what you don't know can hurt you
Showing 1 - 25 of 30 RSS Feed

Files Date: 2013-08-23

FreeBSD Security Advisory - sctp Kernel Memory Disclosure
Posted Aug 23, 2013
Authored by Michael Tuexen, Julian Seward | Site security.freebsd.org

FreeBSD Security Advisory - When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted. This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include an user-entered password.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2013-5209
MD5 | 14f68578cd5c9bc887fcbe719dc74c0e
FreeBSD Security Advisory - IP_MSFILTER Integer Overflow
Posted Aug 23, 2013
Authored by Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation.

tags | advisory, overflow, kernel
systems | freebsd
advisories | CVE-2013-3077
MD5 | 22c046761afc564563c218783799e9d9
Debian Security Advisory 2740-1
Posted Aug 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2740-1 - Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework.

tags | advisory, web, xss, python
systems | linux, debian
MD5 | 6c8351584b4cdf8fb45211c3e1774015
Gentoo Linux Security Advisory 2013-08-04
Posted Aug 23, 2013
Site security.gentoo.org

Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-6120, CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275, CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
MD5 | b7bd9bc6b79ccc873e88b20f9c3dfd01
Mandriva Linux Security Advisory 2013-219
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-219 - Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. Pedro Ribeiro discovered a use-after-free flaw in the t2p_readwrite_pdf_image\(\) function in tiff2pdf, a tool for converting a TIFF image to a PDF document. A remote attacker could provide a specially-crafted TIFF file that, when processed by tiff2pdf, would cause tiff2pdf to crash or, potentially, execute arbitrary code with the privileges of the user running tiff2pdf.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4231, CVE-2013-4232
MD5 | 5a46aeb467c6d8cb4c1a09a27480ea13
Samba nttrans Denial Of Service
Posted Aug 23, 2013
Authored by x90c

Samba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.

tags | exploit, remote, denial of service
advisories | CVE-2013-4124
MD5 | b79361919f1960c55e71a2fbbc77d6fb
Mandriva Linux Security Advisory 2013-218
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-218 - The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript.

tags | advisory, web, javascript, xss, python
systems | linux, mandriva
advisories | CVE-2013-4249
MD5 | 38edde2eb54f73c4a16243f11925b673
Mandriva Linux Security Advisory 2013-217
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-217 - Updated spice packages address a vulnerability. A user able to initiate spice connection to the guest could use a flaw in server/red_channel.c to crash the guest.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4130
MD5 | 39e7e0739cebabfb2132b95499ff7659
Mandriva Linux Security Advisory 2013-216
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

tags | advisory, arbitrary, local, perl
systems | linux, mandriva
advisories | CVE-2011-4363
MD5 | c80d859fc2ba7de640b1f34ecaf0f212
FICOBank Information Disclosure / Cross Site Scripting
Posted Aug 23, 2013
Authored by Juan Carlos Garcia

FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.

tags | exploit, vulnerability, xss
MD5 | f6e914a9f3008e9a153eea26c6fd138f
mooSocial 1.3 Cross Site Scripting / Local File Inclusion
Posted Aug 23, 2013
Authored by Esac

mooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 0772162cda3ad873db8317f24ede9024
Spring Framework XXE Injection
Posted Aug 23, 2013
Authored by Alvaro Munoz

Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.

tags | advisory, xxe
advisories | CVE-2013-4152
MD5 | 30e50f109347a2713fca06c1babd6db7
Cloudflare Cross Site Scripting
Posted Aug 23, 2013
Authored by Glenn Grant

Cloudflare suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 21a3d66d6c5eecaf994d2b6fe76949e7
Paypal Account Deletion
Posted Aug 23, 2013
Authored by Cernica Ionut Cosmin | Site vulnerability-lab.com

Paypal suffers from an arbitrary account deletion vulnerability that leverages unvalidated email account additions.

tags | exploit, arbitrary
MD5 | ff6d030cf675b57bd78668a4abac4f67
GDD FLVPlayer 3.635 Cross Site Scripting / Content Spoofing
Posted Aug 23, 2013
Authored by MustLive

GDD FLVPlayer version 3.635 suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | d769bdcc11fca24f53935929d133a68c
VMware Security Advisory 2013-0010
Posted Aug 23, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0010 - VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.

tags | advisory
systems | linux
advisories | CVE-2013-1662
MD5 | d8abf50142599d6998f008ebf1b8cb47
Gentoo Linux Security Advisory 201308-03
Posted Aug 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-3 - Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation. Versions less than 9.5.5 are affected.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1525, CVE-2012-1530, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4748, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4363, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608
MD5 | 3cf9b11834e724263ad48bfffea1396e
Gentoo Linux Security Advisory 201308-02
Posted Aug 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201308-2 - A vulnerability has been found in D-Bus which allows a local user to cause a Denial of Service. Versions less than 1.6.12 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2013-2168
MD5 | 2830c9c951c970c298b66e550af06ccf
Slackware Security Advisory - poppler Updates
Posted Aug 23, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New poppler packages are available for Slackware 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2012-2142.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-2142
MD5 | e25b38ca937c2d2a7595c0d28b2d8113
Loftek CSRF / Memory Dump / Credential Disclosure
Posted Aug 23, 2013
Authored by Craig Young

This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.

tags | exploit, vulnerability, proof of concept, csrf
systems | linux
advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314
MD5 | 02aea1a11fbe505a39d5b5245b30b28d
Joomla Virtuemart 2.0.22a SQL Injection
Posted Aug 23, 2013
Authored by Matias Fontanini

Joomla VirtueMart component versions 2.0.22a and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 318ae197f7af2f69c7e8bd28d8733f01
PhpVibe 3.1 Shell Upload
Posted Aug 23, 2013
Authored by Gabby

PhpVibe version 3.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | e36648967d66246de7c907d2904841ed
HP Security Bulletin HPSBST02897
Posted Aug 23, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02897 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-2353
MD5 | 9a4d3cb7dd0c4dbe1dbe24dd29113c54
Slackware Security Advisory - xpdf Updates
Posted Aug 23, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2012-2142.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-2142
MD5 | 99a627998219d71ff36edaa6f8c9d89e
Mandriva Linux Security Advisory 2013-215
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-215 - SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0.8.8b version which is not vulnerable to these issues.

tags | advisory, shell, sql injection
systems | linux, mandriva
advisories | CVE-2013-1434, CVE-2013-1435
MD5 | 772063ce9729042f667ba72a10e15d72
Page 1 of 2
Back12Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close