accept no compromises
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-03-25

Red Hat Security Advisory 2013-0681-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0681-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
MD5 | 7b43a70c7839a4fa3bf669603796b5a5
Red Hat Security Advisory 2013-0680-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0680-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
MD5 | 9b3c2fb661bb1776118660042d968403
Red Hat Security Advisory 2013-0679-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0679-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
MD5 | 9a9a826531da2632572935744018905a
LinkedIn Investors Cross Site Scripting
Posted Mar 25, 2013
Authored by Eduardo Garcia Melia

The LinkedIn Investors site suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2df6aed972da31dba4e0e7f13b2a1018
LinkedIn Cross Site Request Forgery
Posted Mar 25, 2013
Authored by Vicente Aguilera Diaz

LinkedIn suffers from a cross site request forgery vulnerability in the "Add Connections" invitation functionality.

tags | exploit, csrf
MD5 | 3598a14ed8bd8fecb48cb125a5aca283
Slackware Security Advisory - php Updates
Posted Mar 25, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1635,CVE-2013-1643.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-1635, CVE-2013-1643
MD5 | 92be7eacf6b0d634b25370cc20f27110
LiquidXML Studio 2012 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2012 active-x insecure method executable file creation exploit.

tags | exploit, activex
MD5 | 8481a1111059e71512f4a866d43e0218
LiquidXML Studio 2010 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2010 active-x insecure method executable file creation exploit.

tags | exploit, activex
MD5 | de59a2c491a2cad4f76688d832403f75
Mitsubishi MX Component Active-X Code Execution
Posted Mar 25, 2013
Authored by Dr_IDE

Mitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.

tags | exploit, remote, shell, activex
MD5 | e7ca83c4de0fa9f98a40525df59be727
Mobius Forensic Toolkit 0.5.17
Posted Mar 25, 2013
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: This release adds support for physical device's datasources. Minor improvements were made. Bugs were fixed.
tags | tool, python, forensics
systems | unix
MD5 | 5c21fa0d7106dd3bbca6011fd7c620a2
WordPress Mathjax Latex 1.1 Cross Site Request Forgery
Posted Mar 25, 2013
Authored by Junaid Hussain

WordPress Mathjax Latex version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 1089176abd2757275e7d829d029c6d96
Ubuntu Security Notice USN-1779-1
Posted Mar 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1779-1 - It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0240, CVE-2013-1799
MD5 | 3140e21c384544cf04d997c814c9b5e7
Ubuntu Security Notice USN-1732-3
Posted Mar 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-3 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0169, CVE-2013-0169
MD5 | 0a738fb3465025960b4bc6a4d88bdffd
WP Banners Lite 1.40 Cross Site Scripting
Posted Mar 25, 2013
Authored by Zerial

WordPress Banners Lite third party plugin versions 1.40, 1.31, and 1.29 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 823f2f1406c18376306d50e898ea6969
360-FAAR Firewall Analysis Audit And Repair 0.4.0
Posted Mar 25, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release changes the command line options and permits you to process as many configs as you choose. All code has been refactored into subroutines. Three new modes have been added: 'load' mode allows you to load new config bundles into an already running instance of 360-FAAR, 'copylog' mode associates a log file from one config with another loaded or new config, 'help' mode prints info about all of the other modes. Undefined warnings have been resolved when using CTRL-C to exit the user loop.
tags | tool, perl
systems | unix
MD5 | 2c6bd14d0393d0d20fe8a7bb1236fad6
Rosewill RSVA11001 Remote Code Execution
Posted Mar 25, 2013
Authored by Eric Urban

Rosewill RSVA11001 Hi3515 suffers from a remote command execution vulnerability due to feeding unsanitized user-supplied data to ntpdate.

tags | exploit, remote
MD5 | a5509c4ddc8fac7e83b395d8b62f851c
Ra1NX PHP Bot Authentication Bypass Remote Code Execution
Posted Mar 25, 2013
Authored by bwall | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system.

tags | exploit, remote, php
MD5 | 4e926047266653b04e377ab7fa565454
Innovative Web Ideas SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

Sites design by Innovate Web Ideas suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | f13d4930fb4af71fafe4daa9fe7cdff0
IconCool MP3 WAV Converter 3.00 Build 120518 Buffer Overflow
Posted Mar 25, 2013
Authored by G0li47h

IconCool MP3 WAV Converter version 300 build 120518 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 22a2b7e8265fb425b3be24387b529c21
WordPress Finalist SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

WordPress Finalist third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 9e214966bd3d1b932873d7bc6b9b52dc
WordPress Level Four Storefront SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

WordPress Level Four Storefront third party plugin version 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 54d9e690332a6e6c57abbccafbe40330
Plan B SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

Sites designed by Plan B suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
MD5 | f69cfd46586aa7fbad828ab1ade8c1ad
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close