all things security
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-26

Debian Security Advisory 2653-1
Posted Mar 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2653-1 - It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program.

tags | advisory, overflow, cgi
systems | linux, debian
advisories | CVE-2012-6096
MD5 | a200fbcfd5cb7a54e106d6c17b8cda8b
Red Hat Security Advisory 2013-0686-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823
MD5 | 5e81cbe1b945aa35e5aa95323b877178
Red Hat Security Advisory 2013-0685-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.

tags | advisory, web, denial of service, overflow, arbitrary, perl
systems | linux, redhat
advisories | CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667
MD5 | e2f18b4f06400482b176f94cba83ecfa
Ubuntu Security Notice USN-1781-1
Posted Mar 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1781-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774
MD5 | cc1f51132107651d4f6c9ac23e0388ff
SynConnect SQL Injection
Posted Mar 26, 2013
Authored by Bhadresh Patel

SynConnect suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 53d603d98cbb9f37bcb673586d83a9b7
HP Security Bulletin HPSBPV02855 SSRT100512
Posted Mar 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02855 SSRT100512 - A potential security vulnerability has been identified with HP ProCurve 1700-8 (J9079A) and 1700-24 (J9080A) switches. The vulnerability could be remotely exploited to allow a cross site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
advisories | CVE-2012-5216
MD5 | e32aaa105b8073da45ca41cca75c176e
OrionDB Business Directory Script Cross Site Scripting
Posted Mar 26, 2013
Authored by 3spi0n

OrionDB Business Directory Script suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b28af895968486056d63a32164da1b65
OWASP WAF Naxsi Bypass
Posted Mar 26, 2013
Authored by Safe3

OWASP WAF Naxsi suffers from a bypass vulnerability.

tags | exploit, bypass
MD5 | 05e5bf5bcd626e4317353226a15df84f
Voila CMS SQL Injection
Posted Mar 26, 2013
Authored by Ashiyane Digital Security Team

Voila CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 64dfe9b5046a3aa560994b856c616be4
Debian Security Advisory 2652-1
Posted Mar 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2652-1 - Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing string substitution during entity expansion.

tags | advisory
systems | linux, debian
advisories | CVE-2013-0338, CVE-2013-0339
MD5 | fee0ed9cf9f2e698e07dda6a630e8765
ActFax 5.01 RAW Server Buffer Overflow
Posted Mar 26, 2013
Authored by corelanc0d3r, Craig Freyman, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).

tags | exploit, overflow, protocol
systems | windows, xp
advisories | OSVDB-89944
MD5 | cded5f4f56c57b9c3f4c1bb89e73d638
HP Intelligent Management Center Arbitrary File Upload
Posted Mar 26, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP Intelligent Management Center. The vulnerability exists in the mibFileUpload which is accepting unauthenticated file uploads and handling zip contents in a insecure way. Combining both weaknesses a remote attacker can accomplish arbitrary file upload. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution, file upload
systems | windows
advisories | CVE-2012-5201, OSVDB-91026
MD5 | 895367cbeb9f4b40782b753c27ad6e05
XML Security Library 1.2.19
Posted Mar 26, 2013
Site aleksey.com

XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.

Changes: This release adds support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, and ECDSA-SHA512, and fixes a number of miscellaneous bugs.
tags | library
systems | unix
MD5 | fe664ba5f01ebfaeb0ab5deeb0b2249e
Ubuntu Security Notice USN-1780-1
Posted Mar 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1780-1 - Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2013-1821
MD5 | de388ffe22e1375d9ed53a2583cc54b0
Red Hat Security Advisory 2013-0683-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0683-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5784
MD5 | cec3da2445960869d61a16a521a04ddd
Red Hat Security Advisory 2013-0682-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0682-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
MD5 | 4a4695b75be3aedb43ca7c685acea440
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close