what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-11-26

Debian Security Advisory 2803-1
Posted Nov 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2236, CVE-2013-6051
SHA-256 | bb3b05ec11b37b0531a2aca1e1d48ff15bede13374e77f396d94caf2a28756ab
Mandriva Linux Security Advisory 2013-286
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-286 - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using JSON.parse. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary, ruby
systems | linux, mandriva
advisories | CVE-2013-4164
SHA-256 | cfc0fd3fa54abb9bde25559ea8dbc09a703b2fccbe2ead469de45ba5d983b687
Mandriva Linux Security Advisory 2013-285
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.

tags | advisory, remote, web, arbitrary, cgi, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743
SHA-256 | 218ee3f02337407ea357a0fe94a4fa234c1430469d582fb26b223bd5e81d8b83
Open-Xchange frontend6 6.22.4 / backend 7.4.0 Cross Site Scripting
Posted Nov 26, 2013
Authored by Martin Braun

Open-Xchange frontend6 and backend components suffer from cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-6242
SHA-256 | 2ba2cbc9a883832dff4e72cc423bdd151e4c15a2909a181acd3f69ebb3b75e51
Audacious Player 3.4.2 / 3.4.1 Denial Of Service
Posted Nov 26, 2013
Authored by Akin Tosunlar

Audacious Player versions 3.4.1 and 3.4.2 denial of service proof of concept crash exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 2108629d3923e262d6697e389444978f6e9c5342756dce80acc4e5852cb48f96
WordPress Optinfirex Cross Site Scripting
Posted Nov 26, 2013
Authored by Ashiyane Digital Security Team

WordPress Optinfirex third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 406b64a71217b4d7101b4e75837a87536ec5f4df1b52cca998fe666d372c6537
WordPress Amerisale-Re Cross Site Scripting
Posted Nov 26, 2013
Authored by Ashiyane Digital Security Team

WordPress Amerisale-Re third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | dd9af24538474b4be70e9304d308e609bd382701c86aaeaaa6dd00cff815eadd
Palo Alto Networks PanOS 5.0.8 XSS / CSRF
Posted Nov 26, 2013
Authored by Thomas Pollet

Palo Alto Networks PanOS versions 5.0.l8 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 0128c8519b469367add23f825da0f04e65d811cb5874370e064fdbed3fe6a5fc
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field, counting the number of elements on the collection. By calling the remove() method on an empty CardSpaceClaimCollection it is possible to underflow the length field, storing a negative integer. Later, a call to the add() method will use the corrupted length field to compute the address where write into the SafeArray data, allowing to corrupt memory with a pointer to controlled contents. This Metasploit module achieves code execution by using VBScript as discovered in the wild on November 2013 to (1) create an array of html OBJECT elements, (2) create holes, (3) create a CardSpaceClaimCollection whose SafeArray data will reuse one of the holes, (4) corrupt one of the legit OBJECT elements with the described integer overflow and (5) achieve code execution by forcing the use of the corrupted OBJECT.

tags | exploit, overflow, code execution, activex
advisories | CVE-2013-3918, OSVDB-99555
SHA-256 | 58f2175e1ed88e1751853e1d2aa79f7740fb2c4be64b98ebf51299e06cc219c0
Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
Posted Nov 26, 2013
Authored by Vitaliy Toropov, juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible to dereference arbitrary memory which easily leverages to arbitrary code execution. In order to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class from System.Windows.dll. This Metasploit module has been tested successfully on IE6 - IE10, Windows XP SP3 / Windows 7 SP1 on both x32 and x64 architectures.

tags | exploit, arbitrary, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896, OSVDB-91147, OSVDB-98223
SHA-256 | 3905f49c6a63195a8b150b72b89466bf89d932607328806dbfade7ebf03e25ce
Apache Roller OGNL Injection
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method. This Metasploit module has been tested successfully on Apache Roller 5.0.1 on Ubuntu 10.04.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2013-4212
SHA-256 | f01bd114b927e26a90df13f09d56f596bd7f9e60085c40975d0c9cb27ffe8c08
Kernel MSM Memory Leak
Posted Nov 26, 2013
Authored by Jonathan Salwan

Kernel MSM versions prior to 3.10 suffer from a memory leak in the Genlock driver.

tags | advisory, kernel, memory leak
advisories | CVE-2013-6392
SHA-256 | bab34632681acb34290802692cd529eb033d5bfde86c6aaad103565ca18886e2
Ubuntu Security Notice USN-2034-1
Posted Nov 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2034-1 - Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4477
SHA-256 | ef9b36d31a347025ca7888b49d3b6bf656af60651b29c0135174ed51b7115535
Debian Security Advisory 2800-1
Posted Nov 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2800-1 - Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-5605
SHA-256 | f80c6fc4a8ef5c52c6f5c13383f4c4b79773a88280a6478b8a2c3b12073ca5fc
Red Hat Security Advisory 2013-1763-01
Posted Nov 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1763-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
SHA-256 | 94602687dfe230a8f38b662786c823e24d043fb7a357ccc9fb03fb0ae8c5a237
Red Hat Security Advisory 2013-1764-01
Posted Nov 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1764-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
SHA-256 | 00d43abf0a3546711d0711a5ec5c75bc3a8f3b962ebe380f5589285b7d3d941d
Red Hat Security Advisory 2013-1762-01
Posted Nov 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1762-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operation Network configuration files, for both the server and the agent, were world readable by default. A malicious local user could possibly read sensitive information regarding the installation, including various authentication credentials. This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-4452
SHA-256 | 4181ab416ac2e7466f3f2fc0b2021f0561f5ddec2bb35696ce1375939bb7c123
Mandriva Linux Security Advisory 2013-284
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-284 - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service via a large value to the aligned_alloc functions. A stack overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to this affects AF_INET6 rather than AF_UNSPEC. The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788
SHA-256 | 00fea704bf1f1055d112be7b211b292f2d6fed3a9a06d1f22b451064014e9b25
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close