what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files Date: 2013-04-12

Nagios Remote Plugin Executor Arbitrary Command Execution
Posted Apr 12, 2013
Authored by Rudolph Pereir | Site metasploit.com

The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.

tags | exploit, remote, arbitrary
advisories | CVE-2013-1362, OSVDB-90582
MD5 | f762528b7aa2218b0fa93e100963a2f3
HP Security Bulletin HPSBUX02864 SSRT101156
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02864 SSRT101156 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475
MD5 | bba0c2089407a5ccc93bbd7fb32c5631
HP Security Bulletin HPSBUX02859 SSRT101144 2
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2009-0159, CVE-2009-3563
MD5 | 082db02dcbf3c0af6e5f80cbc5c53db9
Microsoft Security Bulletin Re-Release For April, 2013
Posted Apr 12, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for April, 2013.

tags | advisory
MD5 | f9214b7910149b6cd9e5c5a78f9438ea
Ruby Gem kelredd-pruview 0.3.8 Command Injection
Posted Apr 12, 2013
Authored by Larry W. Cashdollar

Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
MD5 | f5be5f7f17491093179ac0e8040a4edc
ircd-hybrid 8.0.5 Denial Of Service
Posted Apr 12, 2013
Authored by Kingcope

ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.

tags | exploit, denial of service
systems | linux, centos
advisories | CVE-2013-0238
MD5 | 0f9fb041bdcef54322b9f2e40ce7695c
Mandriva Linux Security Advisory 2013-136
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-136 - A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).

tags | advisory, overflow, shell
systems | linux, mandriva
advisories | CVE-2012-5854, CVE-2012-5534
MD5 | 1fa26f9f7e65aa89ba6379ff85a3e400
Mandriva Linux Security Advisory 2013-134
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-134 - Updated viewvc packages fix security vulnerabilities. Several other bugs were fixed as well.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-4533, CVE-2012-4533, CVE-2012-3356, CVE-2012-3357
MD5 | ceb69c2808f86c386cd49ce6cd22dd33
Mandriva Linux Security Advisory 2013-142
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
MD5 | 2188b9e96631299ac2c4f5fa656bcbdd
Mandriva Linux Security Advisory 2013-141
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-141 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6139
MD5 | 55600357f68c32337cb20b0e3c6644c7
Red Hat Security Advisory 2013-0737-01
Posted Apr 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0737-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849
MD5 | c37973b61a1a415306483a0bd73ce392
Mac OS X 10.8.3 ftpd Remote Resource Exhaustion
Posted Apr 12, 2013
Authored by Maksymilian Arciemowicz

ftpd on Mac OS X 10.8.3 suffers from a denial of service vulnerability. This appears to be an old vulnerability that has not been properly addressed.

tags | advisory, denial of service
systems | apple, osx
advisories | CVE-2010-2632, CVE-2011-0418
MD5 | 94001b19568c07c69c7c414d0e13a01d
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close