what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-10-24

easyXDM 2.4.16 Cross Site Scripting
Posted Oct 24, 2013
Authored by Krzysztof Kotowicz

easyXDM library versions 2.4.16 and below suffer from cross site scripting and parameter injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-5212
SHA-256 | 19287ecdc95f0de8cf7a407c73fe7767c29a4796809ff7e42f9f42c9b254d703
NetCrypt .NET Executable Packer
Posted Oct 24, 2013
Authored by Yvan Janssens | Site github.com

This tool is a proof-of-concept packer for .NET executables designed to provide a starting point to explain the basic principles of runtime packing.

tags | tool
SHA-256 | 00edbbabaeeafd89302340cee6a316b6a2882f9c7f305be53f952d2c234eaf60
Contexis CMS 1.0 Cross Site Scripting
Posted Oct 24, 2013
Authored by Juan Francisco

Contexis CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-6239
SHA-256 | ab5e2108f93cfcf2603751d8a48b52da0ef3be80421319c493809fa7004539fb
Debian Security Advisory 2783-2
Posted Oct 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2011-5036, CVE-2013-0183, CVE-2013-0184, CVE-2013-0263
SHA-256 | 7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25
Ubuntu Security Notice USN-2007-1
Posted Oct 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2007-1 - Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1067
SHA-256 | b01329a47b0a84943e0929f31ba03f709200ed7f5762f7a5ad9544c85128d498
Ubuntu Security Notice USN-2008-1
Posted Oct 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2008-1 - Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-2217
SHA-256 | bf71a760565d6513e96914418c72277da4c645c885cd2d33c760bcdbfcb9f300
Ubuntu Security Notice USN-2006-1
Posted Oct 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2006-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-3839, CVE-2013-5807
SHA-256 | cb8de417ff7f62570e9cf059820b5b3e849c9637f24c9974857bfb156a0ab65f
Red Hat Security Advisory 2013-1459-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4351, CVE-2013-4402
SHA-256 | 66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5
Red Hat Security Advisory 2013-1458-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402
SHA-256 | 4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0
Red Hat Security Advisory 2013-1457-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1457-01 - The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4242
SHA-256 | f0bc34c54d779918b986683d5fd801d334fea4b81db30f56c90de612a52fd94c
Drupal Bean 7.x Cross Site Scripting
Posted Oct 24, 2013
Authored by Francesco Quagliati | Site drupal.org

Drupal Bean third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 5e97713fe4414c722908505802236b453b4140bd483353df1873c0b578da4978
RSA Authentication Agent Bypass
Posted Oct 24, 2013
Site emc.com

In certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent. Versions 7.1 and 7.1.1 are affected.

tags | advisory, web
advisories | CVE-2013-3280
SHA-256 | 1d9bdb134e4d458497e0ceca42b57c05550f4701f6e3aab2e693ee71a6cf1843
AusCERT 2014 Call For Presentations
Posted Oct 24, 2013
Site easychair.org

The 13th Annual AusCERT Information Security Conference, AusCERT2014, is to be held on the Gold Coast, Queensland, Australia from Monday 12th - 16th May 2014, at the Royal Pines Resort. AusCERT is the premier Computer Emergency Response Team for Australia and provides information security support and advice to its members, including the higher education sector and the Australian community at large.

tags | paper, conference
SHA-256 | 9c1c0aae7c07abdb4d7a0076bd5d5c2071c6fd8594b36ba32657f9bf4d16b9b3
Avira Internet Security Filter Bypass / Privilege Escalation
Posted Oct 24, 2013
Authored by Ahmad Moghimi

Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.

tags | exploit
SHA-256 | 702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84f
Fuzzing And Software Vulnerabilities Part 1
Posted Oct 24, 2013
Authored by Ibrahim Balic

This is a whitepaper discussing fuzzing and software vulnerabilities. This is part one. It is written in Turkish.

tags | paper, vulnerability
SHA-256 | 29c607fe9abef0fbc5dd236320bcc02b3b1b6084b7be47b5e412136cdbb1b06f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close