Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-09-13

Apple Security Advisory 2013-09-12-2
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-2 - Safari 5.1.10 is now available. Multiple memory corruption issues existed in JavaScriptCore's JSArray::sort() method. These issues were addressed through additional bounds checking.

tags | advisory
systems | apple
advisories | CVE-2012-3748, CVE-2013-0997
MD5 | c74c81e084722951027412b281dbdca5
Apple Security Advisory 2013-09-12-1
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.

tags | advisory
systems | apple, osx
advisories | CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
MD5 | 96c6f398543b51223ffc420751d9b016
WordPress Design-Approval-System 3.6 Cross Site Scripting
Posted Sep 13, 2013
Authored by Alexandro Silva

WordPress Design-Approval-System version 3.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5711
MD5 | 92454189f3562ef951736a2669f8e423
Zimbra Collaboration Suite 6.0.16 Session Replay
Posted Sep 13, 2013
Authored by Brian Warehime

Zimbra Collaboration Suite (ZCS) version 6.0.16 suffers from a session replay vulnerability.

tags | advisory
advisories | CVE-2013-5119
MD5 | f43524472f76bb5c4e0e7bf93bfc30e4
Mandriva Linux Security Advisory 2013-234
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-234 - Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWED_INCLUDE_ROOTS' setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulnerable to a directory traversal attack, by specifying a file path which begins as the absolute path of a directory in 'ALLOWED_INCLUDE_ROOTS', and then uses relative paths to break free. To exploit this vulnerability an attacker must be in a position to alter templates on the site, or the site to be attacked must have one or more templates making use of the 'ssi' tag, and must allow some form of unsanitized user input to be used as an argument to the 'ssi' tag. The updated packages have been patched to correct this issue.

tags | advisory, web, python
systems | linux, mandriva
advisories | CVE-2013-4315
MD5 | fdd8b36b93d68881509c5aa45bb67304
Mandriva Linux Security Advisory 2013-233
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-233 - The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing. The updated packages have been patched to correct this issue.

tags | advisory, spoof
systems | linux, mandriva
advisories | CVE-2013-4314
MD5 | 6af622b3daf3682e4286f7bcba6fc28d
Mandriva Linux Security Advisory 2013-232
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-232 - Multiple vulnerabilities has been discovered and corrected in libmodplug. An integer overflow within the abc_set_parts() function can be exploited to corrupt heap memory via a specially crafted ABC file. An error within the abc_MIDI_drum() and abc_MIDI_gchord() functions can be exploited to cause a buffer overflow via a specially crafted ABC file. The updated packages have been patched to correct these issues.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4233, CVE-2013-4234
MD5 | d7f2978be344ae81deac47cf98b8715c
Debian Security Advisory 2753-1
Posted Sep 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2753-1 - It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4302
MD5 | 324ac8ee4360be514976b71f5ad059d2
WordPress Mukioplayer 1.6 SQL Injection
Posted Sep 13, 2013
Authored by Ashiyane Digital Security Team

WordPress Mukioplayer plugin version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 133dd26b8d7e32b5a57520c07deed5d9
Uploadify 2.1.4 File Upload / XSS / File Deletion
Posted Sep 13, 2013
Authored by MustLive

Uploadify version 2.1.4 suffers from cross site scripting, arbitrary file deletion, and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
MD5 | 7fc4fc40c8456ae9fc0b228e910ab155
Gentoo Linux Security Advisory 201309-05
Posted Sep 13, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-5 - Multiple vulnerabilities have been found in pip, which may allow remote attackers to execute arbitrary code or local attackers to conduct symlink attacks. Versions less than 1.3.1 are affected.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1629, CVE-2013-1888
MD5 | 3c972fbe9d32e948e912b7724c095dcc
Ubuntu Security Notice USN-1950-1
Posted Sep 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1950-1 - It was discovered that Light Display Manager created .Xauthority files with incorrect permissions. A local attacker could use this flaw to bypass access restrictions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4331
MD5 | 8f97736f540464718a881b79f1872b1a
GNU Privacy Guard 2.0.21
Posted Sep 13, 2013
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: With gpg-agent, by default users are now asked via the Pinentry whether they trust an X.509 root key. To prohibit interactive marking of such keys, the new option --no-allow-mark-trusted may be used. The command KEYINFO has options to add info from sshcontrol for gpg-agent. The included ssh agent now supports ECDSA keys. The new option --enable-putty-support allows gpg-agent to act on Windows as a Pageant replacement with full smartcard support. This release supports installation as a portable application under Windows.
tags | tool, encryption
MD5 | 48c05f5dfe97cf21ae0ced811aaad750
OpenDNSSEC 1.4.2
Posted Sep 13, 2013
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: This release adds an option for 'ods-ksmutil key generate' to take the number of zones as a parameter. Several important bugfixes have been made.
tags | tool
systems | unix
MD5 | 4ac59962721632e07cfb03405fdd152c
Zimplit CMS 3.0 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 13, 2013
Authored by Yashar shahinzadeh

Zimplit CMS version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 855daad69105185ae9639f25258e9bcf
ImmuniWeb Self Fuzzer Firefox Extension
Posted Sep 13, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

This whitepaper discusses the ImmuniWeb Self-Fuzzer Firefox Extension. It is designed to detect cross site scripting and SQL injection vulnerabilities in web applications.

tags | paper, web, vulnerability, xss, sql injection, fuzzer
MD5 | c76ef34a172685ad02855df643f9620a
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close