all things security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2013-03-01

RSA Authentication Agent 7.1.1 Access Bypass
Posted Mar 1, 2013
Site emc.com

RSA Authentication Agent version 7.1.1 for Windows suffers from an issue where a user may incorrectly gain access to a desktop or a server.

tags | advisory
systems | windows
advisories | CVE-2013-0931
MD5 | 06ee648269efb6b844acc8ed0dc93ac2
Post XSS Exploitation: Advanced Attacks And Remedies
Posted Mar 1, 2013
Authored by Kritika Sobti, Adwiteeya Agrawal, Nishtha Jatana

This paper presents an in depth study of the dangers of XSS vulnerabilities and vulgarizes its exploitation, it also showcases the remedies of post XSS attacks that can be adopted as a safeguard. Further, they exploit a vulnerability and develop a novel module for one of the popular tools of post XSS exploitation. This module can be used to make a SIP (Session Initiation Protocol) call. It has been developed with the intention of being included into the new release of the XSSF framework.

tags | paper, vulnerability, protocol, xss
MD5 | f566a6ee700f1b9e44a6620f5e44f18a
Drupal Premium Responsive 7.x Cross Site Scripting
Posted Mar 1, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Premium Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | b22fea54f48704cf3cd35874a67ee4f8
Sami FTP Server 2.0.1 Buffer Overflow
Posted Mar 1, 2013
Authored by superkojiman

Sami FTP Server version 2.0.1 LIST command buffer overflow exploit.

tags | exploit, overflow
MD5 | c3b953862e6be8f6f2d79a656a2c6d1c
Hanso Player 2.1.0 Buffer Overflow
Posted Mar 1, 2013
Authored by metacom

Hanso Player version 2.1.0 suffers from a buffer overflow vulnerability when handling malformed .m3u files.

tags | exploit, overflow
MD5 | 19869a3f542b37b5f7e39adc500dce35
Packet Storm New Exploits For February, 2013
Posted Mar 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 157 exploits added to Packet Storm in February, 2013.

tags | exploit
systems | linux
MD5 | 84d49c28376372e86bda7e9cba45e4e2
Ubuntu Security Notice USN-1729-2
Posted Mar 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1729-2 - USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0772, CVE-2013-0765, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0781, CVE-2013-0782
MD5 | 5c1f3f329da34f96fac55fc54bd0c1ea
Oracle Auto Service Request File Clobber
Posted Mar 1, 2013
Authored by Larry W. Cashdollar

Oracle Auto Service Request insecure creates files in /tmp using time stamps allow for root-owned files to be clobbered.

tags | exploit, root
MD5 | 2ee0334d2428d64e181e9812d58f101a
ROOTCON 7 Call For Papers
Posted Mar 1, 2013
Site rootcon.org

The ROOTCON 7 Call For Papers has been announced. It will be held September 13th and 14th, 2013 at the Parklane International Hotel, Cebu City, Philippines.

tags | paper, conference
MD5 | ddbbfe2c3fbacbb8faf15335ec40ab8e
PHP-Fusion 7.02.05 XSS / LFI / SQL Injection
Posted Mar 1, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, php, vulnerability, xss, sql injection, file inclusion
MD5 | eadd12888d7ffd1ee998cbf595a1c10b
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Posted Mar 1, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager are vulnerable to SQL Injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0372
MD5 | bd17713179b0dd34a209b64aa4780fc2
Cisco Security Advisory 20130227-cucm
Posted Mar 1, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
MD5 | 98d28d9a4cdade2dbf648272c9efa7f4
Red Hat Security Advisory 2013-0581-01
Posted Mar 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0581-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-0338
MD5 | da960d5e678318f83440cc6a8d4e8bc1
Red Hat Security Advisory 2013-0579-01
Posted Mar 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0579-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges on the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3411, CVE-2012-4542, CVE-2013-0311
MD5 | 4980c3187cb75d04520e5ecacca4495c
Red Hat Security Advisory 2013-0578-01
Posted Mar 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0578-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support Add-On for Red Hat Enterprise Linux 5.6 will conclude on July 31, 2013. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat’s Global Support Services will no longer be provided for this Add-on. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.

tags | advisory
systems | linux, redhat
MD5 | bdc929915d28421a476a1f8692b5dee9
Simple Admin Page Finder For Recon-NG
Posted Mar 1, 2013
Authored by scryptz0

Simple Admin Page Finger is a module for the Recon-NG framework. It is considered a discovery module. It checks the hosts for possible administrator pages and administrative directories.

tags | tool
systems | unix
MD5 | 565f19ad514b44d8550c2de88f770aa6
SecureCRT Insecure Password Storage
Posted Mar 1, 2013
Authored by Raffaele Addesso

SecureCRT versions 7.0.3 and below suffer from an insecure password storage vulnerability.

tags | advisory
MD5 | 2e54bd791498fd15ad9aa03a7ed8ca3b
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close