what you don't know can hurt you
Showing 1 - 25 of 27 RSS Feed

Files Date: 2013-03-07

RECON 2013 Call For Papers
Posted Mar 7, 2013
Authored by REC0N 2013 | Site recon.cx

The RECON 2013 Call For Papers has been announced. It will take place June 21st through June 23rd, 2013 in Montreal, Canada.

tags | paper, conference
SHA-256 | f7ee197b174393ea22dc99b77634b91853d20e1a25ac7adf99c9bf3cbf019785
DALIM Dialog Server 6.0 Local File Inclusion
Posted Mar 7, 2013
Authored by Digital Defense, r@b13$, 0x00string, Ryan Oliver | Site digitaldefense.net

The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file system. Version 6.0 is affected.

tags | advisory, remote, arbitrary, local, root, file inclusion
SHA-256 | dca9725360ef2d286f6870673bf57ab52e554f8c9c03ee26b0ef0a2ba420a63d
OpenFabrics ibutils 1.5.7 /tmp File Clobber
Posted Mar 7, 2013
Authored by Larry W. Cashdollar

The infiniband diagnostic utility handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. penFabrics ibutils version 1.5.7 is affected.

tags | exploit, root
SHA-256 | addeecc6e8b571ebf6c2a2c55fcbfb3fc70a6a2ae9876a01939f8d30d7439c9e
Qool CMS 2.0 RC2 Cross Site Request Forgery
Posted Mar 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

Qool CMS version 2.0 RC2 suffers from a cross site request forgery vulnerability. Proof of concept that adds a root user is included.

tags | exploit, root, proof of concept, csrf
SHA-256 | df7f55049a971ef823dd0bef1875ec4d75326b62c271f4d9059c3d28f00d83d2
Qool CMS 2.0 RC2 Cross Site Scripting
Posted Mar 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

Qool CMS version 2.0 RC2 suffers from multiple persistent cross site scripting vulnerabilities. The issues are triggered when input passed via several POST parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 7a132b264a9d44fa246e176d9c42b07057ab73d422cbae00499f843e866363c8
Verax NMS Password Disclosure
Posted Mar 7, 2013
Authored by Andrew Brooks

From within the Verax NMS Console, users can navigate to monitored devices and perform predefined actions (NMSAction), such as repairing tables on a MySQL database or restarting services. When these actions are initiated, the AMF response from the application leaks the plaintext connection details to the client and may do so over an unencrypted connection. This behavior would allow an unprivileged user to recover sensitive connection details for arbitrary services and applications. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2013-1631
SHA-256 | 66cf40d31f06bbe4131715e1741bd12a91006cb43cdcba0edc044553a2002b0f
Apache Commons FileUpload 1.2.2 Insecure /tmp Usage
Posted Mar 7, 2013
Authored by Hugo Vazquez Carames, Karl Dyszynski

Apache Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process, FileUpload may (depending on configuration) save the uploaded file temporarily on disk. By default this will be in the system wide tmp directory. Because the temporary files have predictable file names and are stored in a publicly writeable location they are vulnerable to a TOCTOU attack. Versions 1.0 through 1.2.2 are affected.

tags | advisory, web, file upload
advisories | CVE-2013-0248
SHA-256 | aef9320b83ebe6ba6979332985d9a5aff8a232ccdbb3dd487e7f6d3b242f6f7a
WordPress Events Manager 5.3.3 Cross Site Scripting
Posted Mar 7, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

WordPress Events Manager plugin version 5.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1407
SHA-256 | db435bd66d4bfbc7ffec99834ce77a006788a528cb7f0a458a162d9950413183
Verax NMS Hardcoded Private Key
Posted Mar 7, 2013
Authored by Andrew Brooks

In versions prior to 2.1.0 of VeraxNMS, the server-side component eadministratorconsole-core-1.5.2.jar, contains a method named decryptPassword(). This method provides the functionality to decrypt a user's password using an implementation of RSA. Within com.veraxsystems.eadministratorconsole.remote.service.impl, it has been discovered that decryptPassword() uses a static, hardcoded private key to facilitate this process. As a result, these passwords should be considered insecure due to the fact that recovering the private key is decidedly trivial.

tags | exploit, remote
advisories | CVE-2013-1352
SHA-256 | 55feaa6ff716167b15cd4b70dd26eae40f7ecebefd6e0d42d6e9cc2abd1cd56a
Technical Cyber Security Alert 2013-64A
Posted Mar 7, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-64A - Oracle Java 7 update 15, Java 6 update 41, Java 5.0 update 40, and earlier versions of Java contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

tags | advisory, java, remote, arbitrary
SHA-256 | c06c09fdf5cd916f2c422c147cc8f9c90623aa8da139d449657ff9f0de5c1024
Verax NMS Password Replay Attack
Posted Mar 7, 2013
Authored by Andrew Brooks

The primary client-side UI component of Verax NMS is a flash component named clientMain.swf. In addition to the Flash UI, Verax NMS uses AMF remoting for client/server communications. As part of the login process, when a user logs in to the application, two parameters (username and password) are passed to the authenticateUser operation, which is part of the userService destination. Before this information is sent to the server, the password is encrypted client-side using an implementation of RSA. Due to the fact that the private and public keys are hardcoded into clientMain.swf the encrypted password could be captured and replayed against the service by an attacker. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit
advisories | CVE-2013-1351
SHA-256 | 0dcca1a483ced42d83d569aae22ac2caf6fbd46bed94681be65657cb8bdfeb3e
Verax NMS Authentication Bypass
Posted Mar 7, 2013
Authored by Andrew Brooks

Verax NMS suffers from multiple authentication and authorization flaws which allow a remote attacker to add and delete users, change the passwords of other users, and access other critical application data. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit, remote, bypass
advisories | CVE-2013-1350
SHA-256 | bfe07f7dcb227f3f168a3a1502d38842ae3975b1fe2cfa6cf4d8fe0fd153f2ab
CosCms 1.721 Command Injection
Posted Mar 7, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

CosCms version 1.721 suffers from a remote OS command injection vulnerability.

tags | exploit, remote
advisories | CVE-2013-1668
SHA-256 | b83962858cb884a13286e3438465370a0d25ea688a8bcb94307840b37366334a
Mandriva Linux Security Advisory 2013-018
Posted Mar 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-018 - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | bf5ab5e72a351205b935141e568c6333cdff26e500e2d5c8d2254663a10fe424
Ubuntu Security Notice USN-1756-1
Posted Mar 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1756-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, memory leak
systems | linux, ubuntu
advisories | CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
SHA-256 | d9c80d06dbf44f9cec8aad3aefc9de07c8b1e5d6a621b1483f49a3b8c2988ce9
Red Hat Security Advisory 2013-0604-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0604-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | fcd9969a38c85228f7ca9170261f28e98703f293a9d058a6d777b3bd4614528a
Red Hat Security Advisory 2013-0603-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0603-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 9277b9f954bbf26ebfd21be9bbb223309fcabd745ba6239e42466b4ce3619d74
Red Hat Security Advisory 2013-0602-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0602-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 006689926e05cd513152e32213025ecfe6d53e1e946057df17e9c53131bc1a0f
Red Hat Security Advisory 2013-0605-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0605-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | bd6fda8b783af23447ab7dce72a23af050b31847850dc60e49d2d16016daf7ee
Red Hat Security Advisory 2013-0601-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0601-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 43. All running instances of Oracle Java must be restarted for the update to take effect.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | cd5621dfa11a423f7e2dd0bc78bcbbebd77d20d8de7879e5ff7541d5e0807d1d
Red Hat Security Advisory 2013-0565-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0565-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4462
SHA-256 | 72e964cafd202614a5493c1a31adb662ef4ef9c04af6a3247f3ee737557b528e
Red Hat Security Advisory 2013-0599-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0599-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | 31d8e98927550d76b3d7d6cb471fa6adae45d950328f01261814a3f1063aa443
Red Hat Security Advisory 2013-0562-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0562-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2012-4446, CVE-2012-4458, CVE-2012-4459
SHA-256 | bda9c6a271d769a010347533e803ec6a7aeb62bebc173d55af925053aaa72a7d
Red Hat Security Advisory 2013-0566-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0566-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2012-2375, CVE-2012-4530, CVE-2013-1772, CVE-2013-1773
SHA-256 | a9dbb06b95adcc1214de8dcbbb7ca159f7a1029864b69e7390cb529d08ac8433
Red Hat Security Advisory 2013-0564-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0564-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4462
SHA-256 | 16a9d9750bbb0db9d1c5cbd4d5a8a00a116273c5dcad030ceb87a7f080575de3
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close