what you don't know can hurt you
Showing 1 - 25 of 40 RSS Feed

Files Date: 2012-11-20

Red Hat Security Advisory 2012-1482-01
Posted Nov 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1482-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A buffer overflow flaw was found in the way Firefox handled GIF images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4201, CVE-2012-4202, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842
SHA-256 | 41d5f0de55056082a8a8a48421ca2ce84dff3fece1e3ed0ffd624553420e353a
Red Hat Security Advisory 2012-1483-01
Posted Nov 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1483-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was found in the way Thunderbird handled GIF images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4201, CVE-2012-4202, CVE-2012-4207, CVE-2012-4209, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842
SHA-256 | ca43e5d3954711196502d1ebc2bf96ded7cdbc12cb4d5d026267d581ed0069a3
Red Hat Security Advisory 2012-1481-01
Posted Nov 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1481-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-2313
SHA-256 | d190c8c73baf606f741d2934a23d16de3a149e6a13847d987c788108c50e613b
Adobe Reader 10.1.4 Memory Corruption
Posted Nov 20, 2012
Authored by coolkaveh

Adobe Reader version 10.1.4 suffers from a WriteAV memory corruption vulnerability.

tags | exploit
systems | linux
SHA-256 | ed7d42a1bc5af03c0ce74930cfd8ffba1052cad9470fbe8ea6967e3959181afc
WordPress Facebook Survey SQL Injection
Posted Nov 20, 2012
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

WordPress Facebook Survey third party plugin version 1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8ce3162ca5a759c35cd1f80a58eba9b55ff0c6e87d0cf751fcb944e14d7f3795
TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
Posted Nov 20, 2012
Authored by Matan Azugi

TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-6316
SHA-256 | 043a1aa84308acf95decc9f1014aeb083a38288f260b4a4a40591b9a99af5b82
Webthinkers Cross Site Scripting / SQL Injection
Posted Nov 20, 2012
Authored by Ur0b0r0x

Sites designed by Webthinkers suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 1642ea82db2cb4b918486fb4534c5f4cc8ccdd9d87ad959013a19325c7c9f0d5
Diseno Internet Cross Site Scripting / SQL Injection
Posted Nov 20, 2012
Authored by Ur0b0r0x

Sites design by Diseno Internet Chile suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0fc06ad1c6f997e566e6183aae46b78c07df5840d8471a8dc628c1e7765bdaef
Base Solida Cross Site Scripting / SQL Injection
Posted Nov 20, 2012
Authored by Ur0b0r0x

Sites design by Base Solida suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | d965a0782c1c3cc4f60b24ee78e04c0c8b8c1dd00d1dcb4e4e240854679fa228
SonicWALL CDP 5040 6.x Cross Site Scripting
Posted Nov 20, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWALL CDP 5040 version 6.x suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d327fc4a15cab77c142b8aedf8542490977dbcef6a6f7679bbe7a160c4a94dcc
WordPress FireStorm Real Estate 2.06.08 SQL Injection
Posted Nov 20, 2012
Authored by B00B5

WordPress FireStorm Real Estate third party plugin version 2.06.08 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | afee220fc37a19dd1e4636328e01cb5548fc2e617d7f0cd1f863b9b1eac2f164
Apple QuickTime 7.7.2 Buffer Overflow
Posted Nov 20, 2012
Authored by Senator of Pirates

Apple QuickTime versions 7.7.2 and below suffer from a buffer overflow vulnerability in the handling of TGA files.

tags | exploit, overflow
systems | linux, apple
advisories | CVE-2012-3755
SHA-256 | 3c48abe71248d510eb46af93dfcf4cd9068d33680911fdd9c64bf61c9d359d01
FormatFactory 3.0.1 Buffer Overflow
Posted Nov 20, 2012
Authored by Julien Ahrens

FormatFactory versions 3.0.1 and below suffer from a profile file handling buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 0c29efe3ead46ec1b8b8b18717562e87540d38612b3cbe97b146a01d6a7a66c6
Penske Media Corporation Cross Site Scripting
Posted Nov 20, 2012
Authored by Janne Ahlberg

Various Penske Media Corporation sites such as variety.com, la411.com, newyork411.com, and deadline.com all suffer from reflective cross site scripting vulnerabilities. Note that this finding houses site-specific data. Editor's note 01/04/2013: Per the advisory author, the issues have been resolved in all sites listed and Penske Media have addressed the issue.

tags | exploit, vulnerability, xss
SHA-256 | 0ee5e0affef62932ece9368ee73e2ab61594aecfc2a0ad7e7fc6c30c8d846b00
HP Security Bulletin HPSBHF02821 SSRT100934
Posted Nov 20, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02821 SSRT100934 - A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-3271
SHA-256 | a3c2b7f86eb734492a58588587020421c90fcc98223c0a1d8337f28f934fde6f
Ubuntu Security Notice USN-1632-2
Posted Nov 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1632-2 - USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, ubuntu
SHA-256 | e9f978185e6839c9769dbc29da559ab01669436f085788c08120a80dbc7652f1
Ubuntu Security Notice USN-1634-1
Posted Nov 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1634-1 - Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Python Keyring created keyring files with insecure permissions. A local attacker could use this issue to access keyring files belonging to other users. Various other issues were also addressed.

tags | advisory, local, python
systems | linux, ubuntu
advisories | CVE-2012-4571, CVE-2012-4571
SHA-256 | 617f521bfd666e63b40586802f675ff86e720d608bb26d70393ac1dbe702adcb
PHP Secure Communications Library 0.3.1
Posted Nov 20, 2012
Authored by Jim Wigginton | Site phpseclib.sourceforge.net

PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.

Changes: This release added Net_SSH2::enableQuietMode() for suppressing stderr, added Crypt_RSA::__toString() and Crypt_RSA::getSize(), fixes problems with File_X509::validateDate(), File_X509::sign(), and Crypt_RSA::verify(), uses OpenSSL to speed up modular exponentiation in Math_BigInteger, improves timeout functionality in Net_SSH2, adds support for SFTPv2, and adds support for CRLs in File_X509. SSH-2.0-SSH doesn't implement hmac-*-96 correctly.
tags | php, library
SHA-256 | 97fbb815ac4ced6f514bb26830d07de992a85443eddddaf73a6910d944476f4c
WordPress Madebymilk SQL Injection
Posted Nov 20, 2012
Authored by Ashiyane Digital Security Team

WordPress Madebymilk theme suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 53efbb3fb22fea393b7b557a40986a887585d9f65fc7b902c2bd190cec17cc9b
WordPress Dailyedition-mouss SQL Injection
Posted Nov 20, 2012
Authored by Ashiyane Digital Security Team

WordPress Dailyedition-mouss theme suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | e3b6e86eb2c0347606edadc71a935b17a5439f47d2053f6412d3576c51d782ff
MODx 1.0.6 Brute Force / Path Disclosure
Posted Nov 20, 2012
Authored by MustLive

MODx versions 1.0.6 and below suffer from brute force and path disclosure vulnerabilities.

tags | advisory, cracker, vulnerability, info disclosure
SHA-256 | 3fcdf4269d467ee8f82d84c5299a488fa4bfb70f46049f9d3f6361fd6aa59922
Secunia Security Advisory 51331
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and a vulnerability have been reported in Opera, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

tags | advisory
SHA-256 | 5d1fa409a129f18cc29dcf421def3efff91b58427ac3075e61818b2de5aae03a
Secunia Security Advisory 51286
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ATutor, which can be exploited by malicious users to disclose certain sensitive information.

tags | advisory
SHA-256 | 0242fa8a2a3d4c876ff98d99942f763199419c74b87c342400f1f61cd4f48c47
Secunia Security Advisory 51281
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in IBM WebSphere Portal.

tags | advisory
SHA-256 | 966eb939721ee249054fa42c6457c80cf9542299815a5c1ee90412ff26d40b4d
Secunia Security Advisory 51293
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SEC Consult has reported a vulnerability in dotDefender, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 4503212bba1ad49056b24492894806e368d27c6f3f17e9ee553d8c21d41e5d9a
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close