what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 48 RSS Feed

Files Date: 2012-11-16

NFR Agent FSFUI Record File Upload Remote Command Execution
Posted Nov 16, 2012
Authored by juan vazquez | Site metasploit.com

NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).

tags | exploit, remote, arbitrary
advisories | CVE-2012-4959
SHA-256 | 6e8968d0aa343e5878b656cc49cedf13effdc0839611e2fbdacf11ca679628df
Guidelines For Pen-Testing A Joomla Based Site
Posted Nov 16, 2012
Authored by Shubham Mittal

This is a whitepaper called Guidelines for Pen-testing a Joomla Based Site.

tags | paper
SHA-256 | 7a8cac0307908cecd1cae37fd4ab169ed3f47a3751ee4d0d5a3576aeab6f0cba
Friendsinwar FAQ Manager SQL Injection
Posted Nov 16, 2012
Authored by unsuprise

Friendsinwar FAQ Manager suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 92e36cb7108edc9a74b69d10351949489ad7b525325db1dfa75164b9de07491d
Open-Realty 2.5.8 Cross Site Request Forgery
Posted Nov 16, 2012
Authored by Aung Khant | Site yehg.net

Open-Realty versions 2.5.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 92329b7043af1d4783fb11947d21277ddc61a87ca7d8cda419922fc9dd67a8c8
SE-2012-01 Devoxx Presentation
Posted Nov 16, 2012
Authored by Adam Gowdiak | Site security-explorations.com

This is a presentation given at Devoxx that goes into detail about the Oracle Java vulnerabilities discussed in SE-2012-01.

tags | paper, java, vulnerability
SHA-256 | 49d02139ee9c74682ac34a668af63077f0e2e4b0d473c32bb2104c25866d4982
SE-2012-01 Technical Report
Posted Nov 16, 2012
Authored by Adam Gowdiak | Site security-explorations.com

This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.

tags | paper, java, vulnerability
SHA-256 | d00c5da4cf880cde2e84ea74745b16dbc8e7132738d0d05fc29c596259008c0d
Secunia Security Advisory 51316
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ABB has acknowledged a vulnerability in AC500 PLC, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 7f685a60dc4371e4910ac105b53ac1c57c4f9c282a5eadd6fba0b2486a29a90c
Secunia Security Advisory 51263
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security Technologies has reported a vulnerability in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | f3ff417e0c7e13fcace6e50795caf51f2642d6c8ae2577837c883cb0fa535149
Secunia Security Advisory 51324
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | f87a1d4bf36e8f926d22ed9716e1395eb296be66d0ac4472c47a59ef60778337
Secunia Security Advisory 51283
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in MYRE Vacation Rental Software, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 43dd8b7649be5bee5721898f47e15b107cafc695b7db1ca2c9a9ada503f1bcc8
Secunia Security Advisory 51326
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update forjava-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | a1911843ceb6406188cca01910c9f511da53af18ec7876f6d090fcbcc2263384
Secunia Security Advisory 51327
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
SHA-256 | fca1d3b0ebeaa083e8328fa24e3b3dede969feb9ae7019e5491032e8629abf04
Secunia Security Advisory 51328
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
SHA-256 | dce30a662104129d64c884674cb975c78c4970d5cdd7d3e11e596b4432bd28db
Secunia Security Advisory 51287
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for typo3-src. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, bypass security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
SHA-256 | 58222bafd4e557dba39c1a9b403b7dd0ea4aa2450141da0a80254814d32988fa
Secunia Security Advisory 51317
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in VMware ESX Server, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, spoof, vulnerability, xss
SHA-256 | 4572fd073f059a8765bbd5d600597d938d3161f381a20b50df2f883b256aae4b
Secunia Security Advisory 51285
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MYRE Realty Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 966afe0a4282abd88f468580f88dfc99304d1dd6b9c4ff914fb776a9afa00e6f
Secunia Security Advisory 51325
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi Device Manager Software, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 6337d6a116964be045f64c0c344ad2f5073d4bd79f28b849e991fab8fb1ee40a
Secunia Security Advisory 51284
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Myrephp Business Directory, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | aa0a9da26f12b3a1466ca4136b336024aa40b9e361f67729db4c0838cd5c3f44
Secunia Security Advisory 51323
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 96fbb200250d6fb92a5a3dc0383f7b38f03c6e6459d65997c7f065db8a9e98b0
Secunia Security Advisory 51254
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Table of Contents module for Drupal, which can be exploited by malicious people to disclose potential sensitive information.

tags | advisory
SHA-256 | e31d9a42381736ab185986289a38f920b3a5064cd3775c2f0950d50fd8daf898
Secunia Security Advisory 51322
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in JP1/Automatic Job Management System, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | cae98361bcfb5c078423578ef7cb4da488460515788564807250e83cee126ec1
Secunia Security Advisory 51314
Posted Nov 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for python-django. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, python
systems | linux, ubuntu
SHA-256 | 09e817217bb2e3eb5b7277ffad57dc651b7392f557cd9f2ed28bb554b3353326
Zero Day Initiative Advisory 12-186
Posted Nov 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0183
SHA-256 | 9335cf35112e6a5fa2f4b08c7f90e422e086a84a52fa98f66f3e2dbd9f174d4b
Zero Day Initiative Advisory 12-185
Posted Nov 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP port 625 by default on Mac OSX Server pre 10.7. Request types to the service include a sComProxyData structure having a translate field which is responsible for describing the endianness of the payload. When passing a message to SwapProxyMessage for byte-reordering, multiple user controlled fields are trusted including lengths and offsets. When processing this data with DSSwapObjectData, the process will address memory out of the bounds of the allocated region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary, tcp
systems | apple
advisories | CVE-2012-0650
SHA-256 | 13d8bba137d0ff0748960521e2c159cf7f506be7b33eda7dae1e4f8d440a588e
dotDefender WAF 4.26 Format String
Posted Nov 16, 2012
Authored by Bernhard Mueller | Site sec-consult.com

Applicure dotDefender WAF versions 4.26 and below suffer from a format string vulnerability.

tags | advisory
SHA-256 | b0d30665e6fdf30c97b86937ab446b3cbc76ca5d1425fb453916aa7205a4a6cb
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close