ignore security and it'll go away
Showing 1 - 25 of 735 RSS Feed

Files Date: 2013-01-01 to 2013-01-31

OATH Toolkit 2.0.2
Posted Jan 30, 2013
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Base32 decoding of keys is now more liberal in what it accepts. If the password in usersfile is "+", it ignores the supplied password. This release fixes the expiry date of some certificates used in the test suite.
tags | tool
systems | unix
MD5 | 35232dfcaf0e77377f926d561fe5086d
Buffalo TeraStation TS-Series Command Execution
Posted Jan 30, 2013
Authored by Andrea Fabrizi

Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 1844ebbca7c70be3247d2690c41e1a22
D-Link DCS Cameras Authentication Bypass / Command Execution
Posted Jan 30, 2013
Authored by Roberto Paleari

D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration.

tags | exploit, remote, vulnerability, bypass, info disclosure
MD5 | 642656ca4ec5d96fced2505285154136
Apple Security Advisory 2013-01-28-2
Posted Jan 30, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-01-28-2 - Apple TV 5.2 is now available and addresses multiple security vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2012-2619, CVE-2013-0964
MD5 | 0b0bf4a1c6eacfd86e5730012cc63f6c
Apple Security Advisory 2013-01-28-1
Posted Jan 30, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-01-28-1 - iOS 6.1 Software Update is now available and addresses multiple security vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple
advisories | CVE-2011-3058, CVE-2012-2619, CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0963, CVE-2013-0964, CVE-2013-0968, CVE-2013-0974
MD5 | f96481a362e9759e3b3b96ff7cf1a958
Cisco Security Advisory 20130129-upnp
Posted Jan 30, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) devices contain a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol (SSDP) requests.

tags | advisory, overflow, protocol
systems | cisco
MD5 | f35a6f964ddb201d9627cff36272c7b0
360-FAAR Firewall Analysis Audit And Repair 0.3.8
Posted Jan 30, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds Cisco ASA 8.3+ object NAT to the cisco reader section for static and dynamic NAT statements within object definitions. Network objects, ranges and IPs are translated - groups are not presently translated. Various other updates and changes.
tags | tool, perl
systems | unix
MD5 | ede77b6d5b65042b03dbf686a81c1e63
Ubuntu Security Notice USN-1708-1
Posted Jan 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1708-1 - Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4423, CVE-2013-0170, CVE-2012-4423, CVE-2013-0170
MD5 | 6dddb26bd8d491a8a6a771a124c9dcbf
Red Hat Security Advisory 2013-0203-01
Posted Jan 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0203-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Support provides support and utility classes used by the Ruby on Rails framework. A flaw was found in the way Active Support performed the parsing of JSON requests by translating them to YAML. A remote attacker could use this flaw to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created JSON request.

tags | advisory, remote, web, arbitrary, sql injection, ruby
systems | linux, redhat
advisories | CVE-2013-0333
MD5 | 68ba3811826c10e005b63dfe51f3e2c3
Ubuntu Security Notice USN-1710-1
Posted Jan 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1710-1 - Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator's Swift credentials for a misconfigured or otherwise unusable Swift endpoint.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-0212
MD5 | d3af4264538c7bb776d4995b09d73cc8
Ubuntu Security Notice USN-1709-1
Posted Jan 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1709-1 - Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0208
MD5 | 9dcde471e9ecc466847cab17524b6ae0
Distributed Access Control System 1.4.28a
Posted Jan 30, 2013
Site dacs.dss.ca

DACS is a light-weight single sign-on and role-based access control system providing flexible, modular authentication methods and powerful, transparent rule-based authorization checking for Web services, CGI programs, or virtually any program.

Changes: This release improves support for Apache 2.4, corrects many problems with dacs.quick(7), and fixes a variety of minor bugs.
tags | tool, web, cgi
systems | linux, unix
MD5 | 4d2308592bf0e96247de8624ff8f2a47
EMC AlphaStor Buffer Overflow
Posted Jan 30, 2013
Authored by Aniway | Site emc.com

A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code. EMC AlphaStor version 4.0 prior to build 814 is affected.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2013-0930
MD5 | ff96a235df4515bfa6d8815144ed11b8
Encode Shellcode 0.1b
Posted Jan 30, 2013
Authored by Melih Sarica

This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.

tags | tool, overflow, x86, shellcode
systems | unix
MD5 | fa5a054c8d0566e0622848404c70ca72
Elgg Twitter Widget Cross Site Scripting
Posted Jan 30, 2013
Authored by Moritz Naumann

Elgg versions 1.8.12 and 1.7.16 suffer from a cross site scripting vulnerability in the Twitter Widget module.

tags | advisory, xss
MD5 | b2c930d84be809cac3711d054fcd91b8
DataLife Engine 9.7 PHP Code Injection
Posted Jan 29, 2013
Authored by EgiX | Site karmainsecurity.com

DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.

tags | exploit, php
advisories | CVE-2013-1412
MD5 | f3566f00eb931f00709a388593af300f
PFsense UTM Platform 2.0.1 XSS / CSRF
Posted Jan 29, 2013
Authored by Dimitris Strevinas

PFsense UTM Platform version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 8d065c06d359f38b0740a398bfa11e6a
Apple QuickTime Player 7.7.3 Out Of Bounds
Posted Jan 29, 2013
Authored by Debasish Mandal

Apple QuickTime Player Windows version 7.7.3 suffers from an out of bounds read vulnerability.

tags | exploit
systems | windows, apple
MD5 | 41eca8b72543bfc14e33ba42cb3da7b0
Ruby on Rails JSON Processor YAML Deserialization Code Execution
Posted Jan 29, 2013
Authored by egypt, lian, jjarmoc | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156. This Metasploit module has been tested successfully on RoR 3.0.9, 3.0.19, and 2.3.15. The technique used by this module requires the target to be running a fairly recent version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.

tags | exploit, remote, code execution, ruby
advisories | CVE-2013-0333
MD5 | a94c8b488a79ce550781a982eed5d4a2
Adobe Reader XI Heap Overflow
Posted Jan 29, 2013
Authored by Nisso Kalim

Adobe Reader XI versions 11.x suffers from a heap overflow vulnerability.

tags | advisory, overflow
MD5 | 3e5afa36b4cc53e2d31c9f1299427e96
Secunia Security Advisory 51938
Posted Jan 29, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, ruby
MD5 | eec7e0bd3bc57a042e9e295468c4b30d
Secunia Security Advisory 51993
Posted Jan 29, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | fdd6b31d51fbb657755e8ac0faa43ee5
Secunia Security Advisory 52004
Posted Jan 29, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Apple has acknowledged a vulnerability in Apple TV, which can be exploited by malicious people to compromise a user's device.

tags | advisory
systems | apple
MD5 | d0a3c3d9d865c11797662e5ff21e39e1
Secunia Security Advisory 52002
Posted Jan 29, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.

tags | advisory, vulnerability, xss
systems | cisco, apple
MD5 | 8d3f7b94b2b8ef79feca32126390dd54
Secunia Security Advisory 51975
Posted Jan 29, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
MD5 | 3c874c3d0cec7e31f9c4b69befdda028
Page 1 of 30
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close