accept no compromises
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-03-04

HP Intelligent Management Center 5.1 E0202 Cross Site Scripting
Posted Mar 4, 2013
Authored by Julien Ahrens | Site security.inshell.net

HP Intelligent Management Center version 5.1 E0202 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5af28e58e0479a28d37440aac8831a83
Slackware Security Advisory - httpd Updates
Posted Mar 4, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2012-3499,CVE-2012-4558.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-3499, CVE-2012-4558
MD5 | f2ef8c3ca8cab3231b4d626cb70d8bde
Tinc Virtual Private Network Daemon 1.0.20
Posted Mar 4, 2013
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release improves the default device selection on FreeBSD and NetBSD when using switch mode. PMTU discovery is now also applied to VLAN-tagged traffic. The LocalDiscovery option now makes use of all addresses tinc is bound to. The PriorityInheritance option now also works with switch mode. A crash when using a SOCKS5 proxy has been fixed. There are minor improvements and clarifications in the documentation, support for tunemu on iOS devices is fixed, and tinc can now be cross-compiled with Android's NDK.
tags | tool, encryption
systems | unix
MD5 | 001277e0ccd7ca29f7fa4039774ad611
Foscam Firmware 11.37.2.48 Path Traversal
Posted Mar 4, 2013
Authored by Frederic Basse

Foscam firmware versions 11.37.2.48 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2013-2560
MD5 | 1c056ee2a592dfe3b337f21441e8a442
Kaspersky Internet Security 2013 Denial Of Service
Posted Mar 4, 2013
Authored by van Hauser

A fragmented IPv6 packet can freeze a system that has Kaspersky Internet Security 2013 installed.

tags | exploit, denial of service
MD5 | 3fb47f8a707e5787ad319c0f85fa0666
Red Hat Security Advisory 2013-0588-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0588-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-1619
MD5 | 6d4d517fbc1f4d5bdd9aa471e18f6e1c
Red Hat Security Advisory 2013-0587-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0587-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2013-0166, CVE-2013-0169
MD5 | 1267aad3a2846b9905245b92447e8580
Flash Tool 0.6.0 Remote Code Execution
Posted Mar 4, 2013
Authored by Larry W. Cashdollar

Ruby Gem Flash Tool version 0.6.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution, ruby
MD5 | 2386af62580bfe35897ffe6ea0c7b57b
Red Hat Security Advisory 2013-0586-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0586-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-5629
MD5 | 6307e55885393a69deb57fdf94be53f0
Oracle Java SE 7 Update 15 Issues
Posted Mar 4, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.

tags | advisory
MD5 | 4c92abd477c3c1d4a5c3516c817f655e
Nconf 1.3 SQL Injection / Cross Site Scripting
Posted Mar 4, 2013
Authored by Saadat Ullah

Nconf version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | b5744d2998242019de2a271fa69b2537
Raspberry Pi Firmware Updater File Clobber
Posted Mar 4, 2013
Authored by Technion

Raspberry Pi firmware updater suffers from a /tmp/file clobber vulnerability and also fails to offer a secure means to update the system.

tags | exploit
MD5 | 4c1e5da08e778dd0b65bcc9f35a9322a
Common Name Grabber Script
Posted Mar 4, 2013
Authored by nitr0us

This is a simple perl script that will scan a given IP range and extract the Common Name from all SSL certificates. It is useful for discovery during penetration tests.

tags | tool, perl
systems | unix
MD5 | f2b32e2272f7bc44a7767e3c9a8a06d6
WordPress Counter Per Day 3.2.3 Path Disclosure
Posted Mar 4, 2013
Authored by alejandr0.m0f0

WordPress Counter Per Day plugin versions 3.2.3 and below suffer from denial of service and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
MD5 | 5e4e26f35bd23a3d1022ec9ebbb28aa0
WordPress Caulk Path Disclosure
Posted Mar 4, 2013
Authored by Rafay Baloch

WordPress Caulk theme suffers from a path disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 1e06c94b7a82b375aaf451015d3ef3a4
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close