ignore security and it'll go away
Showing 1 - 25 of 342 RSS Feed

Files Date: 2013-05-01 to 2013-05-31

HP Security Bulletin HPSBPI02869 SSRT100936 2
Posted May 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02869 SSRT100936 2 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5221
MD5 | 09e505c6f38c76b6abc5ebd1e0890c26
Suricata IDPE 1.4.2
Posted May 30, 2013
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Several accuracy issues were fixed.
tags | tool, intrusion detection
systems | unix
MD5 | c642c32e8f889448983e52a13ee8cc5f
Drupal Node Access User Reference 6.x / 7.x Access Bypass
Posted May 30, 2013
Authored by Jamie Wiseman | Site drupal.org

Drupal Node Access User Reference third party modules versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 618adebc62c83879438923175160e9c4
Maligno 0.6
Posted May 30, 2013
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | 0883e6d4f32b96eb2bbc81e6f2e31563
Drupal Edit Limit 7.x Access Bypass
Posted May 30, 2013
Authored by Morten Fangel | Site drupal.org

Drupal Edit Limit third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 555be099693b6d43763b05f3e6a54b86
Drupal Webform 6.x Cross Site Scripting
Posted May 30, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Webform third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 466e3e894fcc96d5f3c6e5f31e45e3e5
Logic Print 2013 Stack Overflow
Posted May 30, 2013
Authored by h1ch4m

Logic Print 2013 suffers from a stack overflow vulnerability.

tags | exploit, overflow
MD5 | 60d562cf4cecc4e09481af86d3e6cafd
Intrasrv Simple Web Server 1.0 Code Execution
Posted May 30, 2013
Authored by xis_one

Intrasrv Simple Web Server version 1.0 SEH based remote code execution exploit.

tags | exploit, remote, web, code execution
MD5 | 31b991d92947bef68ace5984045918d6
ModSecurity Remote Null Pointer Dereference
Posted May 29, 2013
Authored by Younes JAAIDI

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.

tags | exploit, proof of concept
advisories | CVE-2013-2765
MD5 | 3ec20deb201d633f1e0a6aa83d0a8955
ZoneDirector User Authentication Bypass
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.

tags | advisory, web, bypass
MD5 | aa5af0dae5ce625a8492959c673a9f6f
Monkey HTTPD 1.1.1 Denial Of Service
Posted May 29, 2013
Authored by dougtko

Monkey HTTPD version 1.1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-3724
MD5 | effe5ada65d21861a151015fbb49eebf
Debian Security Advisory 2695-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
MD5 | db1c0c1b5ebeb06bccd1197a692cd934
Ubuntu Security Notice USN-1843-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2116
MD5 | 79d106eca2d2fa6d8a9e9dcca34bcbfc
Ruckus SSH Server Tunneling Issue
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.

tags | advisory, tcp, bypass
MD5 | 7560f33022076cc0eab0522a28250076
RSA Authentication Manager 8.0 Injection / Disclosure
Posted May 29, 2013
Site emc.com

RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2013-0947, CVE-2013-1899
MD5 | 807309ecf23a1fa80858b34a505c1224
Mandriva Linux Security Advisory 2013-169
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0219, CVE-2013-3571
MD5 | 01e1a1f573d3a997e9efbc13d70ac0b2
Debian Security Advisory 2696-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

tags | advisory
systems | linux, debian
advisories | CVE-2013-3551
MD5 | d6ab424be74aedab96d579891f0a2b89
Ubuntu Security Notice USN-1842-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2013-2074
MD5 | e541709b211b5e70066e512ef43e5397
Mandriva Linux Security Advisory 2013-170
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-170 - Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been upgraded to the latest version which is not vulnerable to this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-3571
MD5 | 14027f389f66fb8ba5e5e1bbcbe98420
YeaLink IP Phone Firmware 9.70.0.100 Missing Authentication
Posted May 29, 2013
Authored by b0hr

YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.

tags | exploit, bypass
MD5 | 40b8c4b2eff1d8eba72f06fe7174751b
TP-LINK WR842ND Directory Traversal
Posted May 29, 2013
Authored by Adam Simuntis

TP-LINK WR842ND suffers from a remote directory traversal vulnerability.

tags | exploit, remote, file inclusion
MD5 | fc57682595f0e68afdcfb0f7926bf6dc
MIMEDefang Email Scanner 2.74
Posted May 29, 2013
Authored by David F. Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: A new "action_add_entity" function allows you to add a pre-built MIME::Entity to the message. A new "load1" command shows the load in a more convenient format than the older "load" command. Additionally, "watch-multiple-mimedefangs.tcl" takes advantage of load1 to display load graphs in a more useful format. Finally, quite a few Perl deprecations, bugs, and documentation errors were fixed.
systems | windows, unix
MD5 | 91dd5b0319648c29dcb4df61576cc50a
Security Notice For CA Process Automation (CA PAM)
Posted May 29, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2010-1871
MD5 | d5bb1287594da3517eb9920e43aa03f4
Ubuntu Security Notice USN-1831-2
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1831-2 - USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
MD5 | fcdd9e6d816e823e5f83f2108cecd2d7
TP-Link IP Camera Hardcoded Credentials / Command Injection
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2013-2573, CVE-2013-2572
MD5 | 0397c9178afefc912805b6d1eaa763a1
Page 1 of 14
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close