what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2012-11-06

Secunia Security Advisory 51114
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in GEGL, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
SHA-256 | c18aef87aee49a061f1451519b763dbe06fcdc5437593a25d4d4d2c473df6060
Secunia Security Advisory 51218
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for munin. This fixes a security issue, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | fd4634993ab248adcd38e9091e6f6ff6aac1acc4d4f0d36d37e021389bc731db
Secunia Security Advisory 51138
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 2efa11597e9a11866163008c0ba5518a6dc6b00b62b8b1d9863f79cb32ca7d38
Secunia Security Advisory 51173
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Craig Freyman has discovered a security issue in Sysax FTP Automation, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 9e91cffe066f63c143bdb28036111e8893c4ae042e7cba29651cc45ab9b17536
Secunia Security Advisory 51223
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Python tweepy Module, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof, python
SHA-256 | 0fdd69e45b3257d9e47c84084bda06dcefabe26958eafb28fbcacb1f2743ff31
Secunia Security Advisory 51215
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for mesa. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, ubuntu
SHA-256 | 35e239115e0f8c197f3496e2378253e3b3e1d07e5ca30762143ebdf075c756a6
Secunia Security Advisory 51219
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Apache Axis, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | dcc3bcff3d2691f8bd962b23dd4af66a78754d8c120434679ddcb30dc63558f2
Secunia Security Advisory 51183
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Opera, where some have unknown impacts and other can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | f2c47c679779c3f8f1db8c235858a3380e6ed476139e651d7ecb349c27abfc8d
Secunia Security Advisory 51172
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in ZPanel, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks.

tags | advisory, vulnerability, sql injection, csrf
SHA-256 | 49d988805a25e4bdda52eb4aa92e3cf051deeaf8b71464db064bf7776314a9e3
Secunia Security Advisory 51122
Posted Nov 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in VeriCentre Web Console, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, web, vulnerability, sql injection
SHA-256 | 60f90f390a1714d5e867919172001364645cac5264ab132660aeb84b8f585f83
EMC Networker Format String
Posted Nov 6, 2012
Authored by Aaron Portnoy | Site metasploit.com

This Metasploit module exploits a format string vulnerability in the lg_sprintf function as implemented in liblocal.dll on EMC Networker products. This Metasploit module exploits the vulnerability by using a specially crafted RPC call to the program number 0x5F3DD, version 0x02, and procedure 0x06. This Metasploit module has been tested successfully on EMC Networker 7.6 SP3 on Windows XP SP3 and Windows 2003 SP2 (DEP bypass).

tags | exploit
systems | windows
advisories | CVE-2012-2288, OSVDB-85116
SHA-256 | 187180f15865924443eeaee0cc3daf29243c56a73fe15621b307d1808e687b71
WinRM VBS Remote Code Execution
Posted Nov 6, 2012
Authored by The Light Cosine | Site metasploit.com

This Metasploit module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy. IMPORTANT: If targeting an x64 system with the Powershell method you MUST select an x64 payload. An x86 payload will never return.

tags | exploit, x86
SHA-256 | 058f6afb598d02e80da84c0e4ea89c3ba856e987c8c0b5e3601f4daf16120377
Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses
Posted Nov 6, 2012
Authored by Mark Thomas, Tilmann Kuhn | Site tomcat.apache.org

Three weaknesses in Apache Tomcat's implementation of DIGEST authentication were identified and resolved. Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were not checked before when indicating that a nonce was stale. Tomcat versions 5.5.0 through 5.5.35, 6.0.0 through 6.0.35, and 7.0.0 through 7.0.29 are affected.

tags | advisory
advisories | CVE-2012-3439
SHA-256 | f21889923bf7d5548e26d54f6d23a9e7cb97188d566be43efdeb034fc1ccc1d2
Apache Tomcat 6.x / 7.x Denial Of Service
Posted Nov 6, 2012
Authored by Mark Thomas, Josh Spiewak | Site tomcat.apache.org

Apache Tomcat suffers from a denial of service vulnerability. The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. Tomcat versions 6.0.0 through 6.0.34 and 7.0.0 through 7.0.27 are affected.

tags | advisory, web, denial of service
advisories | CVE-2012-2733
SHA-256 | 4b381434f76f5509cd4b1e048e50886bad81c0880d9575db95a7a732d9839225
Sophos 8.0.6 PDF Revision 3 Encryption Exploit
Posted Nov 6, 2012
Authored by Tavis Ormandy

Sophos Antivirus version 8.0.6 PDF revision 3 encryption exploit as discussed in the Sophail whitepaper.

tags | exploit
systems | linux
SHA-256 | 2c16a524399c2a500b943b2b99acdae689be3704d09294f5df81e83f3b0a1e62
Sophail: Applied Attacks Against Sophos Antivirus
Posted Nov 6, 2012
Authored by Tavis Ormandy

By design, antivirus products introduce a vast attack surface to a hostile environment. The vendors of these products have a responsibility to uphold the highest secure development standards possible to minimize the potential for harm caused by their software. This second paper in a series on Sophos internals applies the results previously presented to assess the increased threat Sophos customers face. This paper is intended for a technical audience, and describes the process a sophisticated attacker would take when targeting Sophos users.

tags | paper, virus
SHA-256 | 6e947610a5f61d4dfef968f6267c1b7f69d040adf4a3f5f08d7edf9ebe6f3000
Hack In The Box 2013 Europe Call For Papers
Posted Nov 6, 2012
Site cfp.hackinthebox.org

The Call for Papers for the fourth annual HITBSecConf in Europe is now open. Taking place from the 8th through the 11th of April at the Okura Hotel in Amsterdam, it will be a triple track conference featuring keynotes by Eddie Schwartz, Chief Information Security Officer at RSA and Bob Lord, Chief Security Officer at Twitter.

tags | paper, conference
SHA-256 | 8d341c6bb5536e5652a30f3ecbc0907a65e71e1e829be0e3f07e5e353b0eddd5
GNUnet P2P Framework 0.9.4
Posted Nov 6, 2012
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This release adds a few features and fixes a large number of bugs. It is largely protocol-compatible with GNUnet 0.9.3. It introduces flow- and congestion control for the multicast system, support for exit policies and exit discovery for the GNUnet VPN, support for tunneling P2P traffic over HTTP(S) with reverse proxies, and various performance improvements.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 1c23b26b0b27926fa98b3ad7645e984467e54470ca56d23e913decad992bffec
EmpireCMS 6.6 PHP Code Execution
Posted Nov 6, 2012
Authored by flyh4t

EmpireCMS version 6.6 template parser suffers from a remote PHP code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2012-5777
SHA-256 | 3211c6bbb7954a96bd64ab3c1caf4c9d30db269cb5813905a4ef4160ffa27234
Russian Underground 101
Posted Nov 6, 2012
Authored by Trend Micro | Site trendmicro.com

This research paper intends to provide a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in Russia. The bulk of the information in this paper was based on data gathered from online forums and services used by Russian cybercriminals. The authors also relied on articles written by hackers on their activities, the computer threats they create, and the kind of information they post on forums’ shopping sites.

tags | paper
SHA-256 | c62bce64c508bbe4d762facbdcfd7e27d28784fa55e38942d305479289dea9ac
Ubuntu Security Notice USN-1624-1
Posted Nov 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1624-1 - It was discovered that Remote Login Service incorrectly purged account information when switching users. A local attacker could use this issue to possibly obtain sensitive information.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2012-0959
SHA-256 | 87122e7720303a71d4c2530e7456201648df5b7b3f7ff6878afc9293cc38b288
Ubuntu Security Notice USN-1623-1
Posted Nov 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2864
SHA-256 | 6dfadee66df174311328fe4b61ecfe3bfa5ccb26a4165dd50496dd21870d8f7a
Debian Security Advisory 2572-1
Posted Nov 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2572-1 - Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188
SHA-256 | 629513cff444f391b17a72ccd643c1a5c30d2044ba9c098aaa61b3c98ee582d7
Ubuntu Security Notice USN-1622-1
Posted Nov 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1622-1 - It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2012-2103, CVE-2012-3512, CVE-2012-3513, CVE-2012-2103, CVE-2012-3512, CVE-2012-3513
SHA-256 | 1b268ec2b09054bfb0535aa6abaf12527eaf93f09e1557383542ee104c9b38fa
Debian Security Advisory 2571-1
Posted Nov 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2571-1 - The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer.

tags | advisory, remote, overflow
systems | linux, redhat, debian
advisories | CVE-2012-4505
SHA-256 | d071b3013090ffba7d81166f1e448fe065b00dccf3cc293082d4d594ef5ea254
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close