what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2012-12-05

Ubuntu Security Notice USN-1655-1
Posted Dec 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1655-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5581
SHA-256 | 4a7f65cefa922e85d015f213933fc63494e8eb1461ad51812c19671891f2201a
Ubuntu Security Notice USN-1656-1
Posted Dec 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5134
SHA-256 | 262ee9f9a12b339ba16f79249ef8e36409efc15e996ebb93531225f8cf7cd074
Ubuntu Security Notice USN-1654-1
Posted Dec 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1654-1 - It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.

tags | advisory, root
systems | linux, ubuntu
advisories | CVE-2012-5519
SHA-256 | 4e4ffd878942516a63dc2c18eebaaceaa243b9b51a7bca12fc67935cbc19a73f
Red Hat Security Advisory 2012-1547-01
Posted Dec 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1547-01 - On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited Production Phase 2 marking the end of their support by Red Hat.

tags | advisory
systems | linux, redhat
SHA-256 | e47024754f89868ff40cf551d4b7a042bdb798d08bc28e77307b0063acc0048e
Red Hat Security Advisory 2012-1546-01
Posted Dec 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1546-01 - On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited Production Phase 2 marking the end of their support by Red Hat.

tags | advisory
systems | linux, redhat
SHA-256 | 0dfa1d295d9f08d1260be103787b198539795b9ec3784b51dffdce4a3bb79e7c
FOOT Gestion CMS SQL Injection
Posted Dec 5, 2012
Authored by Emmanuel Farcy

FOOT Gestion CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 826fdb80b00c59a239f0011d0aa0465d2b756c37b08335c0586c44562e7190ae
Buffalo Linkstation Privilege Escalation
Posted Dec 5, 2012
Authored by Hurgel Bumpf

Buffalo Linkstation (and various other Buffalo products) suffer from a privilege escalation vulnerability where a permanent guest account can be used to change the administrative password.

tags | exploit
SHA-256 | f44c4b344c2520f3a2486cf44d535e312b8c1fef9a6529e1abdbc45dbca66622
Kordil EDMS 2.2.60rc3 SQL Injection
Posted Dec 5, 2012
Authored by Woody Hughes

Kordil EDMS version 2.2.60rc3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7a9a4f2c82af1753cf8f7379fed5affc3dbba7187566bd35e59ff78b1496719c
Secunia Security Advisory 51484
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 41702735cf4b56c7def4c67e3130258a055554c9763ac0689c215f91b92921a9
Secunia Security Advisory 51494
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in cPanel.

tags | advisory, vulnerability
SHA-256 | a905e569cb8358a6536c1714d5d0bd2d1ec9a1404411676d66e802fa17df0961
Secunia Security Advisory 51486
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Citrix has acknowledged multiple vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
SHA-256 | 2b2955e6a616fe99f86e20843a4c44e9ba97015d5fb4008d03ad08127a7c2d9e
Secunia Security Advisory 51472
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Red Hat CloudForms, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and perform certain actions with escalated privileges, by malicious users to disclose and manipulate certain data and cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, manipulate certain data, cause a DoS, and compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability, xss, sql injection
systems | linux, redhat
SHA-256 | ec36504bfd255c9d7d09af887991917f24e5df51468a8074b1c20556cd1e42d9
Secunia Security Advisory 51425
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | b6541f1a44b199ec059f814f2bb284c582b6007968ac1e08d16ad8c49e456ea8
Secunia Security Advisory 51475
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has acknowledged a vulnerability in Red Hat Network Proxy and Red Hat Network Satellite Server, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, redhat
SHA-256 | 3e53409dca3d0d01cd85cb60d9ceeb27e51c4fcecae4c4965bce19511585cfa9
Secunia Security Advisory 51489
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mesa, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 36288d5c59bef2e03db87fa55019742bc6f417a56379f2133e5d3d7b2446ff5f
Secunia Security Advisory 51495
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | af86400701b08f591a4a18686cac3d65b4caf241cef267b69bec9fa6ac7f1c9b
Secunia Security Advisory 51462
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Kaveh Ghaemmaghami has discovered a vulnerability in Opera, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | feb280b94dcb421499f542dc19675d08d7199fd19b7aa665304bef195b712877
Secunia Security Advisory 51473
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | 4113334039c29cfd3883f500ca7ecc1fa5b54c4098d54977aa8abc14c3c61d0e
Secunia Security Advisory 51470
Posted Dec 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-ec2. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | e71486efb667eb645cb564569df002a50e90934cda3cbe4d932059613bc7aa4d
OpenDNSSEC 1.3.12
Posted Dec 5, 2012
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Multiple compilation issues addressed.
tags | tool
systems | unix
SHA-256 | 4124d07c25f548f87f53bc61547d000b42874a40028b997b886165f7c0767f8e
Ektron 8.02 XSLT Transform Remote Code Execution
Posted Dec 5, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5357
SHA-256 | 2dda141b54a2d9b1cc61d181c833e4fa97868dcf6a148604c0bdaeebed78af75
Tectia SSH USERAUTH Change Request Password Reset
Posted Dec 5, 2012
Authored by Kingcope, sinn3r, bperry | Site metasploit.com

This Metasploit module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root.

tags | exploit, remote, root
systems | unix
SHA-256 | a8cae2783ae383b985cfe414beea92207b93fca99d51ada21c788b6eff779ccc
ipset 6.16.1
Posted Dec 5, 2012
Authored by Jan Engelhardt | Site ipset.netfilter.org

ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.

Changes: In this release, using protocol numbers is supported alongside their names. The number of maximum ipsets is now automatically increased as needed.
tags | tool
systems | unix
SHA-256 | cb5b02deab8521946fd473b77c40f00452b76fed621f0eee76746c74e89e4c3c
Apache Tomcat CSRF Prevention Filter Bypass
Posted Dec 5, 2012
Authored by Mark Thomas | Site tomcat.apache.org

The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.31 are affected.

tags | advisory
advisories | CVE-2012-4431
SHA-256 | 74e285db6d16f94ed3552ccea4024d4d096965cbcd236bc2ba5d83beab7e0fda
Apache Tomcat Security Bypass
Posted Dec 5, 2012
Authored by Mark Thomas | Site tomcat.apache.org

When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.27 are affected.

tags | advisory
advisories | CVE-2012-3546
SHA-256 | 1f71f1e689097b01826957ede5576c3f27e8009359fb6acaa921b0e52b63fe43
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close