what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 52 RSS Feed

Files Date: 2012-01-06 to 2012-01-07

Secunia Security Advisory 47438
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes two weaknesses and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | 13cdcecade6e2dbf996b8f8225b70c260e4eb4c3f4fdbb4a987e15223a9366ff
Secunia Security Advisory 47422
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Julio Potier has discovered a vulnerability in the WPtouch plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 072ebf978b4858c39caf0f027ed157fd5ed523717bfe7cf508f391aa655ed0c4
Secunia Security Advisory 47423
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious users to potentially compromise a vulnerable system and by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | f68ce6dec898368177945344af4e019f76ff53eb85754bfa04a69ddd014067ad
Secunia Security Advisory 47385
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for phpMyAdmin. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, conduct cross-site scripting attacks, manipulate certain data, potentially perform certain actions with escalated privileges, and compromise a vulnerable system and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, conduct cross-site scripting and script insertion attacks, and compromise a vulnerable system.

tags | advisory, vulnerability, xss
systems | linux, gentoo
SHA-256 | 231127dd7c2038aa139f43b0054e3018f84f106d8ec8fb289f0bb902260a9eb8
Secunia Security Advisory 47435
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in spamdyke, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | 697d488a1ae6a577063335c43e17b675e773afd23db22a1ec31bd119665bdc84
Secunia Security Advisory 47460
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for seamonkey. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 77b764b58d49a0570947c19dbc89396ee68c646dc04c1ba5d938392eabc6a775
Secunia Security Advisory 47448
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in ImpressCMS, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability, xss
SHA-256 | d7693eed2983eeb44f32fe53718f46605cebbaa8491e9ff4828b704dd65dc5ec
Secunia Security Advisory 47433
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for net6. This fixes two weaknesses, which can be exploited by malicious people to disclose certain information and conduct session hijacking attacks.

tags | advisory
systems | linux, suse
SHA-256 | a92568dfb15b3938fbecd8be0c7c645e394972c2755c2c81db6bc261178ac540
Secunia Security Advisory 47400
Posted Jan 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Soroush Dalili has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 59a09893bab1b6fc2eb23e29ac96b3fb3fe90884f5b69690205588916d0c7f36
Zero Day Initiative Advisory 12-007
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-07 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.

tags | advisory, remote, arbitrary, udp, tcp
SHA-256 | ea96b549e09cd704a7b40d96634ef9cbe1cd292041c6582106a2ea09a6ab01d9
Linux IPTables Firewall 1.4.12.2
Posted Jan 6, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: A handful of fixes were made in the option parser. Additional pkgconfig files are now available for libiptc.
tags | tool, firewall
systems | linux
SHA-256 | 09fff7dfe6af95675474fd5d0fc67622fac5a0f3d6e02ee614deae9a2e5dae13
WiRouter KeyRec 1.1.1
Posted Jan 6, 2012
Authored by Salvatore Fresta | Site salvatorefresta.net

WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Changes: Fixed a NULL pointer.
tags | tool, wireless
SHA-256 | bce27453f02c02f20bdac7ce6ba31415511eea8cd3c25e718070c3103dde359b
Conntrack Tools 1.0.1
Posted Jan 6, 2012
Authored by Pablo Neira Ayuso | Site conntrack-tools.netfilter.org

conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

Changes: Support for mark masks was added.
tags | tool
systems | linux
SHA-256 | 1e5769a17ed17e1e8886a1807af00acda4cceec996d194f0519d922e41655380
Stev.Org Sniffer
Posted Jan 6, 2012
Authored by James Stevenson | Site stev.org

This sniffer has an ncurses user interface, network statics for many different protocols, a view into active TCP connections, UDP packets, ICMP packets, and more.

tags | tool, udp, sniffer, tcp, protocol
systems | unix
SHA-256 | 20edb03065ae08c88c2ecc1b5358f2f44567966ddbd835acba99e4890c9e55dd
Gentoo Linux Security Advisory 201201-02
Posted Jan 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-2 - Multiple vulnerabilities were found in MySQL, some of which may allow execution of arbitrary code. Versions less than 5.1.56 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4028, CVE-2009-4484, CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2008, CVE-2010-3676, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837
SHA-256 | 117eb25ee6c51f621745264b1ef7083b0a2c6153fdaa4646571449649e0c610d
Ubuntu Security Notice USN-1320-1
Posted Jan 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1320-1 - Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3504, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
SHA-256 | a9a389e4bfa1f5d2695f6a9028933605018f3a4717dcf6326716b24471d670a2
Zero Day Initiative Advisory 12-006
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-06 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.

tags | advisory, remote, arbitrary, udp
SHA-256 | 1b5e1a40d6210253da4b7c94959a2c7bb44c0bb8f0222374730afb689923cbdb
SQLiteManager 1.2.4 Cross Site Scripting
Posted Jan 6, 2012
Authored by Stefan Schurtz

SQLiteManager version 1.2.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9aa266bb27704b328052415937233316e106b727e6fedab83de474435a3e1b00
Ubuntu Security Notice USN-1319-1
Posted Jan 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1319-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2203, CVE-2011-3353, CVE-2011-4110
SHA-256 | cf433034812eca3e099f479bd4f30350a24a46e7fb72afaa398d4c9de13febd7
VertrigoServ 2.25 Cross Site Scripting
Posted Jan 6, 2012
Authored by Stefan Schurtz

VertrigoServ version 2.25 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a5557bbced72141c92803d43a3b11f07fb68e7e147cb877b4d56f06a19953247
Zero Day Initiative Advisory 12-005
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-05 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2011-3248
SHA-256 | dd3b7d23e4891a7f15ce50c21b24b00e7bddcd2c6234ca87745299356ebbe00e
Ggb Guestbook 0.3.1 Cross Site Scripting
Posted Jan 6, 2012
Authored by demonalex

Ggb Guestbook suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e4313dfb46979cc6f2d7f43549305ecbe77daaa1dd8b4ae1e1bf7e96c0701294
Ubuntu Security Notice USN-1318-1
Posted Jan 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1318-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2203, CVE-2011-4110
SHA-256 | c8bf308a581721107ff31d371b830caabd1b4454264b20c39014d835df3dd5de
Zero Day Initiative Advisory 12-004
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2011-3250
SHA-256 | 2edc88329e923b8a93d308b0138bc35600e08ff9cac81a54aeadcab08232019f
Zero Day Initiative Advisory 12-003
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-03 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. When processing crafted parameters, there exists an insufficient boundary check before supplying a format string with the values, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.

tags | advisory, remote, overflow, arbitrary, cgi
advisories | CVE-2011-3166
SHA-256 | 7280ee72fc8a2afbe65725493fa36e91a74ef66d4970ce823327f1cd22626da6
Page 2 of 3
Back123Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close