seeing is believing
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-03-28

Ubuntu Security Notice USN-1782-1
Posted Mar 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1782-1 - It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0338
MD5 | 4fb039c63bf3b2f82997b99fbc7a8ae6
Java CMM Remote Code Execution
Posted Mar 28, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.

tags | exploit, java, arbitrary
systems | windows, xp, 7
advisories | CVE-2013-1493, OSVDB-90737
MD5 | 72dd0a81f1bd243e69277d2973faf59f
v0pCr3w Web Shell Remote Code Execution
Posted Mar 28, 2013
Authored by bwall | Site metasploit.com

This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.

tags | exploit, shell
MD5 | 67c771e91a9f65359e28a15940a7500f
Asterisk Project Security Advisory - AST-2013-003
Posted Mar 28, 2013
Authored by Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

tags | advisory
advisories | CVE-2013-2264
MD5 | 43a1293557b3fa72ea85345a7645b421
Cisco Security Advisory 20130327-rsvp
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
MD5 | 6a665c100d3ba34b0c22eda59bcec743
Drupal Common Wikis 7.x Access Bypass / Privilege Escalation
Posted Mar 28, 2013
Authored by Ezra Barnett Gildesgame, Joseph Pontani, Jakob Perry | Site drupal.org

Drupal Common Wikis third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
MD5 | f8f004c348fc5d4bb65bf161bcbfa6b5
EMC Smarts Product Cross Site Scripting
Posted Mar 28, 2013
Site emc.com

EMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.

tags | advisory, xss
advisories | CVE-2013-0936
MD5 | c2bc9f8b7521e146d83e67ae084c8a2c
Asterisk Project Security Advisory - AST-2013-002
Posted Mar 28, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.

tags | advisory, web, denial of service
advisories | CVE-2013-2686
MD5 | ae7f44d97919b080bfab8ac0fefe27d5
Cisco Security Advisory 20130327-ike
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, denial of service
systems | cisco
MD5 | 11844e9a9de030a5fc95cbb47821201f
Drupal Common Groups 7.x Access Bypass / Privilege Escalation
Posted Mar 28, 2013
Authored by Ezra Barnett Gildesgame, Joseph Pontani, Jakob Perry | Site drupal.org

Drupal Common Groups third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
MD5 | d4c570dfea778a3b7df86192c1ba1a1b
Cisco Security Advisory 20130327-nat
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 1134c69a818428829942f03097b6cad9
Asterisk Project Security Advisory - AST-2013-001
Posted Mar 28, 2013
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.

tags | advisory, arbitrary
advisories | CVE-2013-2685
MD5 | 2f1e20b7186fbfd0411b4581c2fd8e8e
Drupal Rules 7.x Cross Site Scripting
Posted Mar 28, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Rules third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | da0b7cce077bc4f5ac2ffc0ec665dd02
BlazeDVD Free Edition 6.1.1.6 Buffer Overflow
Posted Mar 28, 2013
Authored by metacom

BlazeDVD Free Edition version 6.1.1.6 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | d2d1ca20956fc752a390af872386dd39
Cisco Security Advisory 20130327-smartinstall
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 92ac3270dbf3874cd0968ae27ef4abcf
Drupal Zero Point 7.x Cross Site Scripting
Posted Mar 28, 2013
Authored by Dennis Walgaard | Site drupal.org

Drupal Zero Point third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 6b9e2a62702564f874fd37ce748cc084
Cisco Security Advisory 20130327-pt
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | f8116adf42a137bba67df19e7b587065
Red Hat Security Advisory 2013-0687-01
Posted Mar 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0687-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1591
MD5 | f9dff0588d1e5659167e50c12327a6b5
Cisco Security Advisory 20130327-ipsla
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Mitigations for this vulnerability are available.

tags | advisory, remote, denial of service
systems | cisco
MD5 | c77785b7e6c4e4859f50ad17b4d98a87
Cisco Security Advisory 20130327-cce
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affected by this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP inspection.

tags | advisory, protocol, memory leak
systems | cisco
MD5 | 54f51a0646c56a0a69efdad73d9424a5
HP Security Bulletin HPSBST02848 SSRT101112
Posted Mar 28, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02848 SSRT101112 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-0053
MD5 | 1f4895e28eefb6a4561426b6a571ecb9
Slackware Security Advisory - bind Updates
Posted Mar 28, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-2266
MD5 | 5435144bfc03fca4d6d0c9baa483cf09
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close