d34bdb42ac319914b7e934f3c797e944822925df7e008353bd35ca8
Secunia Security Advisory 51083
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.

tags | advisory
SHA-256 | f103fc42db133ea79bf8f583dc73e7319850dc5b14089aff2f8bbfa9a6349c4d
Secunia Security Advisory 51106
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | aix
SHA-256 | e739c6087ff7bd355356f7ecb8ff5482ff666da21bb9d06e620395b43f01a92d
Secunia Security Advisory 51090
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 3a2ce50669fae76c79e644591426a5eea70a31fd36df3f92e57905356c364a48
Secunia Security Advisory 51072
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for viewvc. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
SHA-256 | 55d25a13383746e17fe304c76788e4ce5685a2fdbdaaa92a82b23baa35b8d04f
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close