There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.
e6b7d9e5b6b28e3c08ebdbbf557326661b4a8bf5291d91b70d108f5ac0ec4be1This is a whitepaper that explains simple exploitation of format string vulnerabilities. Written in French.
37f50131a1fc960ed1176cc771053a11034b9363967b5e831038763416640365This Metasploit module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.
abf55a041edebfc9c10a71c63250d53ebae7935806c4ab38d15c7743ef4a47b2This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access. Please note: The admin password may get changed if the exploit does not run to the end.
d86ee12abd38355eaa0ede874337844297f09019b89cae1d861c414675387207Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.
c464b8149b11c22b146cd1282f4bc0fb07c6fa07603793bf344a5c29515c7e5fHP Security Bulletin HPSBUX02829 SSRT100883 - A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access. Revision 1 of this advisory.
6b3e6d2d1d99270b32d7a3a374182d344a43f2e467d2f0c9f531e71192cd430eEMC NetWorker provides some of its services through the SunRPC remote procedure call mechanism. One of these services, nsrindexd, which listens on a dynamic port, exposes a SunRPC interface. A buffer overflow vulnerability exists in this service that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code on the vulnerable system in the context of the affected application, commonly system. Affected products include EMC NetWorker 7.5.x and earlier, EMC NetWorker 7.6.4 and earlier, and EMC NetWorker 8.0.0.5 and earlier.
94887bfb88a7ec768c8b3fa36fd375f356522df36424e97753aceb5368089b26Red Hat Security Advisory 2013-0126-01 - SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attempting to log in with a password containing an 8-bit character, even if the username was not valid. A remote attacker could use this flaw to eventually consume all hard disk space on the target SquirrelMail server.
cc679a3ad023b0523dcc97f4dcfa93f202141d41ac914dfa97ecbe558e26a81dRed Hat Security Advisory 2013-0125-01 - Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF capture files. If Wireshark opened a specially-crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
eb30de7fd8f00a0a922069cfe6ff4ed5abf41c0cacda471253febe3314fe484dRed Hat Security Advisory 2013-0128-01 - The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials.
855f6a62fabf7a179a8b160989b5ec076ecc95d33ec735409cbfd4728e4791c4Red Hat Security Advisory 2013-0124-01 - These packages provide various libraries and tools for the Simple Network Management Protocol. An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.
7db5cea03514a11a2e3507239f67447087ee5946e2cb7c6cfee0cc2a888aa85bRed Hat Security Advisory 2013-0123-01 - The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon created its process ID file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. Note: This issue did not affect the default configuration of OpenIPMI as shipped with Red Hat Enterprise Linux 5.
2deae90ed110e0a7cb728df733255c88da19161c8fc16e2a5df7248e8222da5aRed Hat Security Advisory 2013-0121-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030.
17e3f371b831fa444dc7ad24136681e62ffa7eaa676fa8fdb0919f28a0afef0aRed Hat Security Advisory 2013-0120-01 - The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. This issue was discovered by the Red Hat Security Response Team.
ff1177b7c46b6ab9f91637fc56f08e7978406a622b31ba0afe7cbff89c838ce7Red Hat Security Advisory 2013-0131-01 - The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language parser. Visiting a malicious DAV server with an application using gnome-vfs2 could possibly cause the application to consume an excessive amount of CPU and memory.
3c057a76e0d6c5aba4fb9501b417669da14d9d512290ed6a069391e767f2a71dRed Hat Security Advisory 2013-0135-01 - GIMP Toolkit is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+, would cause the application to crash. Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longer causes applications to terminate unexpectedly.
c7d0b4ff245144db10ab17c19de7e89a4bca0456399043cb6a127f249bb13e02Red Hat Security Advisory 2013-0130-01 - The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site.
9a4d4c53e357db7749607126ae10e03812924ef69f9c0937ef9101bcaa818a7fRed Hat Security Advisory 2013-0129-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. It was found that the RHSA-2011:0909 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted code to modify arbitrary, trusted strings, which safe level 4 restrictions would otherwise prevent.
4a55277a92d2dade3b633c2eeffa01ad800949b4e81e0fea84bee0fbc3123f94Red Hat Security Advisory 2013-0134-01 - FreeRADIUS is an open-source Remote Authentication Dial-In User Service server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied.
848f46811c7a202e3e0412d05ff40ab5c11f542e1a5cd15f8051c970c8c42ff8Red Hat Security Advisory 2013-0133-01 - Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals. It was found that the HP CUPS fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter.
864be0b816d50568e5b04e4c73ea75fc418852e134f046ee23a10c2d327277c9Red Hat Security Advisory 2013-0132-01 - The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, preventing future mount requests from being processed until the autofs service was restarted. Note: This flaw did not impact existing mounts.
720f57c83d08ed819b94959d4ed444c4544b0162da8e94337a1f83b3b313bd1eRed Hat Security Advisory 2013-0127-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device.
9eee3959c95b479db624b570b1152bc483e3961b19ad04e5ce300f1e240a5cc7Red Hat Security Advisory 2013-0122-01 - Tcl provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption.
097f731cac65ec29a8681b1f9b946d2651c2fd9851217bcbc377907f9baa8138Cisco RV120W and RV220W devices share some primes in RSA modules. It is possible to regenerate private key with ease using fast GCD (euklid based) operations on public key pairs.
c5ee7884053ac0d97a9b105491eac031feea368878fa48c7f1904e5791c2aac8MotoCMS versions 1.3.3 and below suffer from password file disclosure and shell upload vulnerabilities.
50ef5f1a3f0f908dddc8abdea740939f5d9baf76b7b62233a900f21d57fdd029
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed