accept no compromises
Showing 1 - 25 of 27 RSS Feed

Files Date: 2013-03-07

RECON 2013 Call For Papers
Posted Mar 7, 2013
Authored by REC0N 2013 | Site recon.cx

The RECON 2013 Call For Papers has been announced. It will take place June 21st through June 23rd, 2013 in Montreal, Canada.

tags | paper, conference
MD5 | 5a7e87b1f2f1085fc1c1c653dbb4f774
DALIM Dialog Server 6.0 Local File Inclusion
Posted Mar 7, 2013
Authored by Digital Defense, r@b13$, 0x00string, Ryan Oliver | Site digitaldefense.net

The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file system. Version 6.0 is affected.

tags | advisory, remote, arbitrary, local, root, file inclusion
MD5 | 4950d055adfb0d31e7d8dad0d79b3a53
OpenFabrics ibutils 1.5.7 /tmp File Clobber
Posted Mar 7, 2013
Authored by Larry W. Cashdollar

The infiniband diagnostic utility handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. penFabrics ibutils version 1.5.7 is affected.

tags | exploit, root
MD5 | e8cb82b4bd97fd5f59d56cbef4a15156
Qool CMS 2.0 RC2 Cross Site Request Forgery
Posted Mar 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

Qool CMS version 2.0 RC2 suffers from a cross site request forgery vulnerability. Proof of concept that adds a root user is included.

tags | exploit, root, proof of concept, csrf
MD5 | 3bbf5cbffb33a80710db591b5a5c76fb
Qool CMS 2.0 RC2 Cross Site Scripting
Posted Mar 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

Qool CMS version 2.0 RC2 suffers from multiple persistent cross site scripting vulnerabilities. The issues are triggered when input passed via several POST parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, vulnerability, xss
MD5 | e573d4bfbb53230e273957c9f3ed6dd3
Verax NMS Password Disclosure
Posted Mar 7, 2013
Authored by Andrew Brooks

From within the Verax NMS Console, users can navigate to monitored devices and perform predefined actions (NMSAction), such as repairing tables on a MySQL database or restarting services. When these actions are initiated, the AMF response from the application leaks the plaintext connection details to the client and may do so over an unencrypted connection. This behavior would allow an unprivileged user to recover sensitive connection details for arbitrary services and applications. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2013-1631
MD5 | 9a44b1713c62f6e602a177799b472ce5
Apache Commons FileUpload 1.2.2 Insecure /tmp Usage
Posted Mar 7, 2013
Authored by Hugo Vazquez Carames, Karl Dyszynski

Apache Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process, FileUpload may (depending on configuration) save the uploaded file temporarily on disk. By default this will be in the system wide tmp directory. Because the temporary files have predictable file names and are stored in a publicly writeable location they are vulnerable to a TOCTOU attack. Versions 1.0 through 1.2.2 are affected.

tags | advisory, web, file upload
advisories | CVE-2013-0248
MD5 | 0cd2871866f08902b6cfde0ac80e6f0d
WordPress Events Manager 5.3.3 Cross Site Scripting
Posted Mar 7, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

WordPress Events Manager plugin version 5.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1407
MD5 | 3d9e5d89c9646c9672ed567d5b80ef11
Verax NMS Hardcoded Private Key
Posted Mar 7, 2013
Authored by Andrew Brooks

In versions prior to 2.1.0 of VeraxNMS, the server-side component eadministratorconsole-core-1.5.2.jar, contains a method named decryptPassword(). This method provides the functionality to decrypt a user's password using an implementation of RSA. Within com.veraxsystems.eadministratorconsole.remote.service.impl, it has been discovered that decryptPassword() uses a static, hardcoded private key to facilitate this process. As a result, these passwords should be considered insecure due to the fact that recovering the private key is decidedly trivial.

tags | exploit, remote
advisories | CVE-2013-1352
MD5 | 2b48c0afe36d33916e7967968c5dae7d
Technical Cyber Security Alert 2013-64A
Posted Mar 7, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-64A - Oracle Java 7 update 15, Java 6 update 41, Java 5.0 update 40, and earlier versions of Java contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

tags | advisory, java, remote, arbitrary
MD5 | 14c2c2f2dfe2d54a4af659b2d65aa744
Verax NMS Password Replay Attack
Posted Mar 7, 2013
Authored by Andrew Brooks

The primary client-side UI component of Verax NMS is a flash component named clientMain.swf. In addition to the Flash UI, Verax NMS uses AMF remoting for client/server communications. As part of the login process, when a user logs in to the application, two parameters (username and password) are passed to the authenticateUser operation, which is part of the userService destination. Before this information is sent to the server, the password is encrypted client-side using an implementation of RSA. Due to the fact that the private and public keys are hardcoded into clientMain.swf the encrypted password could be captured and replayed against the service by an attacker. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit
advisories | CVE-2013-1351
MD5 | b2dcde78d28326efc85549e3aee63984
Verax NMS Authentication Bypass
Posted Mar 7, 2013
Authored by Andrew Brooks

Verax NMS suffers from multiple authentication and authorization flaws which allow a remote attacker to add and delete users, change the passwords of other users, and access other critical application data. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit, remote, bypass
advisories | CVE-2013-1350
MD5 | 84ba9340e4eb32c67dac51b3d2776daf
CosCms 1.721 Command Injection
Posted Mar 7, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

CosCms version 1.721 suffers from a remote OS command injection vulnerability.

tags | exploit, remote
advisories | CVE-2013-1668
MD5 | 0220e05b5fb8b139bd768b5a2034dff2
Mandriva Linux Security Advisory 2013-018
Posted Mar 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-018 - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2013-0166, CVE-2013-0169
MD5 | b08b7ae1aadd78001bc042b7ceec263f
Ubuntu Security Notice USN-1756-1
Posted Mar 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1756-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, memory leak
systems | linux, ubuntu
advisories | CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
MD5 | 76f0c9df3c89b3fe3d8bc62fe88a91c9
Red Hat Security Advisory 2013-0604-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0604-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
MD5 | 9e5241c4082891a84d3749af499b3e98
Red Hat Security Advisory 2013-0603-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0603-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
MD5 | 24dcbf20739735af8ab95626ceabb423
Red Hat Security Advisory 2013-0602-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0602-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
MD5 | de7107a92d69cae93c7036de296e8824
Red Hat Security Advisory 2013-0605-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0605-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
MD5 | 52839207454d57cdfdd8d1e9a17d0901
Red Hat Security Advisory 2013-0601-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0601-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 43. All running instances of Oracle Java must be restarted for the update to take effect.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
MD5 | 1599b2b75b77f13363dd6e03e868097f
Red Hat Security Advisory 2013-0565-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0565-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4462
MD5 | ea712079e509b7666f50b6c1ebc16ef1
Red Hat Security Advisory 2013-0599-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0599-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | 2a41530a4acf33cbff02138b0f6b6e63
Red Hat Security Advisory 2013-0562-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0562-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2012-4446, CVE-2012-4458, CVE-2012-4459
MD5 | 276b394d81e648e0e10942232b1fc7cc
Red Hat Security Advisory 2013-0566-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0566-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2012-2375, CVE-2012-4530, CVE-2013-1772, CVE-2013-1773
MD5 | e141b91ac14947440648c4cac3c5c22c
Red Hat Security Advisory 2013-0564-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0564-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4462
MD5 | f354dffdbaa1bedc4bb055fda3bebb18
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close