what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2013-10-28

GNU Transport Layer Security Library 3.2.5
Posted Oct 28, 2013
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release added new ciphersuites with Camellia, SHA2-256, and SHA2-384. A buffer overflow in the DANE library was corrected and several minor improvements were made.
tags | protocol, library
SHA-256 | c6fbcdcd32b2f38cca3bbfa10759556d66f4795ac6e6e50503f2ee5c08c081b7
Mandos Encrypted File System Unattended Reboot Utility 1.6.2
Posted Oct 28, 2013
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: A GnuTLS connection problem was finally fixed. A key generation bug that caused bad keys to be generated was also fixed
tags | tool, remote, root
systems | linux
SHA-256 | 6813d0b16b92618b0fef1b7fe92bb5a791828234de88360d218974919a608688
Nagios Looking Glass 1.1.0 Beta 2 Local File Inclusion
Posted Oct 28, 2013
Authored by Vyacheslav Egoshin

Nagios Looking Glass versions 1.1.0 beta 2 and below suffer from a local file inclusion vulnerability.

tags | advisory, local, file inclusion
SHA-256 | b559942ca1d79679b01289352c21da35b85fe34317420496d47a3ec476513f4a
MobileIron 4.5.4 Cross Site Scripting
Posted Oct 28, 2013
Authored by Marc Ruef, Pascal Schaufelberger

MobileIron version 4.5.4 suffers from a cross site scripting vulnerability in the device registration functionality.

tags | exploit, xss
SHA-256 | 0086a60987e5725b61729a566ad575d52c9d7f81ffe6150d619bb1da469fb747
ILIAS eLearning 4.3.4 / 4.4 Cross Site Scripting
Posted Oct 28, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ILIAS eLearning CMS versions 4.3.4 and 4.4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 59f2e84c3cc83759cdb50071ff2bddc46f93834010bcb679cfd619392d3bbd7d
WatchGuard Firewall XTM 11.7.4u1 Buffer Overflow Perl Exploit
Posted Oct 28, 2013
Authored by Jerome Nokin | Site funoverip.net

WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the perl version of the exploit.

tags | exploit, remote, overflow, perl
advisories | CVE-2013-6021
SHA-256 | 45ceb4ca62ced50ff5102abdde412ea0e3161ebbaec885e97cd203a93e46c185
WatchGuard Firewall XTM 11.7.4u1 Buffer Overflow Metasploit Module
Posted Oct 28, 2013
Authored by st3n | Site funoverip.net

WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the Metasploit module version of the exploit.

tags | exploit, remote, overflow
advisories | CVE-2013-6021
SHA-256 | 25e73d8a0ef4e8e0a8edf7728db4ae486de866a485e52d6b0401d2ff36d67792
Struts 2.3.15.3 Cross Site Scripting
Posted Oct 28, 2013
Authored by Nebula

Struts version 2.3.15.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c6554f49acdc80a0d54e90157d4de1ee7f01933f3569c0eb965debf94761230d
Netgear ReadyNAS Remote Command Execution
Posted Oct 28, 2013
Authored by anonymous, Craig Young

Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.

tags | exploit, remote, proof of concept
SHA-256 | 7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd
Ops View Pre 4.4.1 Cross Site Scripting
Posted Oct 28, 2013
Authored by Jesus Oquendo

Ops View version pre 4.4.41 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-5695
SHA-256 | f03cc918c29800f4fb81785310e92c629c35a77aaa048713a3b86f607b6c1b59
Mandriva Linux Security Advisory 2013-262
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-262 - In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal sensitive information or cryptographic keys to remote attackers.

tags | advisory, remote, crypto
systems | linux, mandriva
advisories | CVE-2013-1445
SHA-256 | 5fc98e0d42f5fd76de60ac4145a29bc092240bcb14f6ed7ad75cba5b75bbecb6
Mandriva Linux Security Advisory 2013-261
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-261 - Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-4421, CVE-2013-4434
SHA-256 | aba56fe4695484e1274e59199138625389fdcdffdb016feda736408ca221f0e3
Mandriva Linux Security Advisory 2013-260
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-260 - Multiple vulnerabilities have been discovered and corrected in x11-server. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-1166, CVE-2011-4028, CVE-2013-1940, CVE-2013-4396
SHA-256 | 50969d2a09bdf2e48ce14b12843f678f7e90396dd3d3c735132e96cfb2be5013
Mandriva Linux Security Advisory 2013-259
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-259 - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4396
SHA-256 | d73de32034766dc93737b3ea8cb07c6ae13f7aee39585ad2d16563b6745e2abb
Mandriva Linux Security Advisory 2013-258
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-258 - It was discovered that ICU contained a race condition affecting multi-threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2013-0900, CVE-2013-2924
SHA-256 | 548ed919c730db114b9bd87b6261a35bd35e86d1171dfc5eb7b59850b01cd652
Gentoo Linux Security Advisory 201310-21
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-21 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1816, CVE-2013-1817, CVE-2013-1818, CVE-2013-1951, CVE-2013-2031, CVE-2013-2032, CVE-2013-2114, CVE-2013-4301, CVE-2013-4302, CVE-2013-4303, CVE-2013-4304, CVE-2013-4305, CVE-2013-4306, CVE-2013-4307, CVE-2013-4308
SHA-256 | ac99ffc7a59e19273c6f7c08c59b9e2e2bc135cfd07f27fd127001d0bd0ca8d6
Gentoo Linux Security Advisory 201310-20
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-20 - A vulnerability in acpid2 may allow a local attacker to gain escalated privileges. Versions less than 2.0.17 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2011-2777
SHA-256 | aabf1d5fd5c7875c07a261f92c1372e4e767ccd10a4f2bdc817de1fb02971c38
Gentoo Linux Security Advisory 201310-19
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-19 - A path vulnerability in X2Go Server may allow remote execution of arbitrary code. Versions less than 4.0.0.2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2013-4376
SHA-256 | 1b4d8c2d5d5e5cc903e0656136ff595271108c26520fa60e84ddf1fb892a61a6
Debian Security Advisory 2786-1
Posted Oct 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2786-1 - The Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library.

tags | advisory
systems | linux, debian
advisories | CVE-2013-0900, CVE-2013-2924
SHA-256 | fff614ff927cf78e679c00b762b70597a0e8fafbaa8f65901ab464f3c04fa797
Gentoo Linux Security Advisory 201310-18
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-18 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to Denial of Service. Versions less than 2.12.23-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1619, CVE-2013-2116
SHA-256 | dae2553c4427a86dc8b3c9a695288ffe228b8243b84bee882ce07c7536efbf41
Gentoo Linux Security Advisory 201310-17
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-17 - pmake uses temporary files in an insecure manner, allowing for symlink attacks. Versions less than 1.111.3.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2011-1920
SHA-256 | 720961ebfdd7c172ab996cfa7fe9379f3ed54bc16906d9e466e5d2cf72806d13
Debian Security Advisory 2787-1
Posted Oct 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2787-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.

tags | advisory, imap, code execution
systems | linux, debian
advisories | CVE-2013-6172
SHA-256 | 16835cafc45de428b561f8da656aead6d60655755a053be0641fc356c2a3e1f6
Debian Security Advisory 2785-1
Posted Oct 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2785-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924, CVE-2013-2925, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928
SHA-256 | 48628ebb43be4560f718b05e27f8d8a4debb8f5353ec1e118afdb50298d992fd
Gentoo Linux Security Advisory 201310-16
Posted Oct 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-16 - Two buffer overflow vulnerabilities in TPTEST may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 3.1.7-r2 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0650, CVE-2009-0659
SHA-256 | 8ea7d93b3f09f11db13f0a5774d837544a744a76e8540d8d14e2145af3fda22c
vBulletin 4.1.x / 5.x.x Administrative User Injection
Posted Oct 28, 2013
Authored by Simo Ben Youssef

vBulletin versions 4.1.x and 5.x.x suffer from a remote unauthenticated administrative user injection vulnerability via upgrade.php.

tags | exploit, remote, php
SHA-256 | 56d71874ee918e0adb9b0501022ef1127c5fdefdaf17dc30ef3b50197d6283f7
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close