what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-03-04

HP Intelligent Management Center 5.1 E0202 Cross Site Scripting
Posted Mar 4, 2013
Authored by Julien Ahrens | Site security.inshell.net

HP Intelligent Management Center version 5.1 E0202 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7911d915326d86bec4aa7bcdd5bae2ad5bd871c1220a20f5aee4f992e29eaf0d
Slackware Security Advisory - httpd Updates
Posted Mar 4, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2012-3499,CVE-2012-4558.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-3499, CVE-2012-4558
SHA-256 | dd59a4f7ba10a11eeca1e12b9a3e363e4c2d7963af753dcc7be29703e80f10d2
Tinc Virtual Private Network Daemon 1.0.20
Posted Mar 4, 2013
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release improves the default device selection on FreeBSD and NetBSD when using switch mode. PMTU discovery is now also applied to VLAN-tagged traffic. The LocalDiscovery option now makes use of all addresses tinc is bound to. The PriorityInheritance option now also works with switch mode. A crash when using a SOCKS5 proxy has been fixed. There are minor improvements and clarifications in the documentation, support for tunemu on iOS devices is fixed, and tinc can now be cross-compiled with Android's NDK.
tags | tool, encryption
systems | unix
SHA-256 | 62230cdfcb9c3218df0be53b2e3a268a595d28b25dcb1ba190d25db91ae3d132
Foscam Firmware 11.37.2.48 Path Traversal
Posted Mar 4, 2013
Authored by Frederic Basse

Foscam firmware versions 11.37.2.48 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2013-2560
SHA-256 | f4b1e390527c41627c9ae62096dda28d0459032a9ad0352cc420e905ed2f7d23
Kaspersky Internet Security 2013 Denial Of Service
Posted Mar 4, 2013
Authored by van Hauser

A fragmented IPv6 packet can freeze a system that has Kaspersky Internet Security 2013 installed.

tags | exploit, denial of service
SHA-256 | 2c06b8ddd32d00aa76afa2977acfd5a8cd06463b52895f16801d4092746487b5
Red Hat Security Advisory 2013-0588-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0588-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-1619
SHA-256 | 37d86548a429bf2c433d2ed8df8b7f37463bdad93888243b9f793768fba79b40
Red Hat Security Advisory 2013-0587-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0587-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2013-0166, CVE-2013-0169
SHA-256 | b7d903807077f42489738c10fa1a2c73c8a13a97971c0e95a3061b959469a1d6
Flash Tool 0.6.0 Remote Code Execution
Posted Mar 4, 2013
Authored by Larry W. Cashdollar

Ruby Gem Flash Tool version 0.6.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution, ruby
SHA-256 | eabb60c3855ec8b85847261cb4d2c326b3edd6845b673b873d28fd6cd3d5fc58
Red Hat Security Advisory 2013-0586-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0586-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-5629
SHA-256 | 7e21979349010c735492afb3417266ca14442dd1f1f4f56ac3bae29bda8b9242
Oracle Java SE 7 Update 15 Issues
Posted Mar 4, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.

tags | advisory
SHA-256 | 62b15c41647306908f09a62162b45a2e5e879905919342200f2385c369e80460
Nconf 1.3 SQL Injection / Cross Site Scripting
Posted Mar 4, 2013
Authored by Saadat Ullah

Nconf version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 9f1bddc9948e13d42f84de9b6750e6e9ab80eec811aaf47155b3253dbed2c57b
Raspberry Pi Firmware Updater File Clobber
Posted Mar 4, 2013
Authored by Technion

Raspberry Pi firmware updater suffers from a /tmp/file clobber vulnerability and also fails to offer a secure means to update the system.

tags | exploit
SHA-256 | 8ae9e75ba7ef9fa85acaf5cb66e9b8df15d576eed17c890be91b11f0dfa9146e
Common Name Grabber Script
Posted Mar 4, 2013
Authored by nitr0us

This is a simple perl script that will scan a given IP range and extract the Common Name from all SSL certificates. It is useful for discovery during penetration tests.

tags | tool, perl
systems | unix
SHA-256 | 8bee3b0c0b06ba802a3816adb1b076af310701d747f2d5b5a2c0056512339dd9
WordPress Counter Per Day 3.2.3 Path Disclosure
Posted Mar 4, 2013
Authored by alejandr0.m0f0

WordPress Counter Per Day plugin versions 3.2.3 and below suffer from denial of service and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
SHA-256 | f39c172e060702ed0dcfe1201fe6f0b86c45bdc5cc2ba8c854e93dfe294c2ea4
WordPress Caulk Path Disclosure
Posted Mar 4, 2013
Authored by Rafay Baloch

WordPress Caulk theme suffers from a path disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 5bb291bc52e07e39d0bf262920b79fe90169e0ccde330097ce186083296ab508
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close