accept no compromises
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-02-28

Red Hat Security Advisory 2013-0580-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0580-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges.

tags | advisory, web, arbitrary, root
systems | linux, redhat, unix
advisories | CVE-2012-5519
MD5 | bf648581b4b83d21ae2b013ee0e991f5
Airvana HubBub C1-600-RT Cross Site Scripting
Posted Feb 28, 2013
Authored by Scott Behrens

The Airvana Airrave router version 2.5 suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2270
MD5 | 490b802295c66944961c4d1fe20a76c9
Red Hat Security Advisory 2013-0577-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0577-01 - In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.

tags | advisory
systems | linux, redhat, windows
MD5 | 42bef1f6cce104224d5640cc8019ad5d
Red Hat Security Advisory 2013-0582-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162
MD5 | 719c5cded5fcfb6c3ff7f725bfff0228
Piwigo 2.4.6 Cross Site Request Forgery / Traversal
Posted Feb 28, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Piwigo version 2.4.5 suffers from cross site request forgery and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
advisories | CVE-2013-1468, CVE-2013-1469
MD5 | b1935590941c1e53c6ac425376599150
Geeklog 1.8.2 Cross Site Scripting
Posted Feb 28, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Geeklog version 1.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1470
MD5 | a350c891f1392831f81fe229e6dbadb2
D-Link DIR-645 Authentication Bypass
Posted Feb 28, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from a direct access authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d7b5095d749258932d4e7f5c6ea41d4d
Ubuntu Security Notice USN-1732-2
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-2 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0169
MD5 | 67e010cfecf21a6e2196f106c8536117
3rd Annual 44CON Call For Papers
Posted Feb 28, 2013
Site cfp.44con.com

The 3rd annual 44CON Call For Papers has been announced. It will be held in London, England from September 12th through the 13th, 2013 at the Millennium Conference Centre.

tags | paper, conference
MD5 | a4add9e9e4f7fc370db43e4476f69729
Mandriva Linux Security Advisory 2013-016
Posted Feb 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-016 - PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter. The updated packages have been upgraded to the 5.3.22 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.22.

tags | advisory, remote, web, arbitrary, php
systems | linux, mandriva
advisories | CVE-2013-1635, CVE-2013-1643
MD5 | 1c1539e7ef7a6c642a3752891f38667f
Ubuntu Security Notice USN-1754-1
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1754-1 - Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1775
MD5 | 4193e1a3602621cb1b67b6c0ed5ea93f
Fileutils Ruby Gem Remote Command Execution
Posted Feb 28, 2013
Authored by Larry W. Cashdollar

The Fileutils Ruby gem suffers from possible remote command execution due to a lack of passing unsanitized user input to CutyCapt for execution. It also suffers from insecure file handling in /tmp.

tags | exploit, remote, ruby
MD5 | 99646c474c4e02422426633db0fadaa0
Drupal Clean 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Clean third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 315d22cd80990ffb4910e5bbfdfa6c40
Drupal Company Theme 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Company third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 0f031401cf583e2b6b15e8f4286d0f59
Red Hat Security Advisory 2013-0574-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0574-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. A specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0504, CVE-2013-0643, CVE-2013-0648
MD5 | e7f3deae8aaeb5c5c04f5dcf8a0772f0
PHEARCON Call For Papers
Posted Feb 28, 2013
Authored by PHEARCON CFP

PHEARCON is a hacking conference based in Milwaukee Wisconsin with the goal of bringing hackers together under one roof to learn, hack, and party. It will take place October 12th, 2013 in Milwaukee, Wisconsin.

tags | paper, conference
MD5 | e5e982ba69bdc179fe75863691f2ed23
Drupal Professional 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Professional third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 998f70cb943793dfb9369965a0efe93e
Drupal Best Responsive 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Best Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | a401cddff474407b0a64a26dbd60c3ed
Attacking Xerox's Multifunction Printers Patch Process
Posted Feb 28, 2013
Authored by Deral Heiland | Site foofus.net

Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.

tags | paper, root
MD5 | ddb960cfe93ae7e0b9dd7cda29c3a455
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close