Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-09-13

Apple Security Advisory 2013-09-12-2
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-2 - Safari 5.1.10 is now available. Multiple memory corruption issues existed in JavaScriptCore's JSArray::sort() method. These issues were addressed through additional bounds checking.

tags | advisory
systems | apple
advisories | CVE-2012-3748, CVE-2013-0997
MD5 | c74c81e084722951027412b281dbdca5
Apple Security Advisory 2013-09-12-1
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.

tags | advisory
systems | apple, osx
advisories | CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
MD5 | 96c6f398543b51223ffc420751d9b016
WordPress Design-Approval-System 3.6 Cross Site Scripting
Posted Sep 13, 2013
Authored by Alexandro Silva

WordPress Design-Approval-System version 3.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5711
MD5 | 92454189f3562ef951736a2669f8e423
Zimbra Collaboration Suite 6.0.16 Session Replay
Posted Sep 13, 2013
Authored by Brian Warehime

Zimbra Collaboration Suite (ZCS) version 6.0.16 suffers from a session replay vulnerability.

tags | advisory
advisories | CVE-2013-5119
MD5 | f43524472f76bb5c4e0e7bf93bfc30e4
Mandriva Linux Security Advisory 2013-234
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-234 - Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWED_INCLUDE_ROOTS' setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulnerable to a directory traversal attack, by specifying a file path which begins as the absolute path of a directory in 'ALLOWED_INCLUDE_ROOTS', and then uses relative paths to break free. To exploit this vulnerability an attacker must be in a position to alter templates on the site, or the site to be attacked must have one or more templates making use of the 'ssi' tag, and must allow some form of unsanitized user input to be used as an argument to the 'ssi' tag. The updated packages have been patched to correct this issue.

tags | advisory, web, python
systems | linux, mandriva
advisories | CVE-2013-4315
MD5 | fdd8b36b93d68881509c5aa45bb67304
Mandriva Linux Security Advisory 2013-233
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-233 - The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing. The updated packages have been patched to correct this issue.

tags | advisory, spoof
systems | linux, mandriva
advisories | CVE-2013-4314
MD5 | 6af622b3daf3682e4286f7bcba6fc28d
Mandriva Linux Security Advisory 2013-232
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-232 - Multiple vulnerabilities has been discovered and corrected in libmodplug. An integer overflow within the abc_set_parts() function can be exploited to corrupt heap memory via a specially crafted ABC file. An error within the abc_MIDI_drum() and abc_MIDI_gchord() functions can be exploited to cause a buffer overflow via a specially crafted ABC file. The updated packages have been patched to correct these issues.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4233, CVE-2013-4234
MD5 | d7f2978be344ae81deac47cf98b8715c
Debian Security Advisory 2753-1
Posted Sep 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2753-1 - It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4302
MD5 | 324ac8ee4360be514976b71f5ad059d2
WordPress Mukioplayer 1.6 SQL Injection
Posted Sep 13, 2013
Authored by Ashiyane Digital Security Team

WordPress Mukioplayer plugin version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 133dd26b8d7e32b5a57520c07deed5d9
Uploadify 2.1.4 File Upload / XSS / File Deletion
Posted Sep 13, 2013
Authored by MustLive

Uploadify version 2.1.4 suffers from cross site scripting, arbitrary file deletion, and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
MD5 | 7fc4fc40c8456ae9fc0b228e910ab155
Gentoo Linux Security Advisory 201309-05
Posted Sep 13, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-5 - Multiple vulnerabilities have been found in pip, which may allow remote attackers to execute arbitrary code or local attackers to conduct symlink attacks. Versions less than 1.3.1 are affected.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1629, CVE-2013-1888
MD5 | 3c972fbe9d32e948e912b7724c095dcc
Ubuntu Security Notice USN-1950-1
Posted Sep 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1950-1 - It was discovered that Light Display Manager created .Xauthority files with incorrect permissions. A local attacker could use this flaw to bypass access restrictions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4331
MD5 | 8f97736f540464718a881b79f1872b1a
GNU Privacy Guard 2.0.21
Posted Sep 13, 2013
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: With gpg-agent, by default users are now asked via the Pinentry whether they trust an X.509 root key. To prohibit interactive marking of such keys, the new option --no-allow-mark-trusted may be used. The command KEYINFO has options to add info from sshcontrol for gpg-agent. The included ssh agent now supports ECDSA keys. The new option --enable-putty-support allows gpg-agent to act on Windows as a Pageant replacement with full smartcard support. This release supports installation as a portable application under Windows.
tags | tool, encryption
MD5 | 48c05f5dfe97cf21ae0ced811aaad750
OpenDNSSEC 1.4.2
Posted Sep 13, 2013
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: This release adds an option for 'ods-ksmutil key generate' to take the number of zones as a parameter. Several important bugfixes have been made.
tags | tool
systems | unix
MD5 | 4ac59962721632e07cfb03405fdd152c
Zimplit CMS 3.0 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 13, 2013
Authored by Yashar shahinzadeh

Zimplit CMS version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 855daad69105185ae9639f25258e9bcf
ImmuniWeb Self Fuzzer Firefox Extension
Posted Sep 13, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

This whitepaper discusses the ImmuniWeb Self-Fuzzer Firefox Extension. It is designed to detect cross site scripting and SQL injection vulnerabilities in web applications.

tags | paper, web, vulnerability, xss, sql injection, fuzzer
MD5 | c76ef34a172685ad02855df643f9620a
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close