accept no compromises
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-19

Verizon Fios Router MI424WR-GEN3I CSRF
Posted Mar 19, 2013
Authored by Jacob Holcomb

Verizon Fios Router version MI424WR-GEN3I suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2013-0126
MD5 | dba363b9015e4ad023da78fa6947ae3a
Mozilla Firefox nsHTMLEditRules Use-After-Free
Posted Mar 19, 2013
Authored by Nicolas Joly, Chaouki Bekrar, VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the XUL "nsHTMLEditRules::nsHTMLEditRules()" function when processing certain objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0787
MD5 | 27fb8bbd84648b8c2ce27c263b7ca54d
WordPress Count Per Day 3.2.5 XSS
Posted Mar 19, 2013
Authored by m3tamantra

WordPress Count Per Day third party plugin version 3.2.5 suffers from a cross site scripting vulnerability due to trusting REFERER headers.

tags | exploit, xss
MD5 | 4be45576c464111a9fd12f7c7b5c6c69
WordPress Occasions 1.0.4 Cross Site Request Forgery
Posted Mar 19, 2013
Authored by m3tamantra

WordPress Occasions third party plugin version 1.0.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | e8891d4fe6c1eb40d8e5f0fbe6642355
Cisco Type 4 Passwords Issue
Posted Mar 19, 2013
Authored by Cisco Systems | Site cisco.com

This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT on March 12, 2013.

tags | advisory
systems | cisco, osx
MD5 | 536640b966689934b5a0108bad55d231
ViewGit 0.0.6 Cross Site Scripting
Posted Mar 19, 2013
Authored by Matthew R. Bucci

ViewGit version 0.0.6 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-2294
MD5 | 32e9092cd9ce7512bb4294222235bf65
Mandriva Linux Security Advisory 2013-028
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-028 - Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long host_name variable svc_description variable. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2012-6096
MD5 | 4f519e37ebeacbf841da154d997df39c
Mandriva Linux Security Advisory 2013-027
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-027 - ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these issues.

tags | advisory
systems | linux, mandriva
MD5 | 9b3582c1b52ce9229287fbbfbb78e26e
Mandriva Linux Security Advisory 2013-026
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-026 - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-1775, CVE-2013-1776
MD5 | a2e5e049f9aee6ec6abd63797bac8dd4
Ubuntu Security Notice USN-1767-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1767-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774
MD5 | b4722f2bde05c5e4fd7583d00fd3895f
Red Hat Security Advisory 2013-0656-01
Posted Mar 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0656-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an issuer and serial number, which of the KDC's possibly-many certificates the client has in its possession, as a hint to the KDC that it should use the corresponding key to sign its response. If that specification was malformed, the KDC could attempt to dereference a NULL pointer and crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-1016, CVE-2013-1415
MD5 | 62e1fd128526616e8a3f497c0205e64b
Ubuntu Security Notice USN-1766-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1766-1 - Zbigniew Tenerowicz and Sebastian Krzyszkowiak discovered that pam-xdg-support incorrectly handled the PATH environment variable. A local attacker could use this issue in combination with sudo to possibly escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1052
MD5 | ff4b5e1c2d6dddb751ddad5bf4c92f8e
Ubuntu Security Notice USN-1769-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1769-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349
MD5 | 621ad23418a09c1a5104ab8026ffc2de
Ubuntu Security Notice USN-1768-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1768-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349
MD5 | fbd60687abd2426f74b9a753d71dcf16
Ubuntu Security Notice USN-1765-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1765-1 - Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that the mod_proxy_ajp module incorrectly handled error states. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-4557, CVE-2013-1048, CVE-2012-3499, CVE-2012-4557, CVE-2012-4558, CVE-2013-1048
MD5 | 9997afe0ab77a4e6d3cda364571639a2
PayPal Chinese Web Application Information Disclosure
Posted Mar 19, 2013
Site vulnerability-lab.com

An information disclosure vulnerability existed in the official Chinese PayPal web service.

tags | exploit, web, info disclosure
MD5 | c8537b84718e625473cd08281d064a3a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close