exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 63 RSS Feed

Files Date: 2013-04-11

Mandriva Linux Security Advisory 2013-140
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-140 - The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by reading additional text in a 403 observing whether certain retransmissions occur. Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol header. main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976. The updated packages have upgraded to the 11.2.2 version which is not vulnerable to these issues

tags | advisory, remote, web, denial of service, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2013-2264, CVE-2013-2685, CVE-2013-2686
SHA-256 | 7fd98ec50c85814f6a4366bef4a58e953ba2ef0b56f816f8b5579a10f25a8d66
Mandriva Linux Security Advisory 2013-129
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-129 - Due to missing input validation, the Squid cachemgr.cgi tool in Squid before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack when processing specially crafted requests. It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack.

tags | advisory, remote, denial of service, cgi
systems | linux, mandriva
advisories | CVE-2012-5643, CVE-2013-0189
SHA-256 | 97deec2c2c183d9f878b2d19472e46b1883e54a186646f40f86cde608e8d86b5
Mandriva Linux Security Advisory 2013-139
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-139 - This fixes a format string vulnerability in the LogVHdrMessageVerb function in os/log.c when handling input device names in X.Org X11 server. MBS1 is not vulnerable to arbitrary code execution via this vulnerability because of the compiler options that were used to build it, but it can still cause a crash.

tags | advisory, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-2118
SHA-256 | e63a61137b8dc9155f12483be894288c9e8ca38e2ae8bfe52e9fc90e9f2ce85d
Mandriva Linux Security Advisory 2013-130
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-130 - stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

tags | advisory, remote, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2013-1762
SHA-256 | 5820bcf9444903bd1647e9bcc86b61f63e7bd6b55e6ce21f29c6945caf2801a9
Mandriva Linux Security Advisory 2013-131
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-131 - taglib before 1.7.2 allows remote attackers to cause a denial of service via a crafted MP4 file.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2396
SHA-256 | 607c1888f212d21f34c2801a97a9fb4bc0dfb62cbc0360536f77242cc94ccde1
Mandriva Linux Security Advisory 2013-133
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0065
SHA-256 | 37e1eb30bc1d9a26b47dcdde2d765126c88eb9e2d3d42881f5a78bd6301d56e2
Mandriva Linux Security Advisory 2013-128
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-128 - Updated squashfs-tools packages fix security vulnerabilities such as remote arbitrary code execution via crafted list file and an integer overflow in queue_init() that may lead to arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-4024, CVE-2012-4025
SHA-256 | 089aae0fa2110354b8b3c4856476f664b745c0b63e3cabecf868d9a6cdcaba30
Mandriva Linux Security Advisory 2013-127
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-127 - Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-0219
SHA-256 | 04a1eb9d23dc80ad40f04c8c15d5f42f29a8890b7eddfbc4064636f552ea26ee
Mandriva Linux Security Advisory 2013-137
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-137 - This update provides WordPress 3.4.2, a maintenance and security release.

tags | advisory
systems | linux, mandriva
SHA-256 | 58fbebe7d7f22784a5f816b1d2fcaf7e6bfe5f7f29eea93b53e4db079de18183
Mandriva Linux Security Advisory 2013-125
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-125 - A security flaw was found in the way the Sleuth Kit , a collection of UNIX-based command line tools allowing to investigate a computer, performed management of '.' file system entry. An attacker could use this flaw to evade detection by forensic analysis (hide certain files not to be scanned) by renaming the file in question it to be '.' file system entry. The original reports speaks about this attack vector to be present when scanning FAT file system. It is possible though, the flaw to be present on other file systems, which do not reserve usage of '.' entry for special purpose, too.

tags | advisory
systems | linux, unix, mandriva
advisories | CVE-2012-5619
SHA-256 | 08c994a859b67011a917df5cd3fa219512b8fef2df3d25d4021c7c64a4ce9197
Mandriva Linux Security Advisory 2013-124
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-124 - Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2012-4466, CVE-2012-4481, CVE-2013-1821
SHA-256 | 3e2e417902b29eb528c22b29313b488fc00b3906282a6db4beb95befcf297016
Mandriva Linux Security Advisory 2013-122
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-122 - The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering capability TLV in an OPEN message.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1820
SHA-256 | a11d5de4264422bd1678721a17075a12eb70630d8621527a727b57c10af89492
Mandriva Linux Security Advisory 2013-138
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-138 - A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to 1 in the guest), crash the guest.

tags | advisory, kernel
systems | linux, mandriva
advisories | CVE-2013-0241
SHA-256 | 7f97bb2bf99870e0ca433b4de8aa8395dea173ca78e38fade65e7e57acefff3f
Aircraft Hacking - Practical Aero Series
Posted Apr 11, 2013
Authored by Hugo Teso

These are presentation slides from a talk called Aircraft Hacking - Practical Aero Series. It was presented at HackInTheBox 2013 AMS. It discusses how controls on aircraft could be hacked and the shortcomings that need to be addressed for flight safety.

tags | paper
SHA-256 | 542bcde77cd07d80fe47993d9d5ecd2f91301b0bc3682a4924d5feb4854ba4e2
DLink DIR-645 / DIR-815 diagnostic.php Command Execution
Posted Apr 11, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some DLink Routers are vulnerable to OS Command injection in the web interface. On DIR-645 versions prior 1.03 authentication isn't needed to exploit it. On version 1.03 authentication is needed in order to trigger the vulnerability, which has been fixed definitely on version 1.04. Other DLink products, like DIR-300 rev B and DIR-600, are also affected by this vulnerability. Not every device includes wget which we need for deploying our payload. On such devices you could use the cmd generic payload and try to start telnetd or execute other commands. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module has been tested successfully on DIR-645 prior to 1.03, where authentication isn't needed in order to exploit the vulnerability.

tags | exploit, web
advisories | OSVDB-92144
SHA-256 | f2ceeefd8dbcad542f7e425fc2a4629e678ed768c94c49906f4e9341a1042096
Cisco Security Advisory 20130410-ncs
Posted Apr 11, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Network Control System NCS appliances that are running software versions prior to 1.1.1.24 contain a database user account that is created with default credentials. An attacker could use this account to modify the configuration of the application or disrupt services. A software upgrade is required to resolve this vulnerability. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.

tags | advisory
systems | cisco
SHA-256 | f03c7eab2043deefbff5ac222bc8ac2ccdea0d7a5f6dcaf235f7f24fb550ff9c
Mandriva Linux Security Advisory 2013-132
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-132 - Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. Various other vulnerabilities have been addressed.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2768, CVE-2011-2769, CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-5573
SHA-256 | 5ee102c8464d210c11eb70256fe5f9fdeb5edd501b3b5eb68b0590a9bb1f0ee1
Cisco Security Advisory 20130410-asr1000
Posted Apr 11, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains multiple denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco, osx
SHA-256 | 53cb74a118d69ff45c677651fb032c3c34b95df6aaf4e7979c80e8539a22aecc
Mandriva Linux Security Advisory 2013-126
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-126 - Two vulnerabilities have been discovered in Snack Sound Toolkit, which are caused due to missing boundary checks in the GetWavHeader() function when parsing either format sub-chunks or unknown sub-chunks. This can be exploited to cause a heap-based buffer overflow via specially crafted WAV files with overly large chunk sizes specified.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2012-6303
SHA-256 | c4586b12972a3f70c184f4c2b3e28957a8101570e17f862e82dbe7d33a3f98cc
Drupal RESTful Web Services 7.x Denial Of Service
Posted Apr 11, 2013
Authored by Dylan Wilder-Tack | Site drupal.org

Drupal RESTful Web Services third party module version 7.x suffers from a denial of service vulnerability.

tags | advisory, web, denial of service
SHA-256 | 36e16b247be93cb883ff7fcdbde5ec861a19c4ab5200ee53ee1c72403e2d28b0
Mandriva Linux Security Advisory 2013-135
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-135 - A denial of service flaw was found in the way VTE, a terminal emulator widget, processed certain escape sequences with large repeat counts. A remote attacker could provide a specially-crafted file, which once opened in a terminal using the VTE terminal emulator could lead to excessive CPU consumption.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2738
SHA-256 | e3f5ef60d5477ce05131f3eb0b277c6d94fdd9af25380ce161b4c9097b78ade8
Technical Cyber Security Alert 2013-100A
Posted Apr 11, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-100A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 57b8a36ff58442702dd2a02b3ee25876d5c882f49fd15306764ac9990bd86962
Mandriva Linux Security Advisory 2013-121
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-121 - A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long /tmp. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu , or to point to an attacker-readable file that could expose data from the guest to the attacker. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2652, CVE-2012-3515, CVE-2012-6075
SHA-256 | 0f5d0689948e74e63089abe6af1a0447a0fe343b5e6c2298fef30b4a9d5cf5b8
Mandriva Linux Security Advisory 2013-123
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-123 - A TOCTOU race condition was found in the way 'annotate-output' (used to execute a program annotating the output linewise with time and stream) tool of rpmdevtools before 8.3 performed management of its temporary files used for standard output and standard error output. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to their ability in an unauthorized way to alter files belonging to the user running the 'annotate-output' tool.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-3500
SHA-256 | 9a7e3e6df99c7f9d2fd28c283bcd2eb42325d5644827d34637c513155215881a
WordPress Spider Video Player 2.1 SQL Injection
Posted Apr 11, 2013
Authored by Ashiyane Digital Security Team, Amirh03in

WordPress Spider Video Player third party plugin version 2.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 0aa8bf2204ceb54e7de1eedadf4a7ae0f5b8de03743913c9e5d4ed5787982ea7
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close