all things security
Showing 26 - 45 of 45 RSS Feed

Files Date: 2012-02-22 to 2012-02-23

Secunia Security Advisory 48104
Posted Feb 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for vixie-cron. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, redhat
MD5 | 64344a817dbe3e86a42ed3c4bb9a1421
Secunia Security Advisory 48091
Posted Feb 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for horde3-dimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.

tags | advisory, vulnerability, xss
systems | linux, suse
MD5 | 8d7ca1f9bb3a4435fcf4bb04c26183a7
Secunia Security Advisory 48105
Posted Feb 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a weakness, which can be exploited by malicious, local users to disclose system and sensitive information.

tags | advisory, local
systems | linux, redhat
MD5 | 2f289594183c7ec5b96457e84998e709
Secunia Security Advisory 48095
Posted Feb 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libvorbis. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, ubuntu
MD5 | a5c441937d8c06ae9d97d37f236c66ba
strongSwan IPsec Implementation 4.6.2
Posted Feb 22, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
MD5 | b25956639dcd31137e4ec6372376fcc2
LiveHelpNow Chat Cross Site Scripting
Posted Feb 22, 2012
Authored by Sony

LiveHelpNow Chat suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f0d6435b432b147e5d01bb51278ddf1d
ForkCMS 3.2.5 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 22, 2012
Authored by Ivano Binetti

ForkCMS version 3.2.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f95ba16fde46ce9beeb3d2eafc1cb7b1
WordPress SB Uploader Shell Upload
Posted Feb 22, 2012
Authored by JingoBD

WordPress SB Uploader suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 3eb9558eb53ca8ad398ddb62e1589a2b
Oxwall 1.1.1 Cross Site Scripting
Posted Feb 22, 2012
Authored by Ariko-Security

Oxwall version 1.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-0872
MD5 | 2833359cc8b5690bd689eb2e7d7a6ff3
Mercurycom MR804 Router Denial Of Service
Posted Feb 22, 2012
Authored by demonalex

Mercurycom MR804 Router version 3.8.1 Build 101220 Rel.53006nB suffers from a denial of service vulnerability when fed multiple HTTP headers.

tags | exploit, web, denial of service
MD5 | ccff62db643c371d665060ad46a55c72
SocialCMS Cross Site Scripting / SQL Injection
Posted Feb 22, 2012
Authored by Eyup CELIK

SocialCMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 2bf5eb850e7a2948ca20c89039bf1801
CMS Wizard Cross Site Scripting
Posted Feb 22, 2012
Authored by XaDaL

CMS Wizard suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a2fe2694ae0368ca2afcbeead1b7dc7c
Cisco Linksys WAG54GS Cross Site Request Forgery
Posted Feb 22, 2012
Authored by Ivano Binetti

The Cisco Linksys WAG54GS ADSL router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
systems | cisco
MD5 | 09281365d9ad97398e761ef6ef5a3f31
P-Chat 0.9 Cross Site Scripting
Posted Feb 22, 2012
Authored by Eyup CELIK

P-Chat version 0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e5e8e2059957ba21bdc39b460e71b99d
DNSChef 0.1
Posted Feb 22, 2012
Authored by Peter Kacherginsky | Site thesprawl.org

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

tags | local
systems | unix
MD5 | 0dcad8933e04efce64187a13fb94ed54
Red Hat Security Advisory 2012-0324-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | tool, local
systems | unix
advisories | CVE-2012-0841
MD5 | 8831c464a231316b4517c58945746961
Red Hat Security Advisory 2012-0323-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2012-0031, CVE-2012-0053
MD5 | 77c4cfb8bb62be5e7bd606ced059230b
Red Hat Security Advisory 2012-0322-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
MD5 | 473e80bd093b7ae7ca3e8a64183abe37
Red Hat Security Advisory 2012-0321-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0804
MD5 | 8e263449a4aa178ec92acfc196ecd220
Gentoo Linux Security Advisory 201202-02
Posted Feb 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1674, CVE-2010-1675, CVE-2010-2948, CVE-2010-2949, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327
MD5 | 4d8923366c8753d343a0e1c836425e33
Page 2 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close