all things security
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-05-01

Drupal Filebrowser 6.x Cross Site Scripting
Posted May 1, 2013
Authored by Pawel Krawczyk | Site drupal.org

Drupal Firebrowser third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 64201a559431bf215c57cf8949d25d12
Ubuntu Security Notice USN-1812-1
Posted May 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1812-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
MD5 | 715a3c935ff6beea7161d4f51873fa76
Ubuntu Security Notice USN-1811-1
Posted May 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1811-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
MD5 | 9431fd55158e8a57e2b0b3146eb90e91
Ubuntu Security Notice USN-1809-1
Posted May 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1809-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
MD5 | c8b70b37686f5e592997d70f7cd68bbf
b2evolution 4.1.6 SQL Injection
Posted May 1, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2013-2945
MD5 | 9bdd169a21404aea6355ab7e7abdc9b7
Red Hat Security Advisory 2013-0783-01
Posted May 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0783-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0166, CVE-2013-0169
MD5 | 967f0b379b5b49bb69b00cc8622cdac5
Sanewall 1.1.0
Posted May 1, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: This development version includes the latest IPv4/IPv6 abstraction code. Please see the README to get started and for known issues, and report any problems to the mailing list.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 3a84eeded9210583a60675cae4791ebd
Red Hat Security Advisory 2013-0782-01
Posted May 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0782-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0166, CVE-2013-0169
MD5 | a9693b57fd54615bf96a5a4c7ec36872
sudo 1.8.3p1 Local Root
Posted May 1, 2013
Authored by aeon flux

sudo versions 1.8.0 through 1.8.3p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass.

tags | exploit, root
advisories | CVE-2012-0864, CVE-2012-0809
MD5 | be03570962444ddae2e8a92a4a6f50c9
eggBlog Shell Upload
Posted May 1, 2013
Authored by Pokk3rs

eggBlog suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 3bb82a3fa6e289237bbdee4356e02672
Forticlient VPN Client Credential Interception
Posted May 1, 2013
Authored by Cedric Tissieres, Philippe Oechslin | Site objectif-securite.ch

The Fortinet FortiClient VPN client on all available platforms suffers from a certificate validation vulnerability which allows an attacker to successfully run a man-in-the-middle attack and to steal the credentials of the user.

tags | exploit
MD5 | 0110ec875ff2941f6f7955953695bbc3
AudioCover 0.8.18 Buffer Overflow
Posted May 1, 2013
Authored by metacom

AudioCoder version 0.8.18 buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
MD5 | d4180546074bcef1b6e5e21e559bc3e3
GetSimple CMS 3.1.2 Cross Site Scripting
Posted May 1, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1420
MD5 | 25dc3c6ca848fa91688cbc4ac5390762
Microchip TCP/IP Stack Unchecked Buffer
Posted May 1, 2013

The function TCPIP_IPV6_ProcessFragmentationHeader() does not correctly validate the "fragment offset" field in the IPv6 fragmentation header. The standard vendor toolchain for PIC32 does not implement ASLR or stack cookies. The typical memory layout for a PIC32 application prevents shellcode from being executable, requiring ROP techniques. All applications using the Microchip TCP/IP Stack versions 6.00 through 6.02 (current) beta on PIC32 microcontrollers with IPv6 support enabled are affected.

tags | advisory, tcp, shellcode
MD5 | 56d7106cfbf44da844915e3aef4c8b99
Multithreaded SQL Injector
Posted May 1, 2013
Authored by miyachung

This is a SQL injection tool similar to havij but is super fast per the author.

tags | tool, scanner, sql injection
systems | unix
MD5 | 597f18bd7184bb9f96869056265cce93
Packet Storm New Exploits For April, 2013
Posted May 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 118 exploits added to Packet Storm in April, 2013.

tags | exploit
systems | linux
MD5 | 90447f8ee63ae01f2456fe38c2dc26f2
strongSwan IPsec Implementation 5.0.4
Posted May 1, 2013
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: This release fixes a severe security vulnerability (CVE-2013-2944) that existed in all versions 4.3.5 through 5.0.3. If the strongSwan "openssl" plugin was used for ECDSA signature verification, an empty, zeroed, or otherwise invalid signature was handled as a legitimate one.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
advisories | CVE-2013-2949
MD5 | 7085ac1d28dcc250096553fa51c3a4ea
ClamWin 0.97.8
Posted May 1, 2013
Site clamwin.com

ClamWin is a free antivirus solution for Windows that uses the well-respected ClamAV scanning engine. It includes a virus scanner, scheduler, virus database updates, context menu integration to MS Windows Explorer and Add-in to MS Outlook. Also features easy setup program.

tags | tool, virus
systems | windows
MD5 | 8c9d6990a3a12d0850f81a94d1555fdc
HITB Security Conference 2013 Call For Papers
Posted May 1, 2013
Site cfp.hackinthebox.org

The Call For Papers for the 11th annual HITB security conference in Malaysia has been announced. It will take place October 16th and the 17th, 2013, in Kuala Lumpur.

tags | paper, conference
MD5 | 963f94b41e206e9c7d77cc536ee606f3
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close