accept no compromises
Showing 1 - 25 of 610 RSS Feed

Files Date: 2013-02-01 to 2013-02-28

Cisco Security Advisory 20130227-hcs
Posted Feb 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of this vulnerability could interrupt the monitoring of voice services. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | b654275c7ac673b8f88943490f802023
Cisco Security Advisory 20130227-cups
Posted Feb 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | c2e6e112da98b99e3a17772fc7e31195
Ubuntu Security Notice USN-1753-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1753-1 - Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the "NameOwnerChanged" signal was received. A local attacker could possibly use this issue to escalate their privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-0292
MD5 | 1197404d9c9e7ee2412477f130912b03
Debian Security Advisory 2633-1
Posted Feb 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2633-1 - Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-1423
MD5 | 64e0d3526698f131f0a1e0840655222c
Debian Security Advisory 2634-1
Posted Feb 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2634-1 - Several vulnerabilities have been discovered in python-django, a high-level python web development framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665
MD5 | ec59d53a4cee74e8933db14c4354a884
Drupal Creative Theme 7.x Cross Site Scripting
Posted Feb 27, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Creative Theme third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 04cfb5b46aa08c50889359355b388cfc
Drupal Fresh Theme 7.x Cross Site Scripting
Posted Feb 27, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Fresh Theme third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 8ffc66711f8bafd1e36eb4dc481cfd64
Joomla! 3.0.2 PHP Object Injection
Posted Feb 27, 2013
Authored by EgiX

Joomla! versions 3.0.2 and below suffer from a PHP object injection vulnerability in highlight.php.

tags | exploit, php
advisories | CVE-2013-1453, OSVDB-89852
MD5 | 9e2ca8e1398a948ecccc92626171da9e
Ubuntu Security Notice USN-1752-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1752-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2013-1619
MD5 | d2dd30465967af3c5d699031c18c8a54
Ubuntu Security Notice USN-1751-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1751-1 - Mathias Krause discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1763
MD5 | fb8dc1836462d211af1fc6812747e6f1
From Write To Root On AIX
Posted Feb 27, 2013
Authored by Silent Signal | Site silentsignal.hu

This whitepaper is the story of Silent Signal LLC sharing a case study on achieving remote user-level access on an AIX server.

tags | paper, remote
systems | aix
MD5 | 3de7de9039353f06768485d630f5dda2
WordPress Comment Rating 2.9.32 SQL Injection / Bypass
Posted Feb 27, 2013
Authored by ebanyu

WordPress Comment Rating plugin version 2.9.32 suffers from vote limitation bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
MD5 | cca508057d6477719b27ca2cb2a9a895
Story Of A Client-Side Attack
Posted Feb 27, 2013
Authored by Silent Signal | Site silentsignal.hu

This whitepaper is the story of Silent Signal LLC sharing an experience of performing a client-side attack.

tags | paper
MD5 | 1a69aa6d88a12136e917ea977b847011
Red Hat Security Advisory 2013-0570-01
Posted Feb 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0570-01 - Oracle Java SE 6 will no longer receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Red Hat Network channels will continue to be available after February 28, 2013.

tags | advisory, java
systems | linux, redhat
MD5 | 1b3e9c616921f7140fed70e18225f47c
Red Hat Security Advisory 2013-0569-01
Posted Feb 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0569-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | f1fa6ca3fbcdc196fa2c6137375aa6d8
Gambas /tmp Directory Hijack
Posted Feb 27, 2013
Authored by Larry W. Cashdollar

Gambas creates a directory in /tmp called gambas.UID where UID is the user id of the person running the software. Gambas does not check to see if a malicious user has already created that directory.

tags | exploit
MD5 | 256a033dd2a232057aae8893a9b8a634
Red Hat Security Advisory 2013-0567-01
Posted Feb 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0567-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0871
MD5 | 012cddc461348141987e78537673c9f6
Red Hat Security Advisory 2013-0568-01
Posted Feb 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0568-01 - dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-0292
MD5 | cad2f2a04c1f908669eccfe7f2ae5a89
Ubuntu Security Notice USN-1750-1
Posted Feb 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1750-1 - Brad Spengler discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1763
MD5 | fecb6e4ae88ad34664474e442ba6ab69
Mandriva Linux Security Advisory 2013-015
Posted Feb 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-015 - Multiple vulnerabilities has been found and corrected in apache. Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. XSS in mod_proxy_balancer manager interface. Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3499, CVE-2012-4558
MD5 | 08be885c276bc6f9ba3c7c9c55b25b91
Slackware Security Advisory - seamonkey Updates
Posted Feb 26, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | ddd7edabd19838a86f235b67232fb535
Debian Security Advisory 2632-1
Posted Feb 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2632-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0231, CVE-2013-0871
MD5 | 6cb530228f6616366bf467ed87a04a1c
Kernel Attacks Through User-Mode Callbacks
Posted Feb 26, 2013
Authored by Tarjei Mandt

In this paper, the author discusses the many challenges and problems concerning user-mode callbacks in win32k. In particular, they show how win32k's dependency on global locks in providing a thread-safe environment does not integrate well with the concept of user-mode callbacks. Although many vulnerabilities related to user-mode callbacks have been addressed, their complex nature suggests that more subtle flaws might still be present in win32k. Thus, in an effort to mitigate some of the more prevalent bug classes, they conclusively provide some suggestions as to how users may protect themselves against future kernel attacks.

tags | paper, kernel, vulnerability
MD5 | 3b48f7d98508f64ce2d0c173a3509b7e
Brewthology 0.1 SQL Injection
Posted Feb 26, 2013
Authored by cr4wl3r

Brewthology version 0.1 remote SQL injection exploit that dumps the user table and leverages beerxml.php.

tags | exploit, remote, php, sql injection
MD5 | 9ad2a97eebe256c251da3803aa889bfc
Ubuntu Security Notice USN-1749-1
Posted Feb 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1749-1 - Brad Spengler discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1763
MD5 | 8306b418e79f3a01b43a612048c99dfc
Page 1 of 25
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close