what you don't know can hurt you
Showing 1 - 25 of 48 RSS Feed

Files Date: 2012-11-16

NFR Agent FSFUI Record File Upload Remote Command Execution
Posted Nov 16, 2012
Authored by juan vazquez | Site metasploit.com

NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).

tags | exploit, remote, arbitrary
advisories | CVE-2012-4959
MD5 | c168ac888fdbda2c88f9ab9a652a0a13
Guidelines For Pen-Testing A Joomla Based Site
Posted Nov 16, 2012
Authored by Shubham Mittal

This is a whitepaper called Guidelines for Pen-testing a Joomla Based Site.

tags | paper
MD5 | 2c43dbecae0c7667263300ccf564453b
Friendsinwar FAQ Manager SQL Injection
Posted Nov 16, 2012
Authored by unsuprise

Friendsinwar FAQ Manager suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 45e862882d59275373b9943255f94a83
Open-Realty 2.5.8 Cross Site Request Forgery
Posted Nov 16, 2012
Authored by Aung Khant | Site yehg.net

Open-Realty versions 2.5.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3b061200cd80825e9cc9a8699bb58816
SE-2012-01 Devoxx Presentation
Posted Nov 16, 2012
Authored by Adam Gowdiak | Site security-explorations.com

This is a presentation given at Devoxx that goes into detail about the Oracle Java vulnerabilities discussed in SE-2012-01.

tags | paper, java, vulnerability
MD5 | 4a53372dee96a8967e1a76d31689b9fe
SE-2012-01 Technical Report
Posted Nov 16, 2012
Authored by Adam Gowdiak | Site security-explorations.com

This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.

tags | paper, java, vulnerability
MD5 | e6778433bc4286305cb740da2d799fbd
Secunia Security Advisory 51316
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ABB has acknowledged a vulnerability in AC500 PLC, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | b5a306ac21bb13d39f1bd48f59559b02
Secunia Security Advisory 51263
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security Technologies has reported a vulnerability in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | f82f14cec1bc3debee8dad97390d5d6a
Secunia Security Advisory 51324
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
MD5 | 21f4ae570f519fafdd25bddb24693d33
Secunia Security Advisory 51283
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in MYRE Vacation Rental Software, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | b35e249c2cf739a629a55df7319b7c5a
Secunia Security Advisory 51326
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update forjava-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
MD5 | b189736820b692fd1579e203e0b563ed
Secunia Security Advisory 51327
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
MD5 | bf3bfd580bc637e1c0ebd7bf1080cde0
Secunia Security Advisory 51328
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
MD5 | d693fb6f43a37d34c07aa52960608d48
Secunia Security Advisory 51287
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for typo3-src. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, bypass security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
MD5 | 08012f6188f6ce797d2c52ecea5997be
Secunia Security Advisory 51317
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in VMware ESX Server, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, spoof, vulnerability, xss
MD5 | f4c9ea00260f6e5e61273b51c0980085
Secunia Security Advisory 51285
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MYRE Realty Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 0038d069effc021f4b098f536d60893f
Secunia Security Advisory 51325
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi Device Manager Software, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 2156efaaac32d8ce8261f2b25e04e968
Secunia Security Advisory 51284
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Myrephp Business Directory, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | b514ed6f0fbf3b7b95681cc6f10a87d5
Secunia Security Advisory 51323
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 5f88d86d62ed5a0ff4ea5422c4b21a09
Secunia Security Advisory 51254
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Table of Contents module for Drupal, which can be exploited by malicious people to disclose potential sensitive information.

tags | advisory
MD5 | 6513191fa02f85f853e7b5aa711aa55b
Secunia Security Advisory 51322
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in JP1/Automatic Job Management System, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 6adc4a3eb8b0b23d849048bb175d1501
Secunia Security Advisory 51314
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for python-django. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, python
systems | linux, ubuntu
MD5 | 367134aaa3f29d196a8ff9ce5bed8998
Zero Day Initiative Advisory 12-186
Posted Nov 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0183
MD5 | 16143f3db0728b5e75a2ae4e9d45f79f
Zero Day Initiative Advisory 12-185
Posted Nov 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP port 625 by default on Mac OSX Server pre 10.7. Request types to the service include a sComProxyData structure having a translate field which is responsible for describing the endianness of the payload. When passing a message to SwapProxyMessage for byte-reordering, multiple user controlled fields are trusted including lengths and offsets. When processing this data with DSSwapObjectData, the process will address memory out of the bounds of the allocated region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary, tcp
systems | apple
advisories | CVE-2012-0650
MD5 | 299a5e0dc5be8e1d0645a0bec6dafd01
dotDefender WAF 4.26 Format String
Posted Nov 16, 2012
Authored by Bernhard Mueller | Site sec-consult.com

Applicure dotDefender WAF versions 4.26 and below suffer from a format string vulnerability.

tags | advisory
MD5 | 6ddbce0bb1d4a694a440233f185a5d1f
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    17 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close