exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-05-29

ModSecurity Remote Null Pointer Dereference
Posted May 29, 2013
Authored by Younes JAAIDI

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.

tags | exploit, proof of concept
advisories | CVE-2013-2765
SHA-256 | b4e14816e4c5cdc0de651f2cc750a97fa531e3a0c488cb71922a3bc534259845
ZoneDirector User Authentication Bypass
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.

tags | advisory, web, bypass
SHA-256 | 490680f010ed632a71b903374189cc43de53208be861742cff821a065866c2aa
Monkey HTTPD 1.1.1 Denial Of Service
Posted May 29, 2013
Authored by dougtko

Monkey HTTPD version 1.1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-3724
SHA-256 | 9f43c0d9a2bd9b380f9c63f0e17d6265c76af43e959168f66ca0eb9c22f6dac0
Debian Security Advisory 2695-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
SHA-256 | a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6
Ubuntu Security Notice USN-1843-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2116
SHA-256 | bdf64ce78ce70768d1fe3ce67fda771767ed7e96de1d354350dab867eaaad7d3
Ruckus SSH Server Tunneling Issue
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.

tags | advisory, tcp, bypass
SHA-256 | 3c7292de3b3be1ee12992e0ae63f056545cf432aee257c5c37c07bd209db55b4
RSA Authentication Manager 8.0 Injection / Disclosure
Posted May 29, 2013
Site emc.com

RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2013-0947, CVE-2013-1899
SHA-256 | 51025b283bf7b06aa4e48a2045497a92ea112092445f55c38c3447b5bb77e3c5
Mandriva Linux Security Advisory 2013-169
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0219, CVE-2013-3571
SHA-256 | be1c65865610ffa4ea64d482af3d1506e85a734aee82c78be916717a870a7144
Debian Security Advisory 2696-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

tags | advisory
systems | linux, debian
advisories | CVE-2013-3551
SHA-256 | 640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bf
Ubuntu Security Notice USN-1842-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2013-2074
SHA-256 | 5c9dfe86b629e13c70465ca13b50699af22a4c89469cb4a7e9f48576a2adb371
Mandriva Linux Security Advisory 2013-170
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-170 - Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been upgraded to the latest version which is not vulnerable to this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-3571
SHA-256 | b6470f67993d2d22bc91e370c86c46404de158d07c1702819900e876709ab063
YeaLink IP Phone Firmware 9.70.0.100 Missing Authentication
Posted May 29, 2013
Authored by b0hr

YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.

tags | exploit, bypass
SHA-256 | 22671d10a80df232f64150e4e78af6be36a8803fbdb6475a8eb01087172a3425
TP-LINK WR842ND Directory Traversal
Posted May 29, 2013
Authored by Adam Simuntis

TP-LINK WR842ND suffers from a remote directory traversal vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | ac4197fdb577b1dab807bec29d445b9cd6d5ff28f301aaac5ea7915033dfc735
MIMEDefang Email Scanner 2.74
Posted May 29, 2013
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: A new "action_add_entity" function allows you to add a pre-built MIME::Entity to the message. A new "load1" command shows the load in a more convenient format than the older "load" command. Additionally, "watch-multiple-mimedefangs.tcl" takes advantage of load1 to display load graphs in a more useful format. Finally, quite a few Perl deprecations, bugs, and documentation errors were fixed.
systems | windows, unix
SHA-256 | 8235ee04f4189bc07a3fe23cd8d28c1f794edd27430d87abbda4d3a71671592d
Security Notice For CA Process Automation (CA PAM)
Posted May 29, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2010-1871
SHA-256 | 2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394d
Ubuntu Security Notice USN-1831-2
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1831-2 - USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | a50ab4b4de6a17a5bf675ce2e2d8f1ac4f8d0e30adadd5f88dc4ecf39fa42552
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close