accept no compromises
Showing 26 - 50 of 51 RSS Feed

Files Date: 2012-06-22 to 2012-06-23

Secunia Security Advisory 49637
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for mono and mono-debugger. This fixes multiple security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, disclose sensitive information, bypass certain security features, and potentially compromise a user's system.

tags | advisory, local, spoof, vulnerability
systems | linux, gentoo
MD5 | eb85b74e0fa819754e18f556d99171b1
Secunia Security Advisory 49640
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for pidgin. This fixes some weaknesses and a vulnerability, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
MD5 | 423a55ddd09f053e5f6a329e13559d38
Secunia Security Advisory 49667
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, gentoo
MD5 | 9562794c6d36f8cebcffdfcb0a27e97e
Secunia Security Advisory 49530
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Interspire Shopping Cart, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | af4ba0632717eef358975a54ccf1cb59
Secunia Security Advisory 49672
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 0d1024e2601b3d7900ec1436c1c9fbec
Secunia Security Advisory 49576
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | bbbc7ea30630fb01679e8c3ecd9189e5
Zero Day Initiative Advisory 12-100
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PMParamHandler component of Performance Manager, which is served via an Apache Tomcat instance that listens on TCP port 8081. The process receives a filename from a remote user and performs insufficient validation of the provided file path. Additionally, the user can specify an arbitrary extension due to premature truncation resulting from an embedded null byte. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could lead to a directory traversing arbitrary file write and ultimately remote code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2012-0127
MD5 | e0ecc2f40fb7adbecf8705a83c0844ea
Zero Day Initiative Advisory 12-099
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-099 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the heap. This can lead to a heap-based buffer overflow and allows for code execution under the context of the service.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-4165
MD5 | 5d5d2e31ed3d4dc37b66826dd5bf995f
Zero Day Initiative Advisory 12-098
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, arbitrary, activex
MD5 | f2669b225359b586412f94f788cd1f8a
Zero Day Initiative Advisory 12-097
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x320 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2012-0121
MD5 | 9d89e37f8e57811c48170044bcb8b22a
Lattice Diamond Programmer Buffer Overflow
Posted Jun 22, 2012
Authored by Core Security Technologies, Ricardo Narvaja, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.

tags | exploit, remote, arbitrary
advisories | CVE-2012-2614
MD5 | a39d8e7293fe16989f7c5c83b4655775
Cotonti 0.6.23 SQL Injection
Posted Jun 22, 2012
Authored by Akastep

Cotonti version 0.6.23 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8792fef5c37d6c8a639c4c00c045bf44
Zero Day Initiative Advisory 12-096
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2012-0122
MD5 | e47d977f187f81eb79d435229a143c71
Zero Day Initiative Advisory 12-095
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-095 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the transform attribute the code within QuickTime3GPP.qtx does not properly validate the length of the data within a translate or matrix object before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2012-0663
MD5 | 6a5eb4839af2244bab3c6bb6cb14c0fc
Zero Day Initiative Advisory 12-094
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-094 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the GetNameValuePair() function calls strcpy, there is an unbounded copy into a stack buffer, which can lead to stack memory corruption. An attacker can leverage this vulnerability to execute code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0942
MD5 | 8cd9153298f172bd8b8ce6eacc68c53d
Infrastructure Resources LLC SQL Injection
Posted Jun 22, 2012
Authored by the_cyber_nuxbie

Infrastructure Resources LLC suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c928da50ab3e623522c79ecd99073e5b
CMS Lokomedia 1.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jun 22, 2012
Authored by the_cyber_nuxbie

CMS Lokomedia version 1.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b469ebaa3884616c7caceebd0e79bd89
Bitweaver CMS 2.8.1 Cross Site Scripting
Posted Jun 22, 2012
Authored by $1l3n7 @$$@$$17

Bitweaver CMS version 2.8.1 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4cfbb6114639f45cea20f1a446bb97f3
Red Hat Security Advisory 2012-1028-01
Posted Jun 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4605, CVE-2012-2377
MD5 | f4223462f7d2e9bd3b1bd17e95346ce5
Gentoo Linux Security Advisory 201206-13
Posted Jun 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-13 - Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.8.1-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0217, CVE-2010-3332, CVE-2010-3369, CVE-2010-4159, CVE-2010-4225, CVE-2010-4254, CVE-2011-0989, CVE-2011-0990, CVE-2011-0991, CVE-2011-0992
MD5 | ae4528f30f4c7ae0cfd7885d7b772e87
Gentoo Linux Security Advisory 201206-12
Posted Jun 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-12 - A vulnerability was found in tftp-hpa, which leads to remote execution of arbitrary code. Versions less than 5.1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2011-2199
MD5 | b05f934d4752b8fbbea52f0668f520cd
Gentoo Linux Security Advisory 201206-11
Posted Jun 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-11 - Multiple vulnerabilities were found in Pidgin, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.10.0-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-0013, CVE-2011-2485, CVE-2011-3594
MD5 | a3b9d13e0248a54b1fe94abc2d1eba7c
Gentoo Linux Security Advisory 201206-10
Posted Jun 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-10 - Multiple vulnerabilities have been found in ejabberd, the worst of which allowing for remote Denial of Service. Versions less than 2.1.9 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2010-0305, CVE-2011-1753, CVE-2011-4320
MD5 | 5b439b072bbd2ea25e6474a89d4e8e4c
Gentoo Linux Security Advisory 201206-09
Posted Jun 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-9 - Multiple vulnerabilities have been found in MediaWiki, the worst of which leading to remote execution of arbitrary code. Versions less than 1.18.2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2787, CVE-2010-2788, CVE-2010-2789, CVE-2011-0003, CVE-2011-0047, CVE-2011-0537, CVE-2011-1579, CVE-2011-1580, CVE-2011-1766, CVE-2011-1766, CVE-2012-1578, CVE-2012-1579, CVE-2012-1580, CVE-2012-1581, CVE-2012-1582
MD5 | 0557b7f4506aa557f7f92c8542c23f2f
WordPress Schreikasten 0.14.13 Cross Site Scripting
Posted Jun 22, 2012
Authored by Henry Hoggard

WordPress Schreikasten version 0.14.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7ef2a77bfb51735998bb1559dedba87e
Page 2 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close