what you don't know can hurt you
Showing 1 - 25 of 377 RSS Feed

Files Date: 2013-07-01 to 2013-07-31

Red Hat Security Advisory 2013-1115-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1115-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4854
MD5 | 9c65945612e3581011723ef25d54df28
Red Hat Security Advisory 2013-1116-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1116-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that Red Hat Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-2219
MD5 | 39fc28a50880b164efb211cd9e901332
Red Hat Security Advisory 2013-1114-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1114-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4854
MD5 | 89b30d877c8ab37edd6678c40156375d
HP Security Bulletin HPSBGN02904
Posted Jul 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02904 - Potential security vulnerabilities have been identified with HP SiteScope running SOAP. The vulnerabilities could be remotely exploited to allow execution of code. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2367
MD5 | baea08097059aa34e175c45855634e8d
WorldCIST 14 Call For Papers
Posted Jul 30, 2013
Site aisti.eu

The 2014 World Conference on Information Systems and Technologies Call For Papers has been announced. It will take place April 15th through the 18th, 2014, at Madeira Island, Portugal.

tags | paper, conference
MD5 | dd7ab0cd7f73a362ab65fa610c215296
DNS Reflection / Amplification Attack Tool
Posted Jul 30, 2013
Authored by Mark Osborne

dns_spquery.c is written in C and sends a DNS recursive name query to a name server of your choice with a spoofed source IP address selected at runtime. This tool was written in order to demonstrate a DNS reflection / amplification attack for testing purposes.

tags | denial of service, spoof
MD5 | 7236af12aac4f6f7eff42717b3ebf56c
Conexao Segura Com Tunneling
Posted Jul 30, 2013
Authored by W1ckerMan

This is a brief paper discussing how tunneling works and how to leverage SSH and UDP tunneling. Written in Portuguese.

tags | paper, udp
MD5 | 2795b66401624c378ba765a27226d22c
Colentado De Informacoes Em Websites
Posted Jul 30, 2013
Authored by W1ckerMan

This brief whitepaper is about web crawlers, in particular DIRB web crawler, and an analysis on how gathering information with crawlers can be dangerous for sites. Written in Portuguese.

tags | paper, web
MD5 | dd95b22e182fafab12933bbaf31fd955
Bigace CMS 2.7.8 Cross Site Request Forgery
Posted Jul 30, 2013
Authored by Yashar shahinzadeh

Bigace CMS version 2.7.8 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7ca35bc665ced8790ac6f138e7c72d0f
Ubuntu Security Notice USN-1914-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1914-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | cf38aba678e6d1443fe7fc99783ec1c3
Ubuntu Security Notice USN-1912-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1912-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851
MD5 | f7081bbd33fd99951255957966b1d807
Ubuntu Security Notice USN-1913-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1913-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851
MD5 | 15593f075ab1375f6bf2ad62c532c290
Ubuntu Security Notice USN-1918-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1918-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 334b45483613f6e585f6541bee6932d3
Ubuntu Security Notice USN-1917-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1917-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | f59e6e241936919b46f7f7d31f47d7ad
Ubuntu Security Notice USN-1919-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1919-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | b4c08885e4786f1af20ba426c85f500f
Ubuntu Security Notice USN-1915-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1915-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 350ffcd77f0b13e37295bc1d0cdfefe9
Ubuntu Security Notice USN-1916-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1916-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 0cb60c758ed5219a86c8591323aab74b
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
Posted Jul 29, 2013
Authored by juan vazquez, Dave Weinstein | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.

tags | exploit, php
MD5 | 370df352e83a2de9ec2c063ee1b2c4c5
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
Posted Jul 29, 2013
Authored by juan vazquez, Dave Weinstein | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.

tags | exploit, php
MD5 | 9f5105de172f003eebfb122d6b1f563c
PineApp Mail-SeCure livelog.html Arbitrary Command Execution
Posted Jul 29, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.

tags | exploit, php
MD5 | d17400c28ae6dc6e4e23eb68f2fcd0d1
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
Posted Jul 29, 2013
Authored by Tavis Ormandy, Axel Souchet | Site metasploit.com

The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.

tags | exploit, web, kernel
systems | windows, vista
advisories | CVE-2013-0008, OSVDB-88966
MD5 | bf765133ef2a04116cd29a63ed9e4763
FluxBB 1.5.3 XSS / CSRF / URL Redirection
Posted Jul 29, 2013
Authored by LiquidWorm | Site zeroscience.mk

FluxBB version 1.5.3 suffers from cross site scripting, cross site request forgery, and URL redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 8767b191d220e6c3f0e0ea91472cc534
Debian Security Advisory 2731-1
Posted Jul 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2731-1 - Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.

tags | advisory, local
systems | linux, debian
advisories | CVE-2013-4242
MD5 | 186cef92434fe810db9d11d6c7553ae9
Ubuntu Security Notice USN-1911-1
Posted Jul 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1911-1 - It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4160
MD5 | 26389e2f60404d8f7ab9cf3796f09bdf
EMC NetWorker Information Disclosure
Posted Jul 29, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Versions affected include EMC NetWorker 8.0.0.x, 8.0.1.x, and 7.6.x.x.

tags | advisory
advisories | CVE-2013-0943
MD5 | e330884abd7899cc0cd10e53e1f4d026
Page 1 of 16
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close