all things security
Showing 1 - 25 of 50 RSS Feed

Files Date: 2013-02-05

Java SE Proof Of Concept Code
Posted Feb 5, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This is an archive that houses all of the proof of concept code for the issues affecting Java SE as reported in SE-2012-01 by Security Explorations.

tags | exploit, java, proof of concept
advisories | CVE-2013-0437, CVE-2013-1478, CVE-2013-1480
MD5 | 05a7af67fb9b562752b593c67444f0cf
Ubuntu Security Notice USN-1681-4
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-4 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743
MD5 | 88e20f768e73b7ce2d647e7689013813
Linksys E1500 / E2500 CSRF / XSS / Command Execution / Traversal
Posted Feb 5, 2013
Authored by Michael Messner

Linksys models E1500 and E2500 suffer from cross site request forgery, cross site scripting, OS command injection, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, csrf
MD5 | eb664edb76d34b840f5c9d05328b85a0
HP Security Bulletin HPSBST02846 SSRT100798
Posted Feb 5, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02846 SSRT100798 - Potential security vulnerabilities have been identified with HP LeftHand Virtual SAN Appliance hydra. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-3282, CVE-2012-3283, CVE-2012-3284, CVE-2012-3285
MD5 | f766e3dc54cf6de3f46422a38d3cd39e
Mandriva Linux Security Advisory 2013-007
Posted Feb 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-007 - This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612, CVE-2013-0367, CVE-2013-0368, CVE-2013-0371, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0386, CVE-2013-0389
MD5 | 991c29b710a8a2c1e2ef8e9f97032a71
ezStats For Battlefield 3 0.91 XSS / Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats for Battlefield 3 version 0.91 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 501a0ed72e5e93a2da6d06a473fc899a
ezStats2 For Playstation Network 1.10 Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats2 for Playstation Network version 1.10 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 074e99f91c176d198b593f1c8eae4abb
ezStats2 Serverviewer 0.62 Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats2 Serverviewer version 0.62 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 26cd93d0349531e04a4eabc29f7beade
ezStats2 For Medal Of Honor Warfighter 1.0 Local File Inclusion
Posted Feb 5, 2013
Authored by L0n3ly-H34rT

ezStats2 for Medal of Honor Warfighter version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | e08e60b02783629779ad81c44bb80d49
Lorex LNC116 / LNC104 IP Camera Authentication Bypass
Posted Feb 5, 2013
Authored by Jason Doyle

Lorex LNC116 and LNC104 IP cameras only perform basic authentication on the main login page. If you perform direct browsing to any other interface, you are not forcibly authenticated.

tags | exploit, bypass
advisories | CVE-2012-6451
MD5 | 8516f41e66bb389fb3102aa1507a5473
Netzob 0.4.1
Posted Feb 5, 2013
Site netzob.org

Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).

Changes: While the previous release introduced a large amount of changes, this one focuses on stability, UI, and model export towards Wireshark and Peach Fuzzer. Thanks to the new plugin mechanism, that was introduced in the previous release, some great features such as Wireshark and Peach exporters are now available as plugins, allowing you to dissect and fuzz proprietary protocols with well-known tools. It also added some new dialogs for configuring the workspace and projects, and to manage imported traces.
tags | tool, web, tcp, protocol
systems | unix
MD5 | 775f72c9ba33a0d6a067e5c15bd5ee9c
Cisco Unity Express Cross Site Request Forgery / Cross Site Scripting
Posted Feb 5, 2013
Authored by Jacob Holcomb

Cisco Unity suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
systems | cisco
advisories | CVE-2013-1120, CVE-2013-1114
MD5 | f1b1eb62f1596c97b04fccc0ad93a756
Ubuntu Security Notice USN-1715-1
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1715-1 - Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0247
MD5 | bf12460d0ed0cde6788d00ad57ce4798
Red Hat Security Advisory 2013-0223-01
Posted Feb 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0223-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-4398, CVE-2012-4461, CVE-2012-4530
MD5 | 7854394b7fa8ca6444bf727612d10d8b
Ubuntu Security Notice USN-1714-1
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1714-1 - It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0241
MD5 | 9dc33d63285924588bfa12399055e555
Apple Security Advisory 2013-02-04-1
Posted Feb 5, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-02-04-1 - OS X Server version 2.2.1 is now available and addresses security issues in Profile Manager and Wiki Server.

tags | advisory
systems | apple, osx
advisories | CVE-2013-0156, CVE-2013-0333
MD5 | f306d81ce72f8e75d78a9e7ac8c2be30
Hiverr 2.2 Shell Upload / SQL Injection
Posted Feb 5, 2013
Authored by xStarCode

Hiverr version 2.2 suffers from remote shell upload, information disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, info disclosure
MD5 | 6522a9554ff5cf6f68a95664ca0a9b77
Oracle Auto Service Request File Clobber
Posted Feb 5, 2013
Authored by Larry W. Cashdollar

Oracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.

tags | exploit, denial of service, root
systems | solaris
MD5 | 06643f98c448505c0fa13200056fd7a8
Sony Playstation Vita Addressbar Spoofing
Posted Feb 5, 2013
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.com

The Sony Playstation Vita browser that is in firmware version 2.05 suffers from an addressbar spoofing vulnerability.

tags | exploit, spoof
MD5 | e808128a3a872d8a5391f04aeff21f03
DataLife Engine 9.7 Session Fixation
Posted Feb 5, 2013
Authored by Timur Yunusov | Site ptsecurity.com

DataLife Engine versions 9.7 and below appear to suffer from a session fixation vulnerability.

tags | exploit
MD5 | d02a13ac49de990626d5ad6dc6f508c6
Lucky Thirteen: Breaking The TLS And DTLS Record Protocols
Posted Feb 5, 2013
Authored by Kenneth G. Paterson, Nadhem J. AlFardan

The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto secure protocol of choice for Internet and mobile applications. DTLS is a variant of TLS that is growing in importance. In this paper, the authors present distinguishing and plaintext recovery attacks against TLS and DTLS. The attacks are based on a delicate timing analysis of decryption processing in the two protocols. The authors include experimental results demonstrating the feasibility of the attacks in realistic network environments for several different implementations of TLS and DTLS, including the leading OpenSSL implementations. The authors provide countermeasures for the attacks. Finally, they discuss the wider implications of their attacks for the cryptographic design used by TLS and DTLS.

tags | paper, protocol
MD5 | 437c89de7f4b642a834928fa3cc8f1e9
Opera SVG Use-After-Free
Posted Feb 5, 2013
Authored by cons0ul

Opera appears to suffer from a SVG use-after-free vulnerability.

tags | exploit
MD5 | cbbb74252d89252e686124b608b45e71
Secunia Security Advisory 52043
Posted Feb 5, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | 636d29a8e74baacdaaf1c3860975ccdd
Secunia Security Advisory 52084
Posted Feb 5, 2013
Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

MD5 | 43dbb5d04b8d6522adba58974cde7be8
Secunia Security Advisory 52084
Posted Feb 5, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, local, vulnerability
systems | linux, redhat
MD5 | 43dbb5d04b8d6522adba58974cde7be8
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close