what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2013-04-10

Port Forwarding Daemon 0.29
Posted Apr 10, 2013
Authored by Everton da Silva Marques

portfwd is a small userlevel daemon which forwards incoming TCP connections or UDP packets to remote hosts. Multiple forwarders can be specified in a flexible configuration file. There is support for FTP forwarding and transparent proxy.

Changes: Various updates.
tags | tool, remote, udp, tcp
systems | unix
SHA-256 | a880cf57ae00224c470c387cf2de8abbb53c4d761b4d67be5b0c9e15c3484066
Linksys WRT54GL apply.cgi Command Execution
Posted Apr 10, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values.

tags | exploit, web
advisories | OSVDB-89912
SHA-256 | 842e633a501f723e29c147350b0f672da78b474050f74be28f55d1501d673b3c
Ruby Gem Karteek Docsplit 0.5.4 Command Injection
Posted Apr 10, 2013
Authored by Larry W. Cashdollar

Ruby Gem Karteek Docsplit version 0.5.4 fails to sanitize user-supplied input. If a user is tricked into extracting a file with shell characters in the name, code can be executed remotely.

tags | exploit, shell, ruby
advisories | CVE-2013-1933
SHA-256 | b21afb51938c4e491625c88dec36626c10a2f58c611fc3dcdcfd45693ccba644
Microsoft Security Bulletin Summary For April, 2013
Posted Apr 10, 2013
Site microsoft.com

This bulletin summary lists 9 released Microsoft security bulletins for April, 2013.

tags | advisory
SHA-256 | 9fa04ce0853d4066597878eb3bbbae6b5ee870541cf6c8172630ebf4a59016bd
phpMyAdmin 3.5.7 Cross Site Scripting
Posted Apr 10, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 373323d449040d80cf19a424efb57660421ebce6af076a5b804b8d44f7724af3
Firefox For Android World Read/Write
Posted Apr 10, 2013
Authored by Shuichiro Suzuki | Site fourteenforty.jp

The app_tmp directory is set to be world readable and writable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation.

tags | advisory
advisories | CVE-2013-0798
SHA-256 | 323e774a7be57857607c34b40f5d3df75b387103d0ff33bd02ee5880b6c397bf
ZAPms 1.41 SQL Injection
Posted Apr 10, 2013
Authored by NoGe

ZAPms version 1.41 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fdbb3c9ac475faabb959b176c865bb90290f7c1e94579706c71fa54561f748d7
SVN Extractor
Posted Apr 10, 2013
Authored by Anant Shrivastava | Site anantshri.info

This is a simple python tool written to extract all web resources by leveraging an exposed .SVN folder.

tags | tool, web, scanner, python
systems | unix
SHA-256 | 2675f79a415d1f1f96f60a6a337e25c1fb941c47573e612e32d8468062080155
Mandriva Linux Security Advisory 2013-081
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-081 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed.ppm image files. An attacker could create a specially-crafted.ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4433
SHA-256 | 5e6cd5cf68993eaf8d5b1a8de79004e00215d35203e5d44e86a442d35c902bc8
Mandriva Linux Security Advisory 2013-080
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-080 - There is a security issue in Ganglia Web going back to at least 3.1.7 which can lead to arbitrary script being executed with web user privileges possibly leading to a machine compromise. Additionally, an issue where active NFS mounts caused gmond to not start has also been corrected. When installing ganglia-gmetad, the installer uses the non-existent nobody, and not nogroup, as the group when changing new ownership of files.

tags | advisory, web, arbitrary
systems | linux, mandriva
SHA-256 | 3c961b95991381bc79dc24781ff27c697f4bc29f2ff8bf5a43e1b9053a4769a8
Mandriva Linux Security Advisory 2013-077
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-077 - The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2010-3843
SHA-256 | d15fbb0cd85903accc91fa6774002011340db685ec6a8f976265991dcf13a79e
Mandriva Linux Security Advisory 2013-078
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-078 - fail2ban before 0.8.8 didn't escape the content of <matches> (if used in custom action files), which could cause issues on the system running fail2ban as it scans log files, depending on what content is matched, since that content could contain arbitrary symbols.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5642
SHA-256 | 02f0ceebdef9f69b3240d65ae187a46acf7a7e763e43fddb26a82309d5e67241
Mandriva Linux Security Advisory 2013-092
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-092 - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-3437
SHA-256 | d7b8e31000d6f94514dd6bb1b2196951e4c3914af5eb3d0eba49fa8c550fc240
Mandriva Linux Security Advisory 2013-091
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-091 - Icecast didn't strip newlines from log entries, therefore allowing users to forge log entries.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-4612
SHA-256 | d678e8f696c183eb66fee5d804148e481f6780789c17e07f36a70fc0fe1ced17
Mandriva Linux Security Advisory 2013-090
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-090 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 52b38a58d8663a77ed183b461180c1ba5f7327f1147c9fc9ad9385aff5163ee1
Mandriva Linux Security Advisory 2013-089
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-089 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | d8a45b54c37f2206c92a6365555941b6c0d4767b9db2b8a89a9e0c163126018c
Mandriva Linux Security Advisory 2013-088
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-088 - Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-0200
SHA-256 | 6f358311920293588298d9da643b86de9ef48803cf0271f554493dbbea14ffe7
Mandriva Linux Security Advisory 2013-079
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-079 - Updated ffmpeg packages fix security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3937, CVE-2012-0851, CVE-2012-2772, CVE-2012-2775, CVE-2012-2776, CVE-2012-2777, CVE-2012-2779, CVE-2012-2784, CVE-2012-2786, CVE-2012-2787, CVE-2012-2788, CVE-2012-2789, CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2796, CVE-2012-2798, CVE-2012-2800, CVE-2012-2801, CVE-2012-2802
SHA-256 | 011cf87409193cbe68c990031fad2605ef53df2af20292fbb0fe6d5c5c969937
Mandriva Linux Security Advisory 2013-087
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-087 - Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-0792, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800, CVE-2013-0788
SHA-256 | 8dbda59f28a3be5e867bc9959eeb7c29a12cbc2e377b5713680241dda8c74519
Mandriva Linux Security Advisory 2013-086
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-086 - contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. The contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. The contrib/eqn2graph/eqn2graph.sh, contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. The contrib/groffer/perl/roff2.pl scripts in GNU troff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, local, perl
systems | linux, mandriva
advisories | CVE-2009-5044, CVE-2009-5079, CVE-2009-5080, CVE-2009-5081
SHA-256 | 0de17ba22272b3a3d36b067a2beabe8eb38298c3d26a34deb5b497588491615c
Mandriva Linux Security Advisory 2013-085
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-085 - contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. The contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. The contrib/eqn2graph/eqn2graph.sh, contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2009-5044, CVE-2009-5079, CVE-2009-5080
SHA-256 | 5c7df6f745f8b79b66fed6840c0d39eaf7b32f66e462ebf8ebd790d032ffcb4b
Mandriva Linux Security Advisory 2013-084
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-084 - gnome-keyring seems to obey the configuration asking it to stop caching passphrases, but after a while it doesn't cache nor does it ask for the passphrase.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-3466
SHA-256 | 1d755992c671fbd15c6ce5f16e59fba3a2f9233efd2ad0ed9f6f915f83023dc7
Mandriva Linux Security Advisory 2013-083
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-083 - It was discovered that the version of glib shipped with MBS 1 does not sanitise certain DBUS related environment variables. When used in combination with a setuid application which utilizes dbus via glib, a local user could gain escalated privileges with a specially crafted environment. This is related to a similar issue with dbus. This updated version of glib adds appropriate protection against such scenarios and also adds additional hardening when used in a setuid environment.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-3524
SHA-256 | 00be062d264761ffaab6ba68820ff25e49ad0147fd9a2fcb5e84638ffc2517f0
Red Hat Security Advisory 2013-0727-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0727-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2013-1796, CVE-2013-1797, CVE-2013-1798
SHA-256 | 8dbf79cce44ee7c7a8b5ef0d8c7a498872b08b14f5e166dcdc471e2aed88b38b
Red Hat Security Advisory 2013-0728-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0728-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that documentation created by RDoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As RDoc is used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, arbitrary, xss, ruby
systems | linux, redhat
advisories | CVE-2013-0256
SHA-256 | e4aa1360f63ad9831bbfb889675e74bdad2f2deae445fbb8e575b78c0ff578e1
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close