exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 54 RSS Feed

Files Date: 2011-11-08 to 2011-11-09

Secunia Security Advisory 46755
Posted Nov 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | windows
SHA-256 | 108f782397bed85614bca238459238a301e0edba19302d2e8b7e2dd06ffa54e0
Secunia Security Advisory 46752
Posted Nov 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | windows
SHA-256 | 5fa18dee8a23f4dd9c3d4620b0383abf2aae10dfa345dc72de5c79a3b0194145
Secunia Security Advisory 46745
Posted Nov 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | aaca5db8313ec7c969af6bcc33c016aa9b9dabfeca0b23a26322ed296e66bb84
Secunia Security Advisory 46751
Posted Nov 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | windows
SHA-256 | e2dc95897ae830a032c9f444639c769c881553b49bb92e1a75bc7872f4ada857
Secunia Security Advisory 46737
Posted Nov 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, local, vulnerability, xss
systems | linux, redhat
SHA-256 | 0b945c898d41127e6452e0f0eb1fb1c9a47caef4c089890d5b1af5d1308a25fa
Debian Security Advisory 2339-1
Posted Nov 8, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2339-1 - This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority.

tags | advisory
systems | linux, debian
advisories | CVE-2011-3640
SHA-256 | 17ceb4d0d27958d7c1219f07d766ebb9d2a0826f55687a1845ec046371292e0a
Zero Day Initiative Advisory 11-327
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3161
SHA-256 | dcedd1f5279bffe71ebb152a88eb1b63bd0865f88191f86b8f3a11151ef3fbff
Zero Day Initiative Advisory 11-326
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3156
SHA-256 | e6eddd47fde61c73171a1ff9441f02b3a3b7138176b3ee3341926af2f8e1a4d8
11in1 CMS 1.0.1 CRLF Injection
Posted Nov 8, 2011
Authored by LiquidWorm | Site zeroscience.mk

11in1 CMS version 1.0.1 suffers from a CRLF injection vulnerability in do.php.

tags | exploit, php
SHA-256 | f955da4bcc0d2a2181fafefc2785bbcf833286c9799a1b16d67159fc577d0490
Merethis Centreon 2.3.1 Code Execution
Posted Nov 8, 2011
Authored by Christophe de la Fuente | Site trustwave.com

The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6df
Zero Day Initiative Advisory 11-325
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3157
SHA-256 | b753b691cd1b19ea83db5b584c5ac867c8bd729ca136c92caeaff9f8f00df1bf
strongSwan IPsec Implementation 4.6.0
Posted Nov 8, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The libstrongswan plugin system now supports detailed plugin dependencies. Many plugins have been extended to export their capabilities and requirements. This allows the plugin loader to resolve the plugin loading order automatically, The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards. The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edc
Stunnel SSL Wrapper 4.47b1
Posted Nov 8, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: This release adds Unix socket support and a new certificate verification mode to ignore the CA chain and only verify the peer certificate. It also includes some performance and scalability optimizations, and compilation bugfixes.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
SHA-256 | d12d3d92de6801d03d0dd0bd9b58d169489120f7770e5ac648165b8f34080b14
X Certificate And Key Management 0.9.1
Posted Nov 8, 2011
Authored by Kerstin Steinhauff, Christian Hohnstadt, Geoff Beier, Ilya Kozhevnikov, Wolfgang Glas | Site xca.hohnstaedt.de

XCA is an interface for managing RSA and DSA keys, certificates, certificate signing requests, revocation lists and templates. It uses the OpenSSL and Qt4 libraries. Certificates and requests can be created and signed and many x509v3 extensions can be added. XCA supports multiple root and intermediate Certificate authorities. The CAs can be used to create CRLs and extend certificates. The following file-formats are supported: PEM, DER, PKCS#7, PKCS#8, PKCS#10, PKCS#12, and SPKAC.

Changes: This release adds search functionality for PKCS#11 libraries, allows display of x509v3 extensions as columns in the certificate and request list, and supports exporting of requests and certificates as openssl config files. It also fixes some bugs.
tags | tool, root, encryption
systems | unix
SHA-256 | e5562d9af4e03e5e730a85a9ca4eb80386288f18f84de24bb9ff0dfcc7110cbc
Haveged 1.3a
Posted Nov 8, 2011
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: Small fixes to the 1.3 version for PPC.
tags | tool
systems | linux, unix
SHA-256 | 0430cbeffd0dea31dbe300f7b88c532a2d046e336c7d0ce5e1ef84858179595b
Zero Day Initiative Advisory 11-324
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3158
SHA-256 | a611921b0513771a9fdffc7fbbcae2b2d851adf225a777e615d2e31f0d6ce680
Saints Row Cross Site Scripting
Posted Nov 8, 2011
Authored by Codeine

Saints Row suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d27711aad2dbe6c2769dcc664cbd043dff170e143ebee0fa872c294fbfffc8cc
Zero Day Initiative Advisory 11-323
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3159
SHA-256 | 76bbeb241f7d9a97571c3c8254a8ec18e70281fa8a97e1f0917cd03c13a434b0
Hotfm.com.my Cross Site Scripting
Posted Nov 8, 2011
Authored by Ryuzaki Lawlet

Hotfm.com.my suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1ff5c6757a580f641bd1f69910260003a1aeff414dbfd0c1ae2e2bf357f7d6c3
ARCS Solutions SQL Injection
Posted Nov 8, 2011
Authored by Kalashinkov3

ARCS Solutions suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5fadd5c1f4fd932c1ecbf5128df77baf0294e6206386fb96f3c493439c8d7b58
PBCSTechnology SQL Injection
Posted Nov 8, 2011
Authored by Kalashinkov3

PBCSTechnology suffers from a remote SQL injection vulnerability in articlenav.php.

tags | exploit, remote, php, sql injection
SHA-256 | f53703310acbd7faf9bbc718b93d264ace027fd75e7c6cb382fd44ac1b853f20
Zero Day Initiative Advisory 11-322
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3160
SHA-256 | 6a74ac0937627315840074635634fc8916adb3f1765ec2c6c4f7a632a54c4f61
Zero Day Initiative Advisory 11-321
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3162
SHA-256 | 6bcd7459335c9a7f66cc29ce7e4dc243db4ff465bd47ad13d99aba40151ce33c
Debian Security Advisory 2338-1
Posted Nov 8, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2338-1 - Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning.

tags | advisory, xss, info disclosure
systems | linux, debian
SHA-256 | d1a38c8c610f5989c5daf1016596ede2b2c096ec660b728073b0146832b7074a
Zero Day Initiative Advisory 11-319
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-319 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within \Program Files\Common Files\InstallShield\ISGrid2.dll. If the bstrReplaceText parameter exceeds its statically-allocated length then a buffer overflow will occur. This can be exploited to execute arbitrary code on the system in the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-3174
SHA-256 | 3eacac84513b91a50fb4fc056becf5fa6d034716f1cc6215002d8ad0fd4f0d3f
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close