the original cloud security
Showing 1 - 25 of 44 RSS Feed

Files Date: 2011-04-19 to 2011-04-20

Ubuntu Security Notice USN-1116-1
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1116-1 - Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0285
MD5 | 299298d64bd953fb3664cf2ce99db3f9
Debian Security Advisory 2221-1
Posted Apr 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2221-1 - Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework.

tags | advisory, web, perl
systems | linux, debian
advisories | CVE-2011-1589
MD5 | 41a34c0f92a53e444c6831b3d29071d7
Zero Day Initiative Advisory 11-140
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application manages a reference to an anonymous block located near a particular element within the document. When cloning this element, the application will duplicate a reference to the block and then later re-attach this element to the rendering tree. During this process the library will free the original rendering element. Subsequent access to the same element will then cause the library to use the freed object. This can be utilized to achieve code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
MD5 | e6134d287038f2a14940193b724fe8c2
Zero Day Initiative Advisory 11-139
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a frame element. When parsing a malformed document embedded inside an SVG document, the library will create an anonymous block around a frame element in the block's contents. When freeing this anonymous block via an assignment to the read-only .textContent attribute, a reference to one of the child elements will still exist. Accessing this child element can then lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
MD5 | 58ce78a9d539698015fb950bada2a586
Zero Day Initiative Advisory 11-138
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-138 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of a Frame element. When attaching this element to a document, the application will duplicate a reference of an anonymous block. When freeing the container holding the Frame element, the reference will still be available. If an attacker can perform an explicit type change of the contents the element this can then be leveraged to gain code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
MD5 | 51a100a3c0c3615e26b0d6f45da43666
Zero Day Initiative Advisory 11-137
Posted Apr 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.

tags | advisory, java, remote, web, arbitrary, tcp
advisories | CVE-2011-0807
MD5 | 9d50f6b9bdcbe9893b2a011239df710b
Universal Post Manager WordPress Plugin 1.0.9 XSS / Path Disclosure
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Universal Post Manager WordPress plugin version 1.0.9 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 61522a632676f72c3f9fc3b01d15cde9
Dalbum 1.43 XSRF / XSS / Path Disclosure
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Dalbum version 1.43 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
MD5 | c1db9610539e016ee538348d3911b880
Ubuntu Security Notice USN-1108-2
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1108-2 - USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem. Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation.

tags | advisory, arbitrary, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0997
MD5 | 0f6d04da6fb5b261da2af237e9d3b752
Ubuntu Security Notice USN-1115-1
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1115-1 - Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation.

tags | advisory, shell, local, root
systems | linux, ubuntu
advisories | CVE-2011-0729
MD5 | 2c3cb3638a2f16b24fdf4183aa18421a
Debian Security Advisory 2220-1
Posted Apr 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2220-1 - Several vulnerabilities were in Request Tracker, an issue tracking system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-1685, CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, CVE-2011-1690
MD5 | 0a0b9d7b528565a6bc4d7c47fab761d8
HP Security Bulletin HPSBMA02659 SSRT100440
Posted Apr 19, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02659 SSRT100440 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized access to NNMi processes. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, hpux
advisories | CVE-2011-1534
MD5 | 1f025b8c48d95645a97dbccc248c7c9d
ChatLakTurk PHP Botlu Video Cross Site Scripting
Posted Apr 19, 2011
Authored by kurdish hackers team | Site kurdteam.org

ChatLakTurk PHP Botlu Video suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 7909cdb41afd1c2b8066debbc9115c68
IBM Tivoli Directory Server SASL Bind Request Remote Code Execution
Posted Apr 19, 2011
Authored by Francis Provencher

IBM Tivoli Directory Server suffers from a SASL bind request remote code execution vulnerability. Proof of concept is included.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2011-1206
MD5 | 9d89cf155a3af3900816888078709cbc
Adobe Flash Player Action Script Type Confusion
Posted Apr 19, 2011
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.

tags | exploit
systems | linux
advisories | CVE-2010-3654
MD5 | 8c9117c92f56abaea8f8297256c1fa1e
webSPELL 4.2.2a Cross Site Scripting / Path Disclosure
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

webSPELL version 4.2.2a suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 60980e8913f02523cd98ae82c2e75fce
SocialGrid WordPress Plugin 2.3 Cross Site Scripting
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

SocialGrid WordPress plugin version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 27ca1aea049b8eb93aa98e1b80b6355f
WP-StarsRateBox WordPress Plugin 1.1 XSS / SQL Injection
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WP-StarsRateBox WordPress plugin version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 0bfb0c26af1193e1082cdcd155986eeb
Universal Post Manager WordPress Plugin 1.0.9 SQL Injection
Posted Apr 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Universal Post Manager WordPress plugin version 1.0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9faebcc16e7c470db2906c3a14978109
Ocomon 2.0RC6 SQL Injection
Posted Apr 19, 2011
Site dclabs.com.br

Ocomon version 2.0RC6 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
MD5 | e0c873bf50eaa03f54660c0c22967ee9
ActiveCMS 1.2_dev Cross Site Request Forgery
Posted Apr 19, 2011
Authored by KedAns-Dz

ActiveCMS version 1.2_dev suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ad4016e068364b50d3ddaeabe9b189ea
e107 0.7.25_full Cross Site Scripting / Remote File Inclusion
Posted Apr 19, 2011
Authored by KedAns-Dz

e107 version 0.7.25_full suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
MD5 | 96b017a7d83ac6c1ba2204bcc77ff611
Old Dogs And New Tricks: Do You Know Where Your Handles Are?
Posted Apr 19, 2011
Authored by Brooke Stephens, Jeffrey Walton

This paper offers incremental research in the area of untrusted program input via synchronization handle manipulations. Unlike the Michal Zalewski paper on Delivering Signals for Fun and Profit, this paper focuses on the source of the Unix signal handlers. Tested were personal computers running Windows XP and Vista. The synchronization objects were mutexes and events, and the security software included products from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset, F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials), Nor- man, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend Micro.

tags | paper
systems | windows, unix, xp
MD5 | aac70063c0f24b89db81d54e930d2879
Wireshark 1.4.4 packet-dect.c Stack Buffer Overflow
Posted Apr 19, 2011
Authored by corelanc0d3r, sickness | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows, 7
advisories | CVE-2011-1591, OSVDB-71848
MD5 | a5deb27f59ac34243335eeaf00573514
Secunia Security Advisory 44176
Posted Apr 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for kdenetwork. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, ubuntu
MD5 | 9147ecea733c7f11c5b0c5f8b01436f9
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close