what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 58 RSS Feed

Files Date: 2013-02-13

Security Notice For CA ControlMinder
Posted Feb 13, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
SHA-256 | c191161ea9ede921182bd50c60a26d485e8a24e091a255c3ef2ebc60b2e63446
.NET Framework EncoderParameter Integer Overflow
Posted Feb 13, 2013
Authored by Yorick Koster | Site metasploit.com

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, user-supplied buffers are copied into the new buffer, resulting in a corruption of the heap. By exploiting this vulnerability, it is possible for an application running with Partial Trust permissions to break from the CLR sandbox and run arbitrary code with Full Trust permissions.

tags | exploit, overflow, arbitrary
SHA-256 | 06f18bdcf7bab4db2000ea8c23e48d5c1532aafa073d2ac911c6d0ee597b446d
Microsoft Internet Explorer 8 Use-After-Free
Posted Feb 13, 2013
Authored by sgb | Site security-assessment.com

A use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. Microsoft patch MS13-009 addresses this issue.

tags | advisory, arbitrary
SHA-256 | c1ad970003b5ea6035cc3a1a86aced80abab4e373de1b2a7289fd2a3864add83
OpenPLI OS Command Execution / Cross Site Scripting
Posted Feb 13, 2013
Authored by Michael Messner

OpenPLI Dream Multimedia Box suffers from cross site scripting and remote OS command injection vulnerabilities.

tags | exploit, remote, vulnerability, xss
SHA-256 | f5d4feb4ba89383043e9c71ed9f5ca9c4929fef7a2cf63360283140f9e11618c
Sparx Systems Enterprise Architect 9.3.931 Corporate Password Disclosure
Posted Feb 13, 2013
Authored by Holm Diening

Sparx Systems Enterprise Architect version 9.3.931 stores user passwords in the database simply XORed with the ASCII code of 'E17030402158' instead of using a generally accepted hash function.

tags | exploit, info disclosure
SHA-256 | c25188d280eb3f8571477e0523b4354dac7099bf2f4c645c9420dac26b66858f
Red Hat Security Advisory 2013-0258-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0258-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
SHA-256 | 04410d96ff1d32b82b47d504f3cc5171c985e1e8ef8e336e454398e39401a957
Debian Security Advisory 2621-1
Posted Feb 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2621-1 - Multiple vulnerabilities have been found in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 2edf157c157d9f2e572bdf6653f44a0fe8f8a2c7e27d71ebfe74465d6160240d
Debian Security Advisory 2622-1
Posted Feb 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2622-1 - Multiple vulnerabilities have been found in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-0169, CVE-2013-1621, CVE-2013-1622
SHA-256 | 7c11e7c98219b8e7ba457443970b43654e7b8453e02ee38225e2316ed94e4071
Red Hat Security Advisory 2013-0257-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0257-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
SHA-256 | be53be0f556dd930dafbdebb8b08373c757d78c0133f128efdbd4adbb9645905
Red Hat Security Advisory 2013-0256-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0256-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
SHA-256 | 678ab9dbbcb936cf1bfca6304f76cf1b58cc75648b30083c7836c93dfdbfacaa
Red Hat Security Advisory 2013-0259-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0259-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
SHA-256 | 47c0a07b3a6b713521b8402fef31c1c499f16cb20b59298e0654cbbdb287a606
Drupal Banckle Chat 7.x Access Bypass
Posted Feb 13, 2013
Authored by Lau Futtrup Rasmussen, Wale Adesanya | Site drupal.org

Drupal Banckle Chat third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | bff9a92f8b6bcf88813a360153c424f6c871c38ca11ea207289581e5923cfc89
Drupal Manager Change For Organic Groups 7.x Cross Site Scripting
Posted Feb 13, 2013
Authored by Michael Hess | Site drupal.org

Drupal Manager Change for Organic Groups third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 1092203a418caa6f70f7b5d2b789a9c8f69de7004971b311f03f4d0d3a2df1a6
OpenEMR 4.1.1 Shell Upload
Posted Feb 13, 2013
Authored by LiquidWorm | Site zeroscience.mk

OpenEMR version 4.1.1 suffers from an arbitrary file upload vulnerability in ofc_upload_image.php. Included is an exploit that triggers a reverse shell.

tags | exploit, arbitrary, shell, php, file upload
SHA-256 | d0a9864906a133104e4d3b529af97354bc0bafe48d8e3362a233ef4042d769e6
AbanteCart 1.1.3 Cross Site Scripting
Posted Feb 13, 2013
Authored by LiquidWorm | Site zeroscience.mk

AbanteCart version 1.1.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f6cdec7ff54047b5f14ed33f5fce580b3c8203a334dd3c08bdb68641eda3d703
Mandriva Linux Security Advisory 2013-011
Posted Feb 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-011 - The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a IFRAME element. Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2013-0213, CVE-2013-0214
SHA-256 | 04551ea4e33268b80799dc1dcc4a13f0bb1553ea182fdf91b72deab12d5c99c1
Technical Cyber Security Alert 2013-43A
Posted Feb 13, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-43A - Select Adobe software products contain multiple vulnerabilities. Adobe has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 0a249f2f23218606962ae575beb72ae001352c76e4e4878e1c6d360ad27ac71a
Technical Cyber Security Alert 2013-43B
Posted Feb 13, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-43B - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 1d8d26ac8d61f11bc3673cf39db2aed67e6818fc5aec2e445bbfe01467cbb13b
Ubuntu Security Notice USN-1722-1
Posted Feb 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1722-1 - It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting (XSS) issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-4969
SHA-256 | 106782304f990444673e6bb329c02af2561cc5b570da23fbd18188eaa6631308
Red Hat Security Advisory 2013-0254-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0254-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0637, CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374
SHA-256 | 155347183f176720e8f26f85a71774c79c4ca8ce9ef38ef83facfaa9be09858e
Secunia Security Advisory 52194
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | cisco
SHA-256 | 34e57e4150b39ca715f4764e2aa44960081d44211de9824638ca038204b6b611
Secunia Security Advisory 52014
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Myo Soe has discovered a security issue in Huawei Mobile Partner, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 5ef2103a5491a2f66e7ee99ef059410fd5cfe8c84ddefe91ebb609f16929fdc4
Secunia Security Advisory 52010
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in EMC AlphaStor, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | d5a4c2c145a5272e271722ae19c0cddefd0d2903800eb804cde8ec8c1df94170
Secunia Security Advisory 52133
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Microsoft has acknowledged multiple vulnerabilities in Microsoft Exchange Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | de1b1a7cb5aa3c9a4ce65769d8ca6ab1bcd17b7e2554cb2cca62b369daa125e1
Secunia Security Advisory 52149
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.

tags | advisory, vulnerability, sql injection, ruby
systems | linux, suse
SHA-256 | 003b99916635d79ac2ea5f23728b08b511d8e360e3c4a3d88e65b94f4d4e96bc
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close