what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2013-06-18

FreeBSD Security Advisory - mmap Privilege Escalation
Posted Jun 18, 2013
Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. This error can be exploited to allow unauthorized modification of an arbitrary file to which the attacker has read access, but not write access. Depending on the file and the nature of the modifications, this can result in privilege escalation. To exploit this vulnerability, an attacker must be able to run arbitrary code with user privileges on the target system.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2013-2171
MD5 | 6b93f76d05b988e765c69c621431c185
Apache Santuario XML Security For C++ Signature Bypass
Posted Jun 18, 2013
Authored by James Forshaw

The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content. The vulnerability affects only applications that do not perform proper checking/analysis of the content of the Reference elements in the Signature, but the bug exacerbates this problem by opening such applications to attacks using arbitrary content, instead of just attacks involving malicious, but signed, content. Versions prior to 1.7.1 are affected.

tags | advisory, arbitrary, spoof
advisories | CVE-2013-2153
MD5 | 6909adda4a133b3bb2789f0b09950d0f
Technical Cyber Security Alert 2013-168A
Posted Jun 18, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-168A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
MD5 | bff5ad4cedd93b2213ecb210674d4992
Ubuntu Security Notice USN-1884-1
Posted Jun 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1884-1 - It was discovered that LibRaw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against LibRaw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2126
MD5 | f78ad11e0a38ca9e9c0e9e15c75e2213
Ubuntu Security Notice USN-1885-1
Posted Jun 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1885-1 - It was discovered that libKDcraw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against libKDcraw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2126
MD5 | 4d3226def4d5e16b235d8096d008e207
Debian Security Advisory 2710-1
Posted Jun 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156
MD5 | 525549cd799522023f2f2b7008911282
Red Hat Security Advisory 2013-0953-01
Posted Jun 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0953-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2487, CVE-2011-2730, CVE-2012-5575
MD5 | d6e45f9d2657a86da3110a6ff2f8d37d
Apple Security Advisory 2013-06-18-1
Posted Jun 18, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-06-18-1 - Java for OS X 2013-004 and Mac OS X v10.6 Update 16 are now available and addresses multiple vulnerabilities that include arbitrary code execution issues.

tags | advisory, java, arbitrary, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468
MD5 | f7e54cee19875174b4926cc672430177
Joomla Cryptography Weakness
Posted Jun 18, 2013
Authored by Marco Beierer

All current and past versions of Joomla up to 1.5.26, 2.5.11, and 3.1.1 use ECB mode when performing encryption with JCryptCipherSimple.

tags | exploit
MD5 | 4f6a7ed0a5fbb124164d4ed09d7b93a0
Apache Santuario XML Security For C++ Heap Overflow
Posted Jun 18, 2013
Authored by James Forshaw

A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. If verification of the signature occurs prior to actual evaluation of a signing key, this could be exploited by an unauthenticated attacker. Apache Santuario XML Security for C++ library versions prior to 1.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2156
MD5 | e9bfa2ee300325c5ed08df2593f5a6ff
Apache Santuario XML Security For C++ Denial Of Service / Bypass
Posted Jun 18, 2013
Authored by James Forshaw

A bug exists in the processing of the output length of an HMAC-based XML Signature that would cause a denial of service when processing specially chosen input. Exploitation of this issue does not require authenticated content. In very unusual cases, inputs could be chosen in such a way that the fix for the issue in CVE-2009-0217 could be bypassed, enabling improper verification of a signature. Versions prior to 1.7.1 are affected.

tags | advisory, denial of service
advisories | CVE-2013-2155
MD5 | a1fb07cc6fa97feddc0acf800c8a09d8
Apache Santuario XML Security For C++ Stack Overflow
Posted Jun 18, 2013
Authored by James Forshaw

A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Versions prior to 1.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154
MD5 | 2e4c041ed6441f26334548c790ec639b
Canon Printer DoS / Secret Disclosure
Posted Jun 18, 2013
Authored by Matt Andreko

Various Canon printers suffer from a lack of password authentication, denial of service, and WEP/WPA/WPA2 secret disclosure vulnerabilities. Models affected include, but are not limited to, MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, and MX920.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2013-4613, CVE-2013-4614, CVE-2013-4615
MD5 | a91e80829313ed72184588310e6fde87
imacs CMS 0.3.0 Shell Upload
Posted Jun 18, 2013
Authored by CWH Underground

imacs CMS version 0.3.0 remote shell upload exploit.

tags | exploit, remote, shell
MD5 | d876ad99d7e8551305e8e8199445adb3
Et-Chat 3.07 Privilege Escalation / Shell Upload
Posted Jun 18, 2013
Authored by Mr.XpR

Et-Chat version 3.07 suffers from a privilege escalation vulnerability that then enables a user to upload a shell.

tags | exploit, shell
MD5 | cb73be1fb5dc2d4ca29aa9bc095c83e3
Debian Security Advisory 2709-1
Posted Jun 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2709-1 - Multiple vulnerabilities were discovered in the dissectors for CAPWAP, GMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave file parser, which could result in denial of service or the execution of arbitrary code.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-4074, CVE-2013-4075, CVE-2013-4076, CVE-2013-4077, CVE-2013-4078, CVE-2013-4081, CVE-2013-4082, CVE-2013-4083
MD5 | 1bf02e62c86e2817877e96c05eb8bc1f
Mandriva Linux Security Advisory 2013-175
Posted Jun 18, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-175 - Cross-site scripting vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. Cross-site scripting vulnerabilities in core/js/oc-dialogs.js via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and other versions before 4.0.16 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. This advisory provides the latest versions of owncloud which is not vulnerable to these issues.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2013-2150, CVE-2013-2149
MD5 | 4e00e6cd3204afeb80de1197b288b8d9
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close