what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 46 of 46 RSS Feed

Files Date: 2011-10-13 to 2011-10-14

CalDAV SSL Certificate Validation
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.

tags | advisory, web
systems | cisco
advisories | CVE-2011-3253
SHA-256 | 1287538d9d82e32529c0d747e336f8c5ebf4984b6eb88af17ffa07e9b262328d
Procyon Core Server 1.06 Code Execution
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The coreservice.exe process in Procyon core server versions 1.06 and below contains a remotely exploitable memory corruption flaw which allows for remote code execution. The affected component is coreservice.exe, which listens on port 23, running as SYSTEM. Sending a long string will trigger the overflow.

tags | advisory, remote, overflow, code execution
SHA-256 | 922acef938ae8deb176229f5e0792d09103f2de6f8e5b7312b17de91b92ff373
Azeotech DAQFactory Shutdown
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The default configuration in Azeotech DAQFactory allows network connections towards the HMI without authentication. This allows an attacker on the network to shut down the machine running the HMI software by sending a simple packet.

tags | advisory
SHA-256 | 8a08b9d43fbf3ae9966c1c2359f63e48b085f95564403cf9d414af76d275d1b5
BugFree 2.1.3 Cross Site Scripting
Posted Oct 13, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

BugFree version 2.1.3 suffers from multiple cross site scripting vulnerabilities. It suffers from irony as well.

tags | exploit, vulnerability, xss
SHA-256 | c60ee26015ee452ddc89c1dba200e9cb312be731357aa51904113759519d530c
WordPress GD Star Rating 1.9.10 SQL Injection
Posted Oct 13, 2011
Authored by Miroslav Stampar

WordPress GD Star Rating plugin versions 1.9.10 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e676ac7843ceea20d50f6897d91a82a819ef6105541789732e869cfb90207f88
Mozilla Firefox Integer Overflow
Posted Oct 13, 2011
Authored by Matteo Memelli

Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.

tags | exploit, overflow
advisories | CVE-2011-2371
SHA-256 | b0d79a9af8ab6b14c5febfcb8aae8db449fcd6cc78eecbb021905dadaa2e2e0e
MyBB MyStatus 3.1 SQL Injection
Posted Oct 13, 2011
Authored by Mario_Vs

MyBB MyStatus version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 39508ce6c71cc6d5af9e49ec8e8ba1384226570a48528dc027b06b126a625e3c
Apple Security Advisory 2011-10-12-6
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-6 - Numbers for iOS version 1.5 is now available and addresses multiple arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | cisco, apple
advisories | CVE-2010-3785, CVE-2010-3786
SHA-256 | 20c88767fd92fafa245efd1b1fcfe2636e7206dff1dc34b8383101e56e63013a
Apple Security Advisory 2011-10-12-5
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-5 - Pages for iOS version 1.5 is now available and addresses an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
systems | cisco, apple
advisories | CVE-2011-1417
SHA-256 | 266ef02de7f6041b775e847d47f1381e09f83e7fc41a3cf6e1d001241a8a0efb
Apple Security Advisory 2011-10-12-4
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2011-1440, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827
SHA-256 | 67fb47bed169689d2b56f0956e295eec800ece4bedcb461b75b4e8685088f651
Apple Security Advisory 2011-10-12-3
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419
SHA-256 | 4d539896720bca2e48b218929a6c10484c83d72ac4b634adbd7f33f680f59ede
Apple Security Advisory 2011-10-12-2
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-2 - An Apple TV software update is now available and addresses credential interception, spoofing, information disclosure, and various other vulnerabilities.

tags | advisory, spoof, vulnerability, info disclosure
systems | apple
advisories | CVE-2011-0192, CVE-2011-0216, CVE-2011-0241, CVE-2011-3232, CVE-2011-3259, CVE-2011-3389, CVE-2011-3427
SHA-256 | af6991e6da4da4c4159318f8e75e42e744f9f6316d984aa5a8dddf7761727af1
Apple Security Advisory 2011-10-12-1
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-1 - An iOS 5 software update is now available. It addresses an SSL check in CalDAV, a script injection issue in Calendar, issues in CFNetwork, and 90+ other security issues.

tags | advisory
systems | cisco, apple
advisories | CVE-2011-0166, CVE-2011-0184, CVE-2011-0187, CVE-2011-0192, CVE-2011-0206, CVE-2011-0208, CVE-2011-0216, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0241, CVE-2011-0242, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117
SHA-256 | a8ca21bf61323da2e049fe8c2ba65cc9cae5928af38fbf284248eee54695f428
Core Security Technologies Advisory 2011.0106
Posted Oct 13, 2011
Authored by Core Security Technologies, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - Microsoft Publisher is a desktop publishing application from Microsoft that uses a proprietary file format (.pub). A vulnerability has been found in Publisher 2007, that can be leveraged by an attacker to execute arbitrary code by enticing users to insert a specially-crafted .pub file into a document.

tags | advisory, arbitrary
advisories | CVE-2011-1508
SHA-256 | 7393db4575d55c43a0190c93fc1da01edde0c4413669ca97163f00e3e4952ff0
AppSec 2012 Call For Papers
Posted Oct 13, 2011
Site appsecdc.org

OWASP is currently soliciting papers for the OWASP AppSec DC 2012 conference that will take place at the Walter E. Washington Convention Center in Washington, DC from April 2nd through the 5th.

tags | paper, conference
SHA-256 | ab66aab9fef37a67e514e370047afaf8c3b474b937be37c8c8880a3758f47f45
Destination Search 4.0 Access Bypass
Posted Oct 13, 2011
Authored by Drew Calcott | Site security-assessment.com

Destination Search version 4.0 suffers from a direct access administrative console access control bypass vulnerability.

tags | exploit, bypass
SHA-256 | 94625c8355bc2fae9c33a3f8254cda7413efe682d31a0d7e0d81ae0c106fbf26
Adobe FMS 3.5.6 / 4.0.2 Denial Of Service
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - Adobe Flash Media Servers (FMS) versions 3.5.6 and below and 4.0.2 and below suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2011-2132
SHA-256 | 7e626c6eab58c87b89031859246abce098102e446fc040aa85a6e11b9a71fbc7
Supermicro IPMI Default Accounts
Posted Oct 13, 2011
Authored by Floris Bos

The IPMI functionality of some Supermicro mainboards comes with two admin accounts by default but the manufacturer only notes that you should change the password for the ADMIN account. However, a second account, Anonymous, exists.

tags | exploit
SHA-256 | ebfaa994a643bb9852478e388c13bab8563b97143563b75575a02e698e38f9a1
WordPress Pretty Link 1.4.56 Cross Site Scripting
Posted Oct 13, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

The Pretty Link WordPress plugin version 1.4.56 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b8a6231299f9909e9f36612f11c7930a47c0083f4a5a518e260c1ae33316f76d
Supermicro IPMI Password Disclosure
Posted Oct 13, 2011
Authored by Floris Bos

The backup function for Supermicro IPMI backs up in a public web location allowing for remote disclosure.

tags | exploit, remote, web
SHA-256 | 42583bebbace18bd3c381adc7258e99cfb5dc554f8766ed82cd6b9eae89c36ca
Buffer Overflow Exploitation - SEH
Posted Oct 13, 2011
Authored by Khalil Ezhani

Whitepaper called Buffer Overflow Exploitation - SEH.

tags | paper, overflow
SHA-256 | d4773945a03214e61e08b72d1a503fffdf07e12cac2dba7b7d716c937d990401
Page 2 of 2
Back12Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close