what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-02-28

Red Hat Security Advisory 2013-0580-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0580-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges.

tags | advisory, web, arbitrary, root
systems | linux, redhat, unix
advisories | CVE-2012-5519
SHA-256 | bce351916224e0505a2617c15adea50d8775860585e7344c9149974fbf8e9b78
Airvana HubBub C1-600-RT Cross Site Scripting
Posted Feb 28, 2013
Authored by Scott Behrens

The Airvana Airrave router version 2.5 suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2270
SHA-256 | 8a8c8f4eaacfa94b50ca1148811eda804a4aecd70d923ea5ba83e689fbad47cc
Red Hat Security Advisory 2013-0577-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0577-01 - In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.

tags | advisory
systems | linux, redhat, windows
SHA-256 | ff86c4162020df1aa88b4eb05f17211bfa624d09c13741078a990347f3d95d95
Red Hat Security Advisory 2013-0582-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162
SHA-256 | e0e1bc67708c3a5e17e015a956f1679d743300e35ddbcad23b6ada0623037f7a
Piwigo 2.4.6 Cross Site Request Forgery / Traversal
Posted Feb 28, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Piwigo version 2.4.5 suffers from cross site request forgery and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
advisories | CVE-2013-1468, CVE-2013-1469
SHA-256 | fa7caef3d71bf542944197ba1254ae80793c996f818ebada67016b53bda20be2
Geeklog 1.8.2 Cross Site Scripting
Posted Feb 28, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Geeklog version 1.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1470
SHA-256 | 65069d7d58e534e690dddae77b00805e002a5382694fcd1b33220b7f7858f6b3
D-Link DIR-645 Authentication Bypass
Posted Feb 28, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from a direct access authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | dcf3e8cc9b88697715721a2cb01e45776ca2a0185c8282b483cd16f4d102e436
Ubuntu Security Notice USN-1732-2
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-2 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0169
SHA-256 | 2367bcc3d45834f284f828f0ff2c01105eb0f564e86bef545dbb3c3941c12cd7
3rd Annual 44CON Call For Papers
Posted Feb 28, 2013
Site cfp.44con.com

The 3rd annual 44CON Call For Papers has been announced. It will be held in London, England from September 12th through the 13th, 2013 at the Millennium Conference Centre.

tags | paper, conference
SHA-256 | 5672680524ab4a6f3125c67284c32baab75a2a64701c99df2a2f670aaf544548
Mandriva Linux Security Advisory 2013-016
Posted Feb 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-016 - PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter. The updated packages have been upgraded to the 5.3.22 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.22.

tags | advisory, remote, web, arbitrary, php
systems | linux, mandriva
advisories | CVE-2013-1635, CVE-2013-1643
SHA-256 | ff41515449363984942b65ae249ef44b40b554b1cc2d8893434bac83e5ccb454
Ubuntu Security Notice USN-1754-1
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1754-1 - Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1775
SHA-256 | b6eaa9e4310775a7d2276b521831c90680ecfb4422746e497b6bdd6750cabed1
Fileutils Ruby Gem Remote Command Execution
Posted Feb 28, 2013
Authored by Larry W. Cashdollar

The Fileutils Ruby gem suffers from possible remote command execution due to a lack of passing unsanitized user input to CutyCapt for execution. It also suffers from insecure file handling in /tmp.

tags | exploit, remote, ruby
SHA-256 | 9effb3c69c98b3176ca1adde2524ed4a2a4b6bee7a62e010054f819e6d60b521
Drupal Clean 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Clean third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 15d448bacc7444411853aac2edf318169657e316a7a1008de137cecab32ab9be
Drupal Company Theme 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Company third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 90ea9c99a37232f836aab987a7229ef571b95b070ace7b2351d834d7dedf6e62
Red Hat Security Advisory 2013-0574-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0574-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. A specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0504, CVE-2013-0643, CVE-2013-0648
SHA-256 | 3068f801979182c4215252624e687c0792782b46ba969047634ac893c90aa475
PHEARCON Call For Papers
Posted Feb 28, 2013
Authored by PHEARCON CFP

PHEARCON is a hacking conference based in Milwaukee Wisconsin with the goal of bringing hackers together under one roof to learn, hack, and party. It will take place October 12th, 2013 in Milwaukee, Wisconsin.

tags | paper, conference
SHA-256 | 93f2d1424cf3fb9e7fb725c5b03461e46994d812817c4b7d51f1a7126be1e5e7
Drupal Professional 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Professional third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | b39c547e17e7326ee10140e93fc734025e4d2a6737630f8a2edb60017b562b72
Drupal Best Responsive 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Best Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 11150be6bc04decd2f2848292fe922025e09f8c537f2e3e0b5a54b77f1461507
Attacking Xerox's Multifunction Printers Patch Process
Posted Feb 28, 2013
Authored by Deral Heiland | Site foofus.net

Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.

tags | paper, root
SHA-256 | 3688be93b27c1a23060fa014deca9150f7f3ac8484e3acd5427b36fec7c66906
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close