what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-04-19

Mandriva Linux Security Advisory 2013-147
Posted Apr 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-147 - Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof is equal to 8. In the archive_write_zip_data() function in libarchive/ archive_write_set_format_zip.c, the s parameter is of type size_t and is cast to a 64 bit signed integer. If s is larger than MAX_INT, it will not be set to zip->remaining_data_bytes even though it is larger than zip->remaining_data_bytes, which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives. The updated packages have been patched to correct this issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-0211
MD5 | 284356571418390a23af798068bacedf
Ubuntu Security Notice USN-1805-1
Posted Apr 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1805-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
MD5 | 9dde7480b2593ff7a4057b7bbaa64c81
Mandriva Linux Security Advisory 2013-145
Posted Apr 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-145 - Multiple security issues were identified and fixed in OpenJDK Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code.Note: The fix for changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Various other issues have been addressed.

tags | advisory, java, arbitrary, local
systems | linux, mandriva
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431
MD5 | 321e8e03af5545c18cb282d9793befa1
Adobe Flash Player Code Execution
Posted Apr 19, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. Adobe Flash Player versions prior to 11.7.700.169 are affected.

tags | advisory, remote, web, protocol
advisories | CVE-2013-2555
MD5 | 528f63f34436a85bc7304af9f6091a07
MinaliC Webserver 2.0.0 Buffer Overflow
Posted Apr 19, 2013
Authored by Antonius | Site cr0security.com

MinaliC Webserver version 2.0.0 buffer overflow exploit that binds a shell to port 4444. Works on Windows Server 2003 SP3 only.

tags | exploit, overflow, shell
systems | windows
MD5 | 439f16a74d2ea6b7bec629ef6be34eb2
Mandriva Linux Security Advisory 2013-146
Posted Apr 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-146 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack. The updated packages have been upgraded to the 1.3.2 version which is not affected by these issues.

tags | advisory, java, web, vulnerability
systems | linux, mandriva
advisories | CVE-2013-1926, CVE-2013-1927
MD5 | f02ad168d33d7ee0af6683b387ad9d9c
Wireless Decoder 1.0
Posted Apr 19, 2013
Authored by Kevin Devine

Wireless Decoder is an application that demonstrates how to recover wireless passwords on Vista/Win7/Win8. Comes with source and the binary.

tags | tool, wireless
MD5 | d8d2386e1320ff3298bd2aa3d5f844ab
Tienda Online CMS Cross Site Scripting
Posted Apr 19, 2013
Authored by Ivan Sanchez, Raul Diaz

Tienda Online CMS suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 2aebd098f51bb0c40075060d52ec9407
Foxit Reader 5.4.x Denial Of Service
Posted Apr 19, 2013
Authored by FuzzMyApp

Foxit Reader versions 5.4.3.x through 5.4.5.0124 suffer from a PDF XREF parsing denial of service vulnerability.

tags | exploit, denial of service
systems | linux
MD5 | 2feaa75cdb5e8304debeca363d3285e6
KIK Messenger Password Disclosure
Posted Apr 19, 2013
Authored by Wouter van Rooij

KIK Messenger stores its password in cleartext in a plist file.

tags | exploit, info disclosure
MD5 | 647f1a698c2fa2e7faaa1cfadeb47feb
Crafty Syntax Live Help RFI / Path Disclosure
Posted Apr 19, 2013
Authored by ITTIHACK

Crafty Syntax Live Help versions 2.x and 3.x suffer from path disclosure and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion, info disclosure
MD5 | 890082ed42552aa39e6250ec940d710f
TP-LINK TL-WR741N / TL-WR741ND Denial Of Service
Posted Apr 19, 2013
Authored by W1ckerMan

TP-LINK TL-WR741N / TL-WR741ND suffers from multiple remote denial of service device freezing conditions.

tags | exploit, remote, denial of service
MD5 | 2f076c652668949f32ded79c3486c790
nginx 0.6.x Code Execution
Posted Apr 19, 2013
Authored by Neal Poole

nginx version 0.6.x suffers from an arbitrary code execution vulnerability due to a nullbyte injection issue.

tags | exploit, arbitrary, code execution
MD5 | 6bb8e74df4a5f0826c76b18161f83f87
SAP ConfigServlet OS Command Execution
Posted Apr 19, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.

tags | exploit
MD5 | ac2c999b38c63ce4ef50144160111f76
Cisco IKE Implementation Group Name Enumeration
Posted Apr 19, 2013
Authored by Jonathan Claudius | Site trustwave.com

Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.

tags | exploit
systems | cisco
advisories | CVE-2013-1194
MD5 | 37f3ee04820cd518c1b15bfc834bed67
Ubuntu Security Notice USN-1804-1
Posted Apr 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1804-1 - Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2013-1926, CVE-2013-1927, CVE-2013-1926, CVE-2013-1927
MD5 | 5b5c6f75497020268216d84318e232ab
Red Hat Security Advisory 2013-0758-01
Posted Apr 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0758-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2439, CVE-2013-2440
MD5 | 1cd3e45c9656ac861e20d524d2d8d3ab
Red Hat Security Advisory 2013-0757-01
Posted Apr 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0757-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425
MD5 | c59f824cdaa46783c13229747f9f934f
Debian Security Advisory 2662-1
Posted Apr 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2662-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1917, CVE-2013-1919
MD5 | 36b7f259d496747970aae84258b4ccf8
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    6 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close