seeing is believing
Showing 1 - 25 of 40 RSS Feed

Files Date: 2012-10-25

Ubuntu Security Notice USN-1617-1
Posted Oct 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076, CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652
MD5 | 728da4ce1ebca4114f0bedb9d1c06fb7
Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion
Posted Oct 25, 2012
Authored by Jonathan Claudius, David Aaron | Site trustwave.com

Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2012-5192, CVE-2012-5193
MD5 | 1cede2c6a508a2da6de216f8ac5c07bd
OATH Toolkit 2.0.1
Posted Oct 25, 2012
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Signing and verifying PSKC data using XML Digital Signatures and X.509 certificates are now supported by the library and commandline tool. Validation of PSKC data according to the XML Schema is now complete (previously, the XMLDsig+XMLEncryption parts did not work). The --check parameter to pskctool has been renamed to --info.
tags | tool
systems | unix
MD5 | 529e5995ae0d95a94daa16f9b9c25e3c
Drupal MailChimp 7.x Cross Site Scripting
Posted Oct 25, 2012
Authored by Klaus Purer | Site drupal.org

Drupal MailChimp third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 21f09034064231913dd9935afeb683ff
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
Posted Oct 25, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 1798752200454dd6f75de4aecc6a5bd0
WAF-FLE ModSecurity Console 0.6.0rc1
Posted Oct 25, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This is a major release, with many new features, improvements, and bugfixes. You can now use filters in the dashboard. All charts and tables are clickable for drilling down into data. Compression of full events was implemented, saving around 60% of space. A setup script helps with dependency checking and database creation/migration. mlog2waffle was included - a daemon that works as a replacement to mlogc.
tags | tool
systems | unix
MD5 | a47e71f8b649fbdb6ef3e14a7f9078a0
Oracle Java Font Processing Glyph Element Memory Corruption
Posted Oct 25, 2012
Authored by Matthieu Bonetti, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web
MD5 | eb5681c8f67ee20467f1ef395d71bcef
HP Security Bulletin HPSBUX02824 SSRT100970
Posted Oct 25, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
advisories | CVE-2012-0574, CVE-2012-1682, CVE-2012-3136, CVE-2012-4681
MD5 | 0e0b68ee1d9b6166cfb25ed24d0697f5
Wysiwyg Imagelibrary Traversal
Posted Oct 25, 2012
Authored by Geek

The Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.

tags | exploit, php, file inclusion
MD5 | 77e249e354232f6febc37ff6423d775a
Drupal Time Spent 6.x / 7.x XSS / CSRF / SQL Injection
Posted Oct 25, 2012
Authored by Greg Knaddison, Dylan Riordan | Site drupal.org

Drupal Time Spent third party module versions 6.x and 7.x suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
MD5 | f9ec109f6fe57d9d4cbf6ef3bbf461a9
Oracle Java Font Processing "maxPointCount" Heap Overflow
Posted Oct 25, 2012
Authored by VUPEN, Florent Hochwelker | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web, overflow
MD5 | f2af093f375391a08553fea3270ceaa3
Inout Article Base Ultimate SQL Injection / CSRF
Posted Oct 25, 2012
Authored by Akastep

Inout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | 705d90715fa0f67219e13d03f9a999ee
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution
Posted Oct 25, 2012
Authored by blkhtc0rp

ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.

tags | exploit, shell, local, file inclusion
MD5 | 3b82ac909d173db4f5d19f16dacc24a3
Ubuntu Security Notice USN-1616-1
Posted Oct 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135
MD5 | c6c44f5816b7c0bbd6afdb374ec8925b
Secunia Security Advisory 50910
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have discovered in the Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 02120667d292602a7629ed5fd2161029
Secunia Security Advisory 50829
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in phpMyBitTorrent, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 60ff89d90ff3baebb9558feceaa18183
Secunia Security Advisory 50928
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 59601a326f8cc6a3495c5d02807921dd
Secunia Security Advisory 51091
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 58d9538db56d4b12c1cd53a75d97ed8d
Secunia Security Advisory 51095
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
MD5 | c5b20d9c2a0ae149101f7d214f1fd850
Secunia Security Advisory 51078
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | solaris
MD5 | a6e30d1b01d8d036d8ae45d9ce734cea
Secunia Security Advisory 51096
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | hpux
MD5 | 15214f17ff0e78dd9b020bd64f90d5a1
Secunia Security Advisory 51083
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.

tags | advisory
MD5 | 11fedb9fbe63ac698b60d886705f47d6
Secunia Security Advisory 51106
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | aix
MD5 | bdd19a636ff1e00d3f462d27630fa238
Secunia Security Advisory 51090
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 52ed67a1859e72a0646a759136c76a04
Secunia Security Advisory 51072
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for viewvc. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
MD5 | 3a1a85034bf1d011944d93def30b5f32
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close