the original cloud security
Showing 1 - 25 of 35 RSS Feed

Files Date: 2013-02-22

SAP J2EE Core Service Arbitrary File Access
Posted Feb 22, 2013
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - By exploiting an arbitrary file access vulnerability in the SAP J2EE Core Services, a remote unauthenticated attacker may be able to compromise the entire ERP system.

tags | advisory, remote, arbitrary
MD5 | e1fd7e635e176bce799bc3889400bc73
Abusing, Exploiting, And Pwning With Firefox Add-Ons
Posted Feb 22, 2013
Authored by Ajin Abraham

This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.

tags | paper
MD5 | b89cfaf1ecf68081c8b9cd981e067659
SAP Enterprise Portal Cross Site Scripting
Posted Feb 22, 2013
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.

tags | advisory
MD5 | f21c0fd588c3c3e6de43249511b857ca
Oracle Enterprise Manager Segment Advisor URL Redirection
Posted Feb 22, 2013
Authored by Qinglin Jiang | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks to trick legitimate users to visit malicious sites without realizing it. The affected link and parameter are /em/console/database/xdb/XDBResource and cancelURL. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, arbitrary
advisories | CVE-2012-3219
MD5 | 869d4e4625a5f6c7bfbea9dc0af27018
Ruby Parser 2.0.4 Insecure File Creation
Posted Feb 22, 2013
Authored by Michael Scherer

Ruby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.

tags | advisory, denial of service, ruby
advisories | CVE-2013-0162
MD5 | cc82f7908fd25da5bf86a12880516f5f
Oracle Enterprise Manager Streams Queue SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0373
MD5 | a4d5f9be647091e83238c727780531ae
Nagios NRPE 2.13 Code Execution
Posted Feb 22, 2013
Authored by Rudolph Pereira | Site occamsec.com

Nagios NRPE versions 2.13 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2013-1362
MD5 | 4bb88c7ff6804d3843fb52e6d7d06bc9
Oracle Enterprise Manager SCPLBL_COLLECTED SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0353
MD5 | 797c84ce05ba270d3864a0ef83dc78e9
Oracle Enterprise Manager dBClone SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0374
MD5 | 89bf7d1270831f578edfebc65d7cc8f6
SAP SDM Denial Of Service
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce, Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.

tags | advisory, denial of service
MD5 | 81264124fb915a0bf5718671139c00f1
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, sql injection
advisories | CVE-2013-0372
MD5 | c72e97c74ef4419cb68cdf98e5db1bd0
Oracle Enterprise Manager HTTP Response Splitting
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web
advisories | CVE-2013-0354
MD5 | 9388cdd4aa6b1596bd6089c72e1b5935
SAP Portal PDC Information Disclosure
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.

tags | advisory
MD5 | 4d262d37dfa5719ad9f94c1b5bf45046
Oracle Database GeoRaster API Overflow
Posted Feb 22, 2013
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.

tags | advisory, overflow
advisories | CVE-2012-3220
MD5 | 1b9cfd8ead75e8554fb10baac48dbdb8
Oracle Enterprise Manager XDBResource cancelURL XSS
Posted Feb 22, 2013
Authored by Qinglin Jiang | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control XML Database Resources page is vulnerable to a cross site scripting vulnerability. An attacker may inject malicious code into the web application and trick a legitimate user into executing it by various methods. Affected versions include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, xss
advisories | CVE-2013-0352
MD5 | a98fbf64b2f23341ab19238dfd37619b
Samsung Galaxy S3 Screen-Lock Bypass
Posted Feb 22, 2013
Authored by MTI Technology | Site mti.com

The Samsung Galaxy S3 w/ Android version 4.1.2 suffers from a bypass vulnerability due to S-Voice allowing the launch of any command even when the screen is locked.

tags | exploit, bypass
MD5 | 6bce91884ef328c823750cdc5df417c1
Ubuntu Security Notice USN-1743-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1743-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | 0fbc6c3f55e364628e4bdc372f487efb
Ubuntu Security Notice USN-1742-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1742-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | e5783a805958ee2fde28418f4a2d4f66
Ubuntu Security Notice USN-1741-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1741-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | 66cde302894c23409d3fa489db85e8b3
Ubuntu Security Notice USN-1740-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1740-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | dc7bd7f6a0cb44b7f13f5e8161febbff
Ubuntu Security Notice USN-1739-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1739-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | 432f4b12e4adc9aead33381b5bd86d54
Ubuntu Security Notice USN-1738-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1738-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | db630c9e5e55a022a8df29ddaa5e092a
Ubuntu Security Notice USN-1737-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1737-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | ce63db4cea36eb6a6ebf04920adae403
Ubuntu Security Notice USN-1745-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1745-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | 13fd3dfed6609f2e7ace2e3923d7ffa6
Ubuntu Security Notice USN-1744-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1744-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | 92edabb0974778cbf4fc7ca11844bf59
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close