what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-10-17

Oracle Portal Demo Organization Chart PL/SQL Injection
Posted Oct 17, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

Oracle Portal Demo Organization Chart suffers from multiple remote PL/SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2013-3831
SHA-256 | 9cb3fdaacb46479a4b50a20bb9819648de8a75d662cac0949a85147a7341ca3e
Microweber 0.8 Arbitrary File Deletion
Posted Oct 17, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Microweber version 0.8 suffers from an arbitrary, unauthenticated file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2013-5984
SHA-256 | 00e97b9578c6ea4b1d5201d508e35d8194cb39385bfa4167d6c6fece74f8402b
Apple Security Advisory 2013-10-15-1
Posted Oct 17, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-10-15-1 - Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_65.

tags | advisory, java, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825
SHA-256 | 258593b02027118f668547ad3b7fefdda202ca3848b701fb395e649322e6a9c8
Red Hat Security Advisory 2013-1442-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1442-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, file upload
systems | linux, redhat
advisories | CVE-2013-2186
SHA-256 | 09a83cfadcd0718be4cf3282cc62e3a06504e0e11a5570e51089886170ee834f
Red Hat Security Advisory 2013-1440-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1440-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818
SHA-256 | 6928df60e04e73a408e7c5c8adee0041b01ea7e08ae1f60cbebafeaea9835d87
Red Hat Security Advisory 2013-1441-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1441-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287
SHA-256 | 4811c2f7acdc88278b99eb1119ea9720d67c46f47d011629c428a0165fbb30cb
Ubuntu Security Notice USN-1990-1
Posted Oct 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1990-1 - Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2013-4396, CVE-2013-1056, CVE-2013-1056, CVE-2013-4396
SHA-256 | 20ef9ae65651b3045515f2137dfaa94de9ff70a34ee665c2b80c0fb149236b52
Mandriva Linux Security Advisory 2013-250
Posted Oct 17, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-250 - Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of but as of 20120816, Oracle has not commented on this possibility. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. The updated packages have been upgraded to the 5.1.72 version which is not vulnerable to these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-2750, CVE-2013-3839
SHA-256 | c864968f108811c88cbf8bf6028a5edaa0d41e1d45fc7d00a66784be1d337ca6
Gentoo Linux Security Advisory 201310-11
Posted Oct 17, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-11 - An insecure temporary file usage has been reported in the Perl Parallel-ForkManager module, possibly allowing symlink attacks. Versions less than 1.20.0 are affected.

tags | advisory, perl
systems | linux, gentoo
advisories | CVE-2011-4115
SHA-256 | 55ba6a531a616f0a3152dc079409941b84363ffbd17b75937fab39b1ccd25d83
Gentoo Linux Security Advisory 201310-10
Posted Oct 17, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-10 - Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition. Versions less than 1.3.0 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1923, CVE-2012-2130, CVE-2013-0169, CVE-2013-1621, CVE-2013-4623, CVE-2013-5915
SHA-256 | 88a709ef0a86449fa6810d209ac375d4139594cffce4b83ab633a751865add55
Oracle Java SE 7 Issue 69
Posted Oct 17, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.

tags | advisory, java
SHA-256 | 8836a50caf231af0bc2808d25511d8afa12be6798b069187840e5e846e7cbf09
PayPal Mail Encoding Script Insertion
Posted Oct 17, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal suffered from a mail encoding flaw that allowed for script insertion.

tags | exploit
SHA-256 | b603bb923ee6756c0cf3b284eec6b7ad0910def98cf35aaa7a93f3ec633f161d
WordPress Image Resizer Cross Site Scripting
Posted Oct 17, 2013
Authored by Ashiyane Digital Security Team

WordPress wp-image-resizer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | f3cd5381c497d0ff9a43ff787405d39f9cede357c30e3dde558ede2858e1aae0
Level One Enterprise Access Points Password Disclosure
Posted Oct 17, 2013
Authored by Richard Weinberger

Level1 EAP Devices offer a function do download the device config file. This download mechanism is not properly protected such that an attacker can download the config file without authentication. Passwords can be retrieved at this point.

tags | exploit
SHA-256 | feb798abe8963cbdf88203291b080caa2b0b13a15a35c236457fb84cc061ff8d
Red Hat Security Advisory 2013-1437-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1437-01 - This Red Hat JBoss Portal 6.1.0 release serves as a replacement for 6.0.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-4529, CVE-2012-4572, CVE-2012-5575, CVE-2013-1921, CVE-2013-2067, CVE-2013-2102, CVE-2013-2160, CVE-2013-2172, CVE-2013-4112, CVE-2013-4128, CVE-2013-4213
SHA-256 | c561772e782ab85b102432049507a7b5cc958b68879cf92daa7410179afdf208
Red Hat Security Advisory 2013-1436-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1436-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-4162, CVE-2013-4299
SHA-256 | 303872e8ff5bca61e067a12a40cd346fa1185e503c1cbaaf1dfc656936a4a6a4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close