the original cloud security
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-11-25

Gentoo Linux Security Advisory 201311-15
Posted Nov 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-15 - Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure. Versions less than 2.0.9_rc1-r2 are affected.

tags | advisory, denial of service, vulnerability, sql injection, info disclosure
systems | linux, gentoo
advisories | CVE-2010-1277, CVE-2011-2904, CVE-2011-3263, CVE-2011-4674, CVE-2012-3435, CVE-2013-1364, CVE-2013-5572
MD5 | 21558ae9febd5bc3a5aac21334e6e6fe
Gentoo Linux Security Advisory 201311-16
Posted Nov 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-16 - A vulnerability has been found in fcron, allowing local attackers to conduct symlink attacks. Versions less than 3.0.5-r2 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2010-0792
MD5 | 11d4eeed3e704fa4b64df89e385ddb2e
Mandriva Linux Security Advisory 2013-283
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
MD5 | 00c15430c48c02c8fc0e9a33edb3e18e
GNU Transport Layer Security Library 3.2.7
Posted Nov 25, 2013
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Several improvements in smart card handling, in the handling of the pre-DTLS-1.0 protocol used in OpenConnect, and record decompression. Support has been added for writing the "no well defined" expiration date in certificates.
tags | protocol, library
MD5 | c27d14fe6ad9dc10deddc7e561e0eb63
NETGEAR ReadyNAS Perl Code Evaluation
Posted Nov 25, 2013
Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com

This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.

tags | exploit, web, perl
advisories | CVE-2013-2751, OSVDB-98826
MD5 | d85b0453ec7ff515ff45ea5c314d7ddc
Mandriva Linux Security Advisory 2013-282
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-282 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.

tags | advisory, web, perl
systems | linux, mandriva
advisories | CVE-2013-4407
MD5 | 0ddfc3240a1698dbf7909f4a8e0ae9f4
IPSet Bash Completion 2.3
Posted Nov 25, 2013
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Some bugs have been fixed. Input validation is now optional. The default completion behavior slightly changed. Some improvements in completion of testing port ranges have been implemented. Hostname and completion of networks have been added to the "range" option when creating bitmap:ip and bitmap:ip,mac types of sets.
tags | tool, shell, firewall, bash
systems | linux, unix
MD5 | 16782c427a2abf31be4ef5e1d33d4134
Pirelli Discus DRG A125g Remote SSID Change
Posted Nov 25, 2013
Authored by Sebastian Magof

Pirelli Discus DRG A125g suffers from a remote SSID changing vulnerability.

tags | exploit, remote
MD5 | 08fb3ac614e085b05f572330b311d5e4
Pirelli Discus DRG A125g Remote Wifi Password Change
Posted Nov 25, 2013
Authored by Sebastian Magof

Pirelli Discus DRG A125g suffers from a remote wifi password change vulnerability.

tags | exploit, remote
MD5 | 182a9a2ce85370ef5f0361fa6ebb7f9a
IPTables Bash Completion 1.1
Posted Nov 25, 2013
Authored by AllKind | Site sourceforge.net

iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.

Changes: New in this version is support for the new options coming with iptables 1.4.21. The SYNPROXY target and the --nowildcard option of the socket match.
tags | tool, firewall
systems | linux, unix
MD5 | aabc568b534b673ea0fc1ab0abe104f9
Mandriva Linux Security Advisory 2013-281
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-281 - Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4547
MD5 | 06a5283c1a6fbb31b95a0dd175a0aad6
Tapuz Flix Password Bypass
Posted Nov 25, 2013
Authored by Liad Mizrachi

Tapuz Flix suffers from a video password bypass vulnerability.

tags | exploit, bypass
MD5 | a61a1ca391b6539a79e5259de50dc577
LimeSurvey 2.00+ Build 131107 Cross Site Scripting / SQL Injection
Posted Nov 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

LimeSurvey 2.00+ build 131107 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | cda51531db8ea4e92b2aa94addd4bd1a
Pirelli Discus DRG A125g Password Disclosure
Posted Nov 25, 2013
Authored by Sebastian Magof

Pirelli Discus DRG A125g suffers from a local password disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | ed16fa5742366c33440b8bd4fa17b137
TPLINK WR740N / WR740ND Cross Site Request Forgery
Posted Nov 25, 2013
Authored by Samandeep Singh

TPLINK WR740N / WR740ND suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | c9afd7890d3ecf139b2a7ad20077ebe6
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close