what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-12-11

Lynis Auditing Tool 1.3.7
Posted Dec 11, 2013
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: FileExists() and SearchItem() functions were added. The yum-security check and iptables binary check were improved, and the report was extended to show which tests have been executed or skipped.
tags | tool, scanner
systems | unix
SHA-256 | 29b119f93755e76b24c292f58469247b7ed3c593f1fcdc6b314b9c6e6d715139
HP Security Bulletin HPSBPI02945
Posted Dec 11, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02945 - A potential security vulnerability has been identified with HP Officejet Pro 8500 (A909) All-in-One Printer. The vulnerability could be exploited to allow cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2013-4845
SHA-256 | b35d3e26c887cc8ced416f5a609f91e7caa6519c7d6912a6951f58c370a236b8
HP Security Bulletin HPSBUX02944
Posted Dec 11, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02944 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818
SHA-256 | 9e4e72fa0d68d78d12e2dca17b344d718317f33ab7e2a0548b43475b3fc95a2a
HP Security Bulletin HPSBUX02943
Posted Dec 11, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02943 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825
SHA-256 | 0b06219b99634e2760b32a91db4192e4ffbc72b3b3d7c83e3979ed1cc7fe4be5
Red Hat Security Advisory 2013-1815-01
Posted Dec 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1815-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6420
SHA-256 | bcd0697b2635538663653e7ec4d16dcebac059d0efa3b56042b720b77fdd07d1
Red Hat Security Advisory 2013-1813-01
Posted Dec 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1813-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6420
SHA-256 | 2ed3a5238acb93b671efe0450e767b6c5b0faacc0e027c813efd637c3d21c496
Red Hat Security Advisory 2013-1814-01
Posted Dec 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1814-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-1398, CVE-2012-2688, CVE-2013-1643, CVE-2013-6420
SHA-256 | a4e1d08541902fd7fe4e90fbe8ae7921cd07ad583ab8f09120fdca658d4ada1c
Red Hat Security Advisory 2013-1812-01
Posted Dec 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1812-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting attacks.

tags | advisory, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2013-5609, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671
SHA-256 | 040943e2a4cdfeb053110f692259e15bb3c72d087ba11c91c00263aeb9430f21
IcoFX 2.5.0.0 Buffer Overflow
Posted Dec 11, 2013
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Core Security Technologies Advisory - IcoFX is prone to a (client side) security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file. Version 2.5.0.0 for Windows is affected.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2013-4988
SHA-256 | e6dff7d349a0e93cb8dcc794915fdfde76e566041ccccf904fc0244c16a59b12
Android Collapses Into Fragments
Posted Dec 11, 2013
Authored by Roee Hay

This paper presents a newly discovered vulnerability in the Android Framework which breaks its sandbox environment. This vulnerability affects many Android applications including ones which are bundled with every Android device. The vulnerability has been patched in Android KitKat.

tags | advisory, paper
SHA-256 | 8f72a7311a831bdaa7811567902e82d2dd42a9aadddb39fc579d481b96535d75
Veno File Manager Arbitrary File Download
Posted Dec 11, 2013
Authored by Daniel Godoy

Veno File Manager suffers from an arbitrary file download vulnerability. The vendor has contacted Packet Storm and has noted that this has been addressed starting in version 1.0.3.

tags | exploit, arbitrary
SHA-256 | 80512b799f75ba354914c5888ab9ecd01e3b541be21758a5632997f5fbc2d7a1
Microsoft Security Bulletin Release For December, 2013
Posted Dec 11, 2013
Site microsoft.com

This bulletin summary lists 11 released Microsoft security bulletins for December, 2013.

tags | advisory
SHA-256 | 8bb3daca53ba46ceee67926f5131473ca900264a4bd75c1c15d7f9d78936fa18
HP LoadRunner EmulationAdmin Web Service Directory Traversal
Posted Dec 11, 2013
Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 11.52 of HP LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically in the copyFileToServer method, allowing to upload arbitrary files. This Metasploit module has been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2.

tags | exploit, web, arbitrary
systems | windows
advisories | CVE-2013-4837, OSVDB-99231
SHA-256 | 3ecfa30b0524d6d84a7b8d523d5b32e43379309197e84b8213bd82d2450eebc7
Adobe ColdFusion 9 Administrative Login Bypass
Posted Dec 11, 2013
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
SHA-256 | 09ebd63c7a46949c50bf462317ac70d7ecfe31f97bac6c746f870def7e83e007
Gentoo Linux Security Advisory 201312-08
Posted Dec 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-8 - An integer overflow vulnerability in WebP could lead to arbitrary code execution or Denial of Service. Versions less than 0.2.1 are affected.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2012-5127
SHA-256 | 5abe7d3448f23f069fb61d4f3a28864383adf5dd8fdf11a357985cbdb1c408c6
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close