what you don't know can hurt you
Showing 1 - 25 of 33 RSS Feed

Files Date: 2012-12-19

IDA Pro 6.3 ELF Anti-Debugging / Reversing Patcher
Posted Dec 19, 2012
Authored by nitr0us

IDA Pro 6.3 ELF anti-debugging / reversing patcher that causes a crash.

tags | exploit
SHA-256 | b621ceacd09444ff9fc01a41d5f4753069ac4eaac545eed53223b30f95090c1f
Ubuntu Security Notice USN-1676-1
Posted Dec 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1676-1 - Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.

tags | advisory
systems | linux, ubuntu
SHA-256 | 9f62e3294f6a235a48ec96a52fc1bb0ddbaf0eb71006e31273c8a90f82b68010
Mandriva Linux Security Advisory 2012-181
Posted Dec 19, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-181 - Multiple host header poisoning flaws were found and fixed in Django. The updated packages have been upgraded to the 1.3.5 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4520
SHA-256 | 9bce0d06f9a983370a47c9bda523a29bc653990c43314967da3f82c2062f4253
Ubuntu Security Notice USN-1675-1
Posted Dec 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2777, CVE-2012-2784, CVE-2012-2788, CVE-2012-2801
SHA-256 | e8f3abacc0bbc717eed7e87878961a2412b68e70656f6ecc81e0e4ead8317e9f
Ubuntu Security Notice USN-1674-1
Posted Dec 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2772, CVE-2012-2775, CVE-2012-2777, CVE-2012-2779, CVE-2012-2784, CVE-2012-2786, CVE-2012-2788, CVE-2012-2789, CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2798, CVE-2012-2800, CVE-2012-2801
SHA-256 | 6ff707c404f51dfeb2d328fcf42573be6bcff618f49d87c1e3d44363fafc9b60
Free Hosting Manager 2.0.2 Cross Site Scripting
Posted Dec 19, 2012
Authored by Lee Chung Eon

Free Hosting Manager version 2.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 335377c3da8b74855bab0926e442b783e0a025c0a92bad72b5f9cd8afec705f8
DIMIN Viewer 5.4.0 Crash
Posted Dec 19, 2012
Authored by Lizhi Wang

DIMIN Viewer version 5.4.0 suffers from a GIF decode crash vulnerability.

tags | exploit
systems | linux
SHA-256 | 37c08ac9d3c8f9530c6c4e0e67e12334cd8ee8d63de9a989e27cf8b8623af737
Kiwi Syslog Web Access 1.4.4 SQL Injection
Posted Dec 19, 2012
Authored by Mohd Izhar Ali | Site johncrackernet.blogspot.com

Kiwi Syslog Web Access version 1.4.4 suffers from remote SQL injection and blind SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | 30c497b23b1f3b0a07ecbebf1a4e6f17d981770e58ae9b1af674bd68c74a5d58
Joomla ZtAutoLink Local File Inclusion
Posted Dec 19, 2012
Authored by Xr0b0t

Joomla ZtAutoLink component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 8d7b7afaf7dc0deb578c05776b007a2e0e6a4fc0525e669d41c81a37107d3723
Joomla Bit Local File Inclusion
Posted Dec 19, 2012
Authored by Xr0b0t

Joomla Bit component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 56a0dfe953eb01f7814c7e0a38f7af1db46be7d121833068fc3e03448164fbd5
EMC Avamar 6.1.100-402 File Overwrite
Posted Dec 19, 2012

EMC Avamar version 6.1.100-402 suffers from a world-writable cache file vulnerability that leverages /tmp.

tags | exploit
SHA-256 | e49cbec22954636f2d8675765991f6e9558126b4c14f04a788902ec16d34e6d5
Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
SHA-256 | 6b28cd4efe0efed16181b5e08b92d87bf9d077078b76c02a2852907b2bcbb029
Microsoft Internet Explorer 9.x Stack Exhaustion
Posted Dec 19, 2012
Authored by Jean Pascal Pereira

Microsoft Internet Explorer 9.x suffers from a remote stack exhaustion vulnerability.

tags | exploit, remote, overflow
SHA-256 | d92f15f413457c5e0e27867c732c549570fd1dd935370f20ae2973bbf1b93532
Secunia Security Advisory 51607
Posted Dec 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to disclose sensitive information and by malicious people to bypass certain security restrictions.

tags | advisory, local, vulnerability
systems | linux, redhat
SHA-256 | 27229969cecbe80e573a46ef4627207ede118da37b879f97883ad895001094f8
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
Posted Dec 19, 2012
Authored by James Fitts, Dmitriy Pletnev, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00 SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long string argument for the InternationalSeparator() method of the ISSymbol control. This Metasploit modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.

tags | exploit, java, web, overflow
advisories | CVE-2011-0340, OSVDB-72865
SHA-256 | f99bd99b5b541326375a269f30ae36cdabc7a1c18a150d0b60fb51908c7a78c6
Haveged 1.6a
Posted Dec 19, 2012
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: This release corrects a config typo to fix building on generic architectures.
tags | tool
systems | linux, unix
SHA-256 | f4d6b50053572482751122353f082e946e4749f34e385addc0cdf77ee0ef067e
Ubuntu Security Notice USN-1673-1
Posted Dec 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1673-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-5517
SHA-256 | 625d9396aeca4d3a2ad0430b3a201a2fc896848c8fba0cacb0a2a709ee027cc4
Ubuntu Security Notice USN-1671-1
Posted Dec 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1671-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-5517
SHA-256 | 58a6c166c0e2e8c119e52af12809a6b51b759ca5244149aebf3b55517e8d80a3
Ubuntu Security Notice USN-1670-1
Posted Dec 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1670-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-5517
SHA-256 | cc758c46cdb6a1dfbe34f853f40eb7071ffdf41e573ffaf4088124ae7c87a1b9
Red Hat Security Advisory 2012-1589-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1589-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-2313
SHA-256 | eff9ac00d6131703f5d463555dbb5186a6916beab238525265247e6bc5b89879
Red Hat Security Advisory 2012-1594-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-0883, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
SHA-256 | ce7a6ce3fa874a437034915aac5d5291665cbbaaf245d08d9d1f5eb346d591fc
Red Hat Security Advisory 2012-1591-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
SHA-256 | 66169491e9b4f93081527475ee84f735d2d918f29661a02612d38689d09f4878
Red Hat Security Advisory 2012-1593-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1593-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: A flaw was found in the way Apache CXF verified that XML elements were signed or encrypted by a particular Supporting Token. Apache CXF checked to ensure these elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could use this flaw to transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-2379
SHA-256 | 540ceb3b6fc3bd14daba21fd0b4bd4d8aeb851af3fb9f1824c71ccca11a1bca3
Red Hat Security Advisory 2012-1590-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1590-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581
SHA-256 | f92cb2e1082be2cdd632541bdbbb07fd784b778a7cab91f842ea6fe9c8ae58be
Red Hat Security Advisory 2012-1592-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
SHA-256 | 9f252a88d1f38fd6c3c381757d9c5cb1073c52fcd621aa36d6a621a3438e93f5
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close