exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 80 RSS Feed

Files Date: 2012-06-20 to 2012-06-21

Secunia Security Advisory 49584
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Hupsis Media Gallery plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 0f534606c652b216373d194d699760fa24a172649e214b3231608827d0479546
Secunia Security Advisory 49604
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for qt. This fixes two vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks and compromise an application using the library.

tags | advisory, spoof, vulnerability
systems | linux, redhat
SHA-256 | 5466d014ebd8586b4a7c56bc73879ad89a4a0cbbc367166b50d1a46585142114
Secunia Security Advisory 49562
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for 389-ds-base. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | cb9ce8d9ac43fef9886b83bc16144c876313bbcef27dd01b8a0e2024bbb474cc
Secunia Security Advisory 49603
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for rsyslog. This fixes a vulnerability, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, local
systems | linux, redhat
SHA-256 | f7f3839fd290059e79cd770e9dfc1b4dc348b05d7a15d30ecd65e75e10b45c71
Secunia Security Advisory 49594
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | 4f134ec321429f0a29ebc0375e9a786b143ecc2a05fbcc159c360fb3189a8d5b
Secunia Security Advisory 49636
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform, JBoss Enterprise Web Platform, and JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, web
systems | linux, redhat
SHA-256 | 277bc58fafe3b7ff9a1e9a47ee844974ad4e0b2b13d2686e135b5f4763ecaf8c
Secunia Security Advisory 49579
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a weakness and a security issue, which can be exploited by malicious, local users to disclose system and sensitive information and cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, redhat
SHA-256 | e911b801fad74c9a98560eb9c963ad85f2a74a0237eeaedaee01cbf00812130b
Secunia Security Advisory 49596
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 9cfb18e4f91676c287481d2b23657dc09a9b657a9d0cab3809d2effb304dbc33
Secunia Security Advisory 49569
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability, xss
systems | linux, redhat
SHA-256 | bce1c5415afa8ea6599c3f99da383818194b1c47735bf195ababac46763c816c
Secunia Security Advisory 49597
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 6a73883ca2f2183be4e6a1725ba132f4e2463077626386f0e045d19403127311
Secunia Security Advisory 49598
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php-pecl-apc. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, php, xss
systems | linux, redhat
SHA-256 | 61a6e36048021fcfaf393ac4c6ade8d2d0fcabd3f4932e9d2213fd4296a1ce2c
Secunia Security Advisory 49560
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability, xss
systems | linux, redhat
SHA-256 | 64159fc2c3f6c934b5fe85f2c1e541aede8051d22002c60170d81ee4a2ca22f7
Bluelog Bluetooth Scanner/Logger 1.0.4
Posted Jun 20, 2012
Authored by Tom Nardi | Site digifail.com

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.

Changes: This large update features many internal improvements and a completely new Bluelog Live CGI module. Performance on OpenWRT and the Pwnie Express Pwn Plug was improved.
tags | tool, web, wireless
systems | unix
SHA-256 | e53fd2776af93ae71e5b5689f73a3780e892b2167d39240548d98d219eb2a863
Microsoft Internet Explorer Col Element Remote Heap Overflow
Posted Jun 20, 2012
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing "Col" elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2012-1876
SHA-256 | 58b473d4348bb610fc06c374fb2c748a08cf5103cd4a273b9e7f79bc45b2b21e
Microsoft Internet Explorer GetAtomTable Remote Use-After-Free
Posted Jun 20, 2012
Authored by VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
advisories | CVE-2012-1875
SHA-256 | 8e4efee72018e74d74bd0e481367967504569eb75b76d4050a7fef60ffc11887
Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
Posted Jun 20, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2011-2110, OSVDB-48268
SHA-256 | e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972
Microsoft Internet Explorer CollectionCache Remote Use-After-Free
Posted Jun 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
SHA-256 | e3d29879255e1ff2003388a8d7447ab0c086cfdc1cb25b9bc5b4605cfe1e6951
HP Data Protector Client 6.11 / 6.20 Remote Code Execution
Posted Jun 20, 2012
Authored by Ben Turner

HP Data Protector client versions 6.11 and 6.20 suffer from an EXEC_CMD remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2011-0922, OSVDB-72525
SHA-256 | 5d34993adf845edd6d894d448162c3ced97c1186b2c7b70f5c29bfbe0a5da886
Samsung AllShare 2.1.1.0 NULL Pointer
Posted Jun 20, 2012
Authored by Luigi Auriemma | Site aluigi.org

Samsung AllShare versions 2.1.1.0 and below suffer from a NULL pointer vulnerability. Proof of concept utility included.

tags | exploit, proof of concept
systems | linux
SHA-256 | 83cd80b6e2edbb33b8a4976ea647724003619c7fb8d84f66b2a16fcef95d2296
Sysax 5.62 Admin Interface Local Buffer Overflow
Posted Jun 20, 2012
Authored by Craig Freyman

Sysax versions 5.62 ad below administrative interface local buffer overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell, local
SHA-256 | 7efb7cd16bdaabc3ae5c671cbe33491c4a4f524a9fb6e3dd1b168c19d3339372
vBulletin 4.2.0 Cross Site Scripting
Posted Jun 20, 2012
Authored by Sangteamtham

vBulletin version 4.2.0 suffers from a persistent cross site scripting vulnerability in the calendar section.

tags | exploit, xss
SHA-256 | e7d9b6e67ae5c903fc89ea7cf816b833e7afba6a2dabbdf3f503d0c45e30bc9a
Ubuntu Security Notice USN-1482-2
Posted Jun 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1482-2 - USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-1459, CVE-2012-1458
SHA-256 | d71f6c0e933ef9f027c20f83737f0ac412df02c939b1661f6397cd5b0a8f8471
Ubuntu Security Notice USN-1481-1
Posted Jun 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1481-1 - It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. Various other issues were also addressed.

tags | advisory, remote, denial of service, php, file upload
systems | linux, ubuntu
advisories | CVE-2012-0781, CVE-2012-1172, CVE-2012-2143, CVE-2012-2317, CVE-2012-2386, CVE-2012-0781, CVE-2012-1172, CVE-2012-2143, CVE-2012-2317, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386
SHA-256 | ef532b3bed02d20d59b37b0ac7ce3245a50645818f614071e2b2ed22dce3926e
Red Hat Security Advisory 2012-1013-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1013-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-1167
SHA-256 | 00999837f17b1b0b26b7d6c7ae3e33974a469610cd0c968e5f9c9ec652967eac
Red Hat Security Advisory 2012-1012-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1012-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0036 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | 106f6909d35fc9d2c45a96191a20b629c3f0868b4f173b821e361478e556f98f
Page 3 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    8 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close