the original cloud security
Showing 1 - 25 of 26 RSS Feed

Files Date: 2013-04-09

FTimes 3.10.0
Posted Apr 9, 2013
Authored by Klayton Monroe | Site ftimes.sourceforge.net

FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.

Changes: The code was cleaned up and refined as necessary. Several bugs have been fixed. This release includes updated support for file hooks and introduces KL-EL-based XMagic. Consequently, the minimum required version of libklel has been raised to 1.1.0, which has a library version of 2:0:1. File system support for SquashFS was added.
tags | tool, forensics
systems | linux
MD5 | 1be7a3c5f6d0714c4d9003a23c706565
Nitro Pro 8 Insecure Library Loading
Posted Apr 9, 2013
Authored by M. Heinzl | Site sec-consult.com

Nitro Pro 8 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2013-2773
MD5 | db877ed71edba1b079e90b2476077edd
APT1: Technical Backstage
Posted Apr 9, 2013
Authored by Paul Rascagneres

This is an analysis of APT1 that was inspired by the original work from Mandiant.

tags | paper
MD5 | aa3c3157a2336623d96a7e2fa57fec02
Foscam Cross Site Request Forgery
Posted Apr 9, 2013
Authored by shekyan

Foscam versions FI8910W and FI8908W with embedded web interface version 2.4.10.3 suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, web, vulnerability, csrf
MD5 | 42a25fb6eeae86371d83e7a0260ff964
DartWebserver.dll 1.9.2 Null Pointer Dereference
Posted Apr 9, 2013
Authored by catatonicprime

DartWebserver.dll version 1.9.2 suffers from a null pointer dereference denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2012-5389
MD5 | 581cc1a10777cb563080fdeb7f9974a8
Slackware Security Advisory - seamonkey Updates
Posted Apr 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | a1aef662839cd19f226ab1c50f9ce81f
ZeroClipbord.swf Cross Site Scripting / Path Disclosure
Posted Apr 9, 2013
Authored by MustLive

ZeroClipboard.swf as included with multiple themes in WordPress suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1808
MD5 | 80dce9ff1e03246e909e1fc95299b1e8
Shellcode Of Death
Posted Apr 9, 2013
Authored by Ashfaq Ansari, Ruei-Min Jiang

This shellcode has been designed to format all the available drives on Windows.

tags | shellcode
systems | windows
MD5 | e75c2fb2b63b997f58e082060fa5d65b
Mandriva Linux Security Advisory 2013-075
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-075 - Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4545
MD5 | 8ee7fe880b0fd694b2abca14e6357d7e
Ubuntu Security Notice USN-1798-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1798-1 - Mathias Krause discovered several errors in the Linux kernel's xfrm_user implementation. A local attacker could exploit these flaws to examine parts of kernel memory. Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit the flaw to examine parts of kernel stack memory Mathias Krause discovered an information leak in the Linux kernel's getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw to examine parts of kernel stack memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792
MD5 | 21122747f48a1ce552eaf6f8ce90b555
Ubuntu Security Notice USN-1797-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1797-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 446c18778474d2f710b52be1a9930894
Ubuntu Security Notice USN-1796-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1796-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 270905acba7d9c2da321e18add8e8528
Mandriva Linux Security Advisory 2013-076
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-076 - Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. Additionally a problem was fixed reading xz compressed files.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-0035, CVE-2012-3479
MD5 | bcf203652b86fff1f89bf4fc253be523
Ubuntu Security Notice USN-1795-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1795-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 3a2087e77f4fdd0a6e79e672256eecce
Ubuntu Security Notice USN-1794-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1794-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 6935377eb279762079d9f8db2153aaf8
Ubuntu Security Notice USN-1793-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1793-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 3660d32f16c5ef84dba7ef11e99f69ac
Mandriva Linux Security Advisory 2013-074
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-074 - Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted strings. This vulnerability is mitigated by the fact that users must have the ability to post content sent to the filter system such as a role with the post comments or Forum topic: Create new content permission. Drupal core's Form API allows users to set a destination, but failed to validate that the URL was internal to the site. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1588, CVE-2012-1589, CVE-2012-1590, CVE-2012-1591, CVE-2012-2153, CVE-2012-2922, CVE-2012-5651, CVE-2012-5653
MD5 | 9b0a828f4c06305f67bcae3f6697c71a
Gentoo Linux Security Advisory 201304-01
Posted Apr 9, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201304-1 - Two vulnerabilities in NVIDIA drivers may allow a local attacker to gain escalated privileges. Versions prior to 304.88 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4225, CVE-2013-0131
MD5 | dbbd0535b7d88cd3f6aee05b5932ec7a
Ubuntu Security Notice USN-1792-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1792-1 - Mathias Krause discovered several errors in the Linux kernel's xfrm_user implementation. A local attacker could exploit these flaws to examine parts of kernel memory. Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit the flaw to examine parts of kernel stack memory Mathias Krause discovered an information leak in the Linux kernel's getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw to examine parts of kernel stack memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792
MD5 | 650c42fd010ac3e04fda05c629a0c0ca
Mandriva Linux Security Advisory 2013-073
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-073 - DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a.php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. A full path disclosure flaw was found in the way DokuWiki, a standards compliant, simple to use Wiki, performed sanitization of HTTP POST 'prefix' input value prior passing it to underlying PHP substr() routine, when the PHP error level has been enabled on the particular server. A remote attacker could use this flaw to obtain full path location of particular requested DokuWiki page by issuing a specially-crafted HTTP POST request.

tags | advisory, remote, web, php
systems | linux, mandriva
advisories | CVE-2011-3727, CVE-2012-3354
MD5 | d32fb0f92b709a1686d26d609f6e4b28
Slackware Security Advisory - subversion Updates
Posted Apr 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New subversion packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1845,CVE-2013-1846,CVE-2013-1847,CVE-2013-1849,CVE-2013-1884.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884
MD5 | 945b6de60e1764ac7e99f81e849c7b7d
360-FAAR Firewall Analysis Audit And Repair 0.4.2
Posted Apr 9, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds the 'cl' option to clean/filter original rules, in 'rr' mode, and allows output of service priority rules as well as the original dst src priority rule build. The 'rr' mode menu has been simplified further. Starting the script without any options now starts load mode to add at least one config. This release fixes a bug in the 'any' object matching, 'any' should now be matched from logs. The rashfilter hash tree format has been changed to match the order of the other rule processing hashes: mergebase, filterbase and rulegroups, this should reduce memory use slightly.
tags | tool, perl
systems | unix
MD5 | 69f299cb1ea3e5f232970f48c128f751
MiniWeb File Upload / Directory Traversal
Posted Apr 9, 2013
Authored by Akastep

MiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
MD5 | d7d4c6430847f0af7f16ae7822ca5f7a
D-Link Remote Command Execution
Posted Apr 9, 2013
Authored by Michael Messner

D-Link devices DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 all suffer from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 9c39d65f30a6ecb6ad9c6910d7a44d1f
EasyPHP Webserver PHP Command Execution
Posted Apr 9, 2013
Authored by KedAns-Dz

EasyPHP Webserver suffers from a remote shell injection vulnerability.

tags | exploit, remote, shell
MD5 | f84a0d2186ab126bd25b2c5239bbc427
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close