the original cloud security
Showing 1 - 25 of 28 RSS Feed

Files Date: 2012-11-21

ManageEngine ServiceDesk 8.0 Cross Site Scripting
Posted Nov 21, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

ManageEngine ServiceDesk version 8.0 Plus suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 11c8d6873a38f07626bd834094d47dba
Mandriva Linux Security Advisory 2012-173
Posted Nov 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-5842, CVE-2012-4202, CVE-2012-4201, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-5833, CVE-2012-5835
MD5 | 9df0efcb9060ea60d916e2e7aca5a183
dotProject 2.1.6 Cross Site Scripting / SQL Injection
Posted Nov 21, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-5701, CVE-2012-5702
MD5 | 165870d4e23a47b82004a4f8cacee45c
swfupload_f8.swf Cross Site Scripting
Posted Nov 21, 2012
Authored by MustLive

swfupload_f8.swf suffers from a cross site scripting vulnerability. Affected systems are TinyMCE, Squeeze Documents for SPIP, Upload Manager for Radiant CMS, AionWeb, Liferay Portal (Community Edition, which earlier was called Standard Edition, and Enterprise Edition), SurgeMail, and symfony.

tags | exploit, xss
MD5 | fc2153033bdfe782f1329e95b4ce1f9c
Ubuntu Security Notice USN-1638-2
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838
MD5 | c6fded06c47bd2b26e5046d9ccb8e0cb
Ubuntu Security Notice USN-1636-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214
MD5 | 39c8058fa43757747f6dbd379002ec55
Ubuntu Security Notice USN-1638-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838, CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209
MD5 | 498864cbc609ba81e7d68e93add966a8
Ubuntu Security Notice USN-1637-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2733, CVE-2012-5887, CVE-2012-2733, CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | 1119cc2f60938e86be74803b468d8e20
Ubuntu Security Notice USN-1635-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4551
MD5 | fb9f942171a818af5f74502c9462c55e
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
Posted Nov 21, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.

tags | exploit, arbitrary, perl
systems | windows
advisories | OSVDB-87334
MD5 | e53a75b6b8524b04b935bc9eec060537
PHP Server Monitor Cross Site Scripting
Posted Nov 21, 2012
Authored by loneferret

PHP Server Monitor version 2.0.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | caffbc579718d12d473e546682d61691
Narcissus Image Configuration Passthru
Posted Nov 21, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.

tags | exploit, remote, web, php, code execution, bash
MD5 | 7e5ccde71d249ff814c86c697a3cde11
Yii Framework 1.1.8 Search SQL Injection
Posted Nov 21, 2012
Authored by Juno_okyo

Yii Framework version 1.1.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2e59cb9ce82bc1318397eeb1953fb640
pyClamd 0.3.1
Posted Nov 21, 2012
Authored by Alexandre Norman | Site xael.org

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.

Changes: This release changes the API to a class model, uses the INSTREAM scan method instead of the deprecated STREAM, adds a MULTISCAN method, makes STATS return full data on multiline, and adds Python 3.x and 2.x compatibility.
tags | virus, python
systems | unix
MD5 | 363c0abd062dbc070ccb928b7d2e7e82
Feng Office 2.0 Beta 3 XSS / Privilege Escalation
Posted Nov 21, 2012
Authored by Ur0b0r0x

Feng Office version 2.0 Beta 3 suffers from cross site scripting and privilege escalation vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 0918d3bd30e86ee89e831eaca6773158
Secunia Security Advisory 51359
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, redhat
MD5 | b2f92c857b95dccb674cbc7247bdfcb3
Secunia Security Advisory 51378
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP Integrated Lights-Out, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
MD5 | cd897128feaa9da3a8cbfb91995240cb
Secunia Security Advisory 51364
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

tags | advisory, vulnerability, sql injection
MD5 | ca75eb59b883a3de59a0e55e97fa28ac
Secunia Security Advisory 51379
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Security AppScan Source, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
MD5 | 5f072feac8629bb1dcc04e6ddcf2ffdc
Secunia Security Advisory 51373
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Libxml2 included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | solaris
MD5 | 7736e46ecc30800b40c9df80194470e8
Secunia Security Advisory 51268
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 66b48c0b5972153b7a595390772cad05
Secunia Security Advisory 51352
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
MD5 | be6f69c293894a5c8c946fd3f3c26a32
Secunia Security Advisory 51340
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for plib. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, suse
MD5 | 249abae7ff3387c56b9a98bdba96da0b
Secunia Security Advisory 51335
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 15f36cf3ecff80191bc9972d1aeaab2e
Secunia Security Advisory 51279
Posted Nov 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a security issue and a vulnerability in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof
MD5 | 4e484e6204c756ea4d07dbe2ca0552e7
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close