accept no compromises
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-12

Apache Rave User Exposure
Posted Mar 12, 2013
Authored by Andreas Guth

Apache Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to authenticated users, but will return all User objects in the database given the correct query. Versions 0.11 through 0.20 are affected.

tags | exploit
advisories | CVE-2013-1814
MD5 | 4dbfcca87ce8220e66ed5c082f47d38d
Red Hat Security Advisory 2013-0642-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0642-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
MD5 | eaabb0e1b7ba582fec84ea0e56edcaf9
Red Hat Security Advisory 2013-0641-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0641-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
MD5 | 815e5fd264c82a337084d10123cc94a2
Red Hat Security Advisory 2013-0638-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0638-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory traversal attack by passing malformed requests. A timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-0262, CVE-2013-0263, CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330, CVE-2013-0331
MD5 | a9d4725b866277146af66da7ecfb1758
Red Hat Security Advisory 2013-0640-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0640-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | bb02a59db9579ba79a35a51d45b6f366
Red Hat Security Advisory 2013-0639-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0639-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | d82076eb1ec08e28e6f8be4526fdfdb0
Red Hat Security Advisory 2013-0630-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0630-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the xen_iret() function in the Linux kernel used the DS register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0228, CVE-2013-0268
MD5 | efac28bcc10f135ebd19ca74e770608c
ChronIC RF Hacking Tool
Posted Mar 12, 2013
Authored by Adam Laurie

ChronIC is the Chronos Integrated Commander, a wearable Sub-GHz RF hacking tool. Written in python.

tags | tool, python, wireless
MD5 | 1a579d76ba3e98006daa14b5fbcaffcf
OpenSSL-Based Signcode Utility 1.5.1
Posted Mar 12, 2013
Authored by mfive | Site sourceforge.net

OpenSSL-based signcode utility is used for Authenticode signing of EXE/CAB files. It also supports timestamping.

Changes: This release added support for signing MSI files. The correct PE checksum is now calculated instead of setting it to 0. Support for RFC3161 timestamping was added (-ts option) along with support for extracting, removing, and verifying signatures of PE files. A problem with not being able to decode timestamps with no newlines was fixed. Support for reading keys from PVK files was added (requires OpenSSL 1.0.0 or later). Certificates can now be read from PEM files. The -spc option was renamed to -certs (the old option name is still valid).
tags | tool, encryption
systems | unix
MD5 | d86cdc02bb060a4cc924c2f000c84999
Web Cookbook SQL Injection
Posted Mar 12, 2013
Authored by Saadat Ullah

Web Cookbook suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | 228578aa1e87f60d7bddcf5200eedec7
TagScanner 5.1 Buffer Overflow
Posted Mar 12, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Yandex xdLab TagScanner version 5.1 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | f7d365bfdd53a487a3d2b6454a84eb2a
PayPal Portable Store Front Cross Site Scripting
Posted Mar 12, 2013
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

The PayPal Portable Store Front widget suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 66786969052867b64ad14e88484bb349
Microsoft Security Bulletin Summary For March, 2013
Posted Mar 12, 2013
Site microsoft.com

This bulletin summary lists 7 released Microsoft security bulletins for March, 2013.

tags | advisory
MD5 | c6271a47ac2dd8d1c1838533206b97a0
Microsoft Security Bulletin Re-Release For March, 2013
Posted Mar 12, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for March, 2013.

tags | advisory
MD5 | dc160d9b300de3f10220a0dc1b906d21
ASUS RT-N66U Hidden Share
Posted Mar 12, 2013
Authored by Sec

The ASUS RT-N66U suffers from a hidden root$ Samba share and a MiniUPnP listening on the WAN interface. It also has an out of date kernel and multiple old libraries in use.

tags | advisory, kernel, root
MD5 | 98bb1f6fbf65dd2f156960f8290a17bc
Cam2pc 4.6.2 Integer Overflow
Posted Mar 12, 2013
Authored by coolkaveh

Cam2pc version 4.6.2 Freeware suffers from a BMP image processing integer overflow vulnerability.

tags | exploit, overflow
systems | linux
MD5 | 609991296b73c93ddd09230c25648b43
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close