Twenty Year Anniversary
Showing 1 - 25 of 58 RSS Feed

Files Date: 2013-02-13

Security Notice For CA ControlMinder
Posted Feb 13, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
MD5 | 2df3dc3c9fdf0b40da80c8eb93d91be1
.NET Framework EncoderParameter Integer Overflow
Posted Feb 13, 2013
Authored by Yorick Koster | Site metasploit.com

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, user-supplied buffers are copied into the new buffer, resulting in a corruption of the heap. By exploiting this vulnerability, it is possible for an application running with Partial Trust permissions to break from the CLR sandbox and run arbitrary code with Full Trust permissions.

tags | exploit, overflow, arbitrary
MD5 | c14074119c58e1c7dd968c1278373c99
Microsoft Internet Explorer 8 Use-After-Free
Posted Feb 13, 2013
Authored by sgb | Site security-assessment.com

A use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. Microsoft patch MS13-009 addresses this issue.

tags | advisory, arbitrary
MD5 | 3f4da0215cb4f5a0147255a1950a3030
OpenPLI OS Command Execution / Cross Site Scripting
Posted Feb 13, 2013
Authored by Michael Messner

OpenPLI Dream Multimedia Box suffers from cross site scripting and remote OS command injection vulnerabilities.

tags | exploit, remote, vulnerability, xss
MD5 | 00cc20272314ecfab59e708ae907c817
Sparx Systems Enterprise Architect 9.3.931 Corporate Password Disclosure
Posted Feb 13, 2013
Authored by Holm Diening

Sparx Systems Enterprise Architect version 9.3.931 stores user passwords in the database simply XORed with the ASCII code of 'E17030402158' instead of using a generally accepted hash function.

tags | exploit, info disclosure
MD5 | 7eb544610bca661aa5a556fc183dc35f
Red Hat Security Advisory 2013-0258-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0258-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | 22a6fbd8eb19daae90be879c16909525
Debian Security Advisory 2621-1
Posted Feb 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2621-1 - Multiple vulnerabilities have been found in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-0166, CVE-2013-0169
MD5 | f3ecc59af079c464299af416322dc4f1
Debian Security Advisory 2622-1
Posted Feb 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2622-1 - Multiple vulnerabilities have been found in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-0169, CVE-2013-1621, CVE-2013-1622
MD5 | bd1c832cb52b80b08564fb4a54566e77
Red Hat Security Advisory 2013-0257-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0257-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | 163fea2e485fadca861df43056024779
Red Hat Security Advisory 2013-0256-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0256-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | 48cf6f4c19366343cab2d6e91922b00e
Red Hat Security Advisory 2013-0259-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0259-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | ac347192f004e323ae0a5d90b41f3906
Drupal Banckle Chat 7.x Access Bypass
Posted Feb 13, 2013
Authored by Lau Futtrup Rasmussen, Wale Adesanya | Site drupal.org

Drupal Banckle Chat third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 5ae327b3853851a477e66a6e8876c11f
Drupal Manager Change For Organic Groups 7.x Cross Site Scripting
Posted Feb 13, 2013
Authored by Michael Hess | Site drupal.org

Drupal Manager Change for Organic Groups third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 5e7ec454ec2be9efda524c9dcf3b0822
OpenEMR 4.1.1 Shell Upload
Posted Feb 13, 2013
Authored by LiquidWorm | Site zeroscience.mk

OpenEMR version 4.1.1 suffers from an arbitrary file upload vulnerability in ofc_upload_image.php. Included is an exploit that triggers a reverse shell.

tags | exploit, arbitrary, shell, php, file upload
MD5 | 8cdeee15077a4e302c0d3ab4d82ca80a
AbanteCart 1.1.3 Cross Site Scripting
Posted Feb 13, 2013
Authored by LiquidWorm | Site zeroscience.mk

AbanteCart version 1.1.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2cec177e3400b03036c76fddf5705b5e
Mandriva Linux Security Advisory 2013-011
Posted Feb 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-011 - The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a IFRAME element. Cross-site request forgery vulnerability in the Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2013-0213, CVE-2013-0214
MD5 | 1bf075c83151d2b9f90b88d0bd6c2353
Technical Cyber Security Alert 2013-43A
Posted Feb 13, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-43A - Select Adobe software products contain multiple vulnerabilities. Adobe has released updates to address these vulnerabilities.

tags | advisory, vulnerability
MD5 | 082e068cd72ee8a4b32e944014aff439
Technical Cyber Security Alert 2013-43B
Posted Feb 13, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-43B - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
MD5 | 25653596053d2730786d61fb361bfef1
Ubuntu Security Notice USN-1722-1
Posted Feb 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1722-1 - It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting (XSS) issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-4969
MD5 | b39111b0d4eba1c8c9d7bbf4274ff2b8
Red Hat Security Advisory 2013-0254-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0254-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0637, CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374
MD5 | 549dba5e96467004a1f61f1953bb9414
Secunia Security Advisory 52194
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | cisco
MD5 | 91dc5a76bb0b2195c39f8e0b539fe837
Secunia Security Advisory 52014
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Myo Soe has discovered a security issue in Huawei Mobile Partner, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | df4efb91c764cf01005f3358248f265d
Secunia Security Advisory 52010
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in EMC AlphaStor, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 115c7dd22aae9c24c755ffc7115f3802
Secunia Security Advisory 52133
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Microsoft has acknowledged multiple vulnerabilities in Microsoft Exchange Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
MD5 | a73fddee425c0bc808b263ef6c3e7782
Secunia Security Advisory 52149
Posted Feb 13, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.

tags | advisory, vulnerability, sql injection, ruby
systems | linux, suse
MD5 | af5b0f07ec2a6d842e8acf44de26b42b
Page 1 of 3
Back123Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close